Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

Cybersecurity risk and SAP Fiori apps.

By Hendrik Jansen  -  October 25, 2018

The cybersecurity risk with SAP Fiori? More and more businesses are embarking on what the industry calls "the digital transformation." Most companies are forced to think and look for better, faster, farther reaching digital business models, driving the digital efficiencies into the workforce, partners and supply-chains. Employees are more and more enabled to access SAP on the fly via smartphones, tablets, and apps. That begs the question of how you can protect your systems from content-based cyber-attacks through these new technologies like SAP Fiori? Change is a constant, but the rate of change is ever increasing. People start to work they live, especially the millennial generation have simply no other reference point. The lines between work-private are overlapping more and more. The morning Starbuck visit or train commute includes submitting PO's on smartphones, checking Twitter, approving some workflow request, look at the latest BI dashboard, and you are not even in the office yet. SAP Fiori has positioned itself in this new environment with a better (easier) user experience app powered by SAP HANA. Technically SAP Fiori is designed to allow all on-the-fly access to all kinds of SAP systems. This is very powerful and from a user perspective very effective and convenient. But clouds do have a silver lining. With these new technologies, the connectivity and interoperability increases, and that imposes a few challenges you must be aware of (plus of course how you can deal with them) SAP Fiori is designed to bring "the app" to the user, on his device, where the challenge is device security. Think about VPN's, endpoint protection, virus scanning, etc. Devices are more often lost and stolen then traditional computing equipment. Encrypted data storage on devices is not a luxury. The app (through Fiori) coming via public, unprotected wi-fi provides a risk to network security. Man in the middle attacks are getting more common. Apps (in general) have a tendency to share more data than is actually needed but permitted because you clicked OK. And these type of apps doesn't stop at logging their own app usage, clicks, visits, photo's, files, etc. The all of a sudden increased attack surface must be mitigated to prevent real negative financial, reputational and penal damages. There are multiple types of attacks that cybercriminals can use to penetrate SAP’s defenses. One of the ways is MIME-type filter evasion. SAP and MIME When a user uses an SAP Fiori app to upload a file to a backend SAP system, the extension of the data is reflecting the file itself. So a pdf extension indicates a PDF file. And a .docx extension indicates a Microsoft Word file. So far we understand, no problem. But what if that file extension is actually an executable? Hidden and masked malicious files start entering the backend SAP Systems through these changed files (extensions). Many (far too many) companies do not even THINK about such scenario's, or have the skills and manpower to even start thinking about such very critical yet real possibilities. We do, and the simple reason is: so you don't have to. You need to concentrate on enabling your business. Our job is to enable your business SAFELY. Picture ©: GettyImages-861122838-metamorworks

Read More

The CFO's relation to CyberSecurity

By Hendrik Jansen  -  October 23, 2018

Read More

Insurance companies - be aware

By Hendrik Jansen  -  October 17, 2018


Read More

75% of the small-mid sized business isn't the least bit concerned about cyber attacks

By Hendrik Jansen  -  October 15, 2018

Cybercriminals have tried to penetrate (manipulate data or steal data) with 53% of the smalle and midsized companies, according to a research from Alert Online.

Read More

How to best select your SAP® Security Provider?

By Hendrik Jansen  -  October 11, 2018

As organizations face even more threats and attacks to their information systems and data, they are increasingly considering setting up security operations centers (SOC) to manage their detection and management of cybersecurity incidents centrally. Properly implementing a SOC is often a complex undertaking, requiring significant time, money and staff. Plus, organizations can face challenges such as SOC talent shortages and inability to scale. As a result, many businesses are exploring outsourcing or co-sourcing some or all of their SOC services to third-party companies. These parties are known as SOC service providers, Managed Security Service Providers (MSSP's), Cyber Defense Centers (CDC's).   This article aims to help you in understanding the different types of services that are available from such CDC's, SOC vendors or MSSP's which features you should look for and how to choose services that are appropriate for your organization. What is a CDC or a SOC? A CDC or a SOC is a set of people, processes and technologies, often centralized, that -- at a minimum -- receives and analyzes user reports and data feeds -- logs, for example -- from information systems and cybersecurity controls. Typically, the primary goal of a CDC/SOC is to detect and prioritize cyber security incidents that could negatively impact an organization's information systems or data. CDCs/SOCs vary from organization to organization and are implemented per structural cybersecurity priorities and risk tolerance. Some CDCs/SOCs will manage an incident from detection to remediation; others will focus on supporting and coordinating incident responders and handling incident response communication -- e.g., status updates and third-party communication. Each organization must evaluate to choose the CDC/SOC services that are appropriate and reasonable for it. How does a CDC/SOC work? CDC/SOC employees and technologies are typically located in a central location that employees with different levels of expertise -- such as analysts, responders, and hunters -- staff 24/7 year-round. CDC/SOCs tend to be very process-driven: They have standard operating procedures, use cases and playbooks to define how CDC/SOC staff respond to and communicate about various cybersecurity events and incidents. In addition to real-time analysis of incidents, alerts, reports, and data feeds, CDC/SOCs can also provide the following: long-term analysis of data feeds and incident data; normalization and storage of security logs; creation and dissemination of threat intelligence; automation and orchestration; threat assessment; and vulnerability detection or management (e.g., vulnerability scanning and remediation). Organizations may consider outsourcing all or some of their CDC/SOC services to a CDC/SOC service provider for one or more of the following reasons: an inability to hire enough CDC/SOC staff with necessary skills; the desire to gain better value from existing cybersecurity products by having experienced specialists manage them; a requirement to quickly scale CDC/SOC services due to changes in an organization's threat landscape or business model (e.g., adding e-commerce); a preference or requirement to use cybersecurity budget dollars for operating expenses ("renting" CDC/SOC services) rather than capital expenses (buying CDC/SOC equipment, SIEM licenses and hiring employees); the ability to apply a third party's threat intelligence gained from monitoring many customers; and a strategic decision to have simpler, repetitive tasks like initial log reviews be performed by a third party so that own CDC/SOC staff can focus on high-level tasks, such as incident response or vulnerability management. For all of the above reasons, the expectation is that the CDC/SOC service provider will be able to provide specific CDC/SOC services more effectively or less expensively than the organization itself. Features to look for CDC/SOC vendors can provide the following: monitored or managed equipment or unified threat management-technology (multi technology); monitored or managed intrusion detection systems (IDSes) and intrusion prevention systems (IPSes); managed or monitored hardware, application, web and email security gateways; monitoring or management of advanced threat defense technologies; triage and short-term analysis of real-time data feeds (e.g., system logs and alerts from applications and information systems) for potential cybersecurity incidents; long-term analysis and correlation of data associated with monitored or managed devices and incident response; managed vulnerability scanning of information systems and applications; monitoring or management of customer-deployed SIEM technologies; and current and relevant threat intelligence. As the above list makes clear, CDC/SOC service providers offer many capabilities that could be useful for your organization's CDC/SOC. But the variety of services can be overwhelming. One way to start evaluating CDC/SOC providers is with two basic steps to identify those services of most value for your company. Understanding your current SECURITY MATURITY (what is your current position when it comes to security, versus your own ambition and your peer group, how do you compare to them). Bottom line Properly implemented and managed, out- or co-sourced CDC/SOC services can be a valuable asset of your business's cybersecurity program; partnering with a service provider can be a smart way to efficiently and effectively improve your organization's security operations center. Be sure to carefully evaluate CDC/SOC service providers so that you end up with the right services for your company. Picture ©: GettyImages-949581038-gorodenkoff

Read More

How SOC metrics improve security operation centers' performance

By Hendrik Jansen  -  October 8, 2018

Read More

Pay $100k to cybercrimmies, pay $148m in fines, or invest in your cyber security detection?

By Hendrik Jansen  -  October 2, 2018

covering up seems more expensive than mitigating ....

Read More

Swedish customers worried about SAP® security

By Hendrik Jansen  -  October 1, 2018

Over the last two weeks we spoke to a hundred's of businesses in Sweden (at the SecureLink BootCamps in Gothenburg and Malmö) about cyber security in general, and SAP® security specifically.

Read More

MDR - Managed Detection and Response

By Hendrik Jansen  -  September 18, 2018

Managed Detection and Response (MDR) services allow organizations to add 24/7 dedicated threat monitoring, detection and response capabilities against cyberattacks via a turnkey approach. Security and risk management leaders can use these service to appropriately protect their environments.

Read More

Dealing with cyber threats in the SAP® / ERP application layer

By Michael Kemmer  -  September 18, 2018

Since 2001, the number of cyber attacks is increasing rapidly. In the recent past, corporate solutions such as ERP, CRM, HCM or similar systems have become the focus of cyber crime, see e.g. Gartner in their latest report: "Hype Cycle for Appliance Security, 2017", as of July 2017.

Read More

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer