sb-au logo
Story image

Securing SAP to ensure better operational security

08 Oct 2020

Article by Acclimation managing partner Cameron Sherrard.

Organisations’ intellectual property, financial information, and operational resilience are more at risk than ever, with the Australian government warning that cybercrime is a growing threat to the country. 

The widely reported nation-state cyberattacks on Australian organisations and governments, which also targeted political organisations, education, health, essential service providers and other ‘critical infrastructure’ in June 2020, have highlighted the increasing scale, frequency, and impact of such attacks. This is to say nothing of the recent New Zealand Stock Exchange attacks in August.

For organisations that rely on enterprise resource planning (ERP) software, this risk was further highlighted by reports in July of a critical vulnerability, known as CVE-2020-6287, within the SAP NetWeaver Application Server. 

Before being patched, the SAP vulnerability let cyber-attackers gain unrestricted access and control of organisational systems where they could read, modify and delete database records and files.

Deploying patches when security vulnerabilities are exposed and exploited in software is a critical step in securing an organisation’s data. However, securing information and systems is a process that needs to start long before these vulnerabilities are exposed to help limit potential risk and impacts. 

Improving cybersecurity is a business strategy that needs to be considered at every level to be effective. From investing in new technologies to harden environments, policies and procedures, regular training for all staff members on security processes, cybersecurity strategies need to be all-encompassing to deliver a healthy security posture.

In addition to strengthening security processes at an organisational level, investing in certified SAP Platform Security solutions can help to improve the security of SAP systems at a structural level but more importantly as an ongoing continuous security process improvement.

Increasing importance is being placed on the security of SAP systems due to heightened security risks, especially for Australian and New Zealand customers. Engaging the services and software from certified SAP Partners can ensure organisations receive continuous and ongoing protection of their SAP systems and data. 

Deploying secure technology that periodically scans, analyses and detects vulnerabilities at all relevant layers can help ensure that SAP systems remain secure.

There are many steps organisations can take to maintain a healthy level of security for their SAP landscapes. Implementing technologies that automate SAP security and continuously scan, analyse and highlight vulnerabilities is one proactive measure organisations can take to harden and safeguard the systems.

Engaging an experienced SAP partner that works with customers on a security plan can help to further ensure better operational security.