Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules
Picture of Hendrik Jansen

Hendrik Jansen

Hendrik Jansen’s Blog Posts

50.000 SAP® at risk by known vulnerabilities

By Hendrik Jansen  -  May 9, 2019

The story about 50.000 SAP® customers being at risk because of old and known vulnerabilities. Did the story go viral? 

Read More

agileSI expands partnership in the Gulf region

By Hendrik Jansen  -  May 9, 2019

agileSI and Gulf Consulting have entered into a partnership agreement for the Gulf region, bringing SAP security closer to the customers in the region. 

Read More

CyberSecurity expensive? Try having not enough ...

By Hendrik Jansen  -  April 11, 2019

ASML - the Dutch chip machine manufacturer leader lost their IP and pricing policies in a data breach. The damages caused by Chinese industrial espionage are in the hundreds of millions Euros. 

Read More

GDPR - outranks Google searches on Beyoncé

By Hendrik Jansen  -  March 21, 2019

The status of GDPR 10 months after the introduction on 25 May 2018. 

Read More

Is security PREVENTION in the healthcare industry enough?

By Hendrik Jansen  -  February 21, 2019

Read More

Why we need to think differently about cyber security in 2019

By Hendrik Jansen  -  January 31, 2019

Typical notions of cyber security When most people think about cyber security, they think about passwords. Passwords that are a bit more difficult than 123456 or QWERTY. Private individuals tend to select a good router for their home internet connection with focus on aesthetic design without any wires and with WPS (Wi-Fi Protected Setup) to avoid all that "difficult" typing according to the kids who veg out by consuming Netflix. The more advanced tech aware person will consider installing a firewall and perhaps a freeware antivirus program. They think that's enough to defend against an attack. And when they think about cyber attacks, they usually imagine a very skilled team of hackers brute-forcing their way into a home or business system, not unlike robbers breaking into a bank vault. But it doesn’t take much research to learn that in today's era cyber attacks are way more nuanced, and leave far more people vulnerable than imagined. And in the near future (months not years, quarters not decades), the average cyber attack is going to evolve even more. I believe that Moore's law applies here as well (to a degree there is an exponential factor involved). If we want to prepare our businesses for these threats, and protect ourselves as individuals, we need to change how we think about cyber threats. New Types of Attacks and the Lack of Experts For starters, we need to start preparing ourselves for new types of attacks. With the rising diversity of entry points (endpoints, devices and software), preparing for conventional attacks isn’t enough. Today’s cybercriminals are remarkably intelligent and lazy, so they buy cheap and proven tools from the dark web, and all it takes is a single vulnerability to compromise and exploit an entire system. Because there are so many possible attacks, and new attacks just waiting to be created, we need to spend more time sourcing and training the right tech talent, rather than just building bigger and better defensive systems. Security experts with experience in many different areas, with the ability to think flexibly, will be far more capable of responding to novel threats than their short-term-goal-focused contemporaries. But these skills are scarce in the market, so the costs for these skills are rising. Secondly, these types of cyber security experts are looking for continuous challenges, that's why they prefer to work with Cyber Security companys rather than a regular business. That leaves a shortage in the market of an estimated 2 million cyber security experts. Good luck fighting those odds as a business. Rising Volume We also need to consider the rising volumes. Cyber threats are growing to be more in volume as well as in threat level. They’re growing regarding damage potential and probability (technology change factor x volume change x sophistication change). Thanks to the prominence of mobile devices and the growing influence of the internet of things (IoT), there are billions of connected devices around the world, and each one of those devices is potentially hackable. There is also a growing number of people with the right motivation and resources, who could easily attack a device across the globe. Add that to the number of countries with minimal (if any) restrictions meant to prevent a cyber attack, and you have a recipe for a disaster. My personal prediction is that we are only looking at the tip of the iceberg right now. Finally, consider how much a cyber attack could hurt us. That is the fundamental question that any CEO, CFO, CIO, CISO should be asking in the business. We’re entering an era where nearly everything we do involves an internet connection or a digital device. Hurray to the digital transformation - pushed and hyped by the same technology vendors that failed to protect you in the first place. When IT components get compromised, it becomes nearly impossible to get the resources you need. Individual Empowerment In addition to taking the possibility of a truly large-scale attack seriously and investing in better cyber security talents, we also need to educate people at the individual contributor level. The employees and staff with limited tech knowledge, who still rely on these devices on a daily basis are meant by that. If they choose weak passwords, fall for schemes, or otherwise allow themselves to be vulnerable, they become easy targets that could lead to the collapse of a much bigger system. Every digital network is only as strong as its weakest chainlink, and it's about time we acknowledge that. It’s not easy to change how you think about a given problem, but simply educating yourself is a good first step. The more basics you learn about the world of cyber attacks and cyber security, the more accurately you’ll be able to think about your protection and the protection of your company. You can also help your own cause by investing in better cyber defenses, like the agileSI™ solutions for SAP® Security. The sooner and more thoroughly you invest in your defenses, the less you’ll have to worry about, the more likely hackers will pursue easier targets. How fast do you need to run in order not to get eaten by the tiger? Just a little bit faster than the slowest person in the group! Want to know how fast you are running when it comes to SAP® Security?

Read More

PREVENTION? leaving the factory settings as they are is not a good idea !

By Hendrik Jansen  -  January 29, 2019

Read More

6 ways you can benefit from SAP® log monitoring

By Hendrik Jansen  -  January 23, 2019

The website always publish good content so we have taken some of their inputs. Systems, Devices, Applications, Interfaces, Databases are inside your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space. These are strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they happen. Never activating these logfiles in the first place to save disk space (at roughly $0,03) is really not an argument anymore (it might have been in 1983 when a Gig of storage was $500.000). The only argument in such a case is perhaps to talk about something else .... with HR.

Read More

Is the ERP community risk aware?

By Hendrik Jansen  -  January 14, 2019 published a great article on ERP Cybercrime

Read More

Benefits of SIEM systems

By Hendrik Jansen  -  January 14, 2019

TechTarget wrote a great article on the benefits of SIEM systems.

Read More

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer