Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

SAP security @agileSI - we run a 99,86% chance that less than 0,019 hackers are in our systems ....

By Hendrik Jansen  - November 22, 2018

The weakest link in SAP security (and cybersecurity).

What is the weakest link in your cybersecurity strategy or security operations?

Humans remain the weakest link in the area of cybersecurity, SAP security, IT or SAP compliance, corporate data protection. The question is, are you surprised by it, or did you already know?

And the ultimate question is, how many humans does it take to ...... one is the answer, it takes only one to expose you, open up your systems, steal & copy, manipulate, etc.

You might be surprised that it is not only foot soldier employees duped by phishing scams who pose risks, also managers and executives fall into the traps. Some companies are even lured into a false sense of cybersecurity by vendors. Yeah, you read that right: Some enterprises believe the shiny new technologies they've acquired will protect them from anything. The answer is, it doesn't. No matter how good or cool or revolutionary the vendor product, there is no 100% security. So there is no 100% prevention either. The probability has reduced (we do give you that). And you can use the best cause&effect or risk scoring tool in the tool in the world, and you should - as long as the answer is not "we have a 99,86% chance that less than 0,019 hackers are in our systems"

While we were conducting an exploration workshop on SAP security, a manager from a large company mentioned: "we have always received the OK from our auditor". Our response to that as always is "Great, that is good news for you. It is important that the auditor gives you that sign off on your annual report, but what does that really tell you?"

As said, the weakest link remains the people in the process (that also means the person who is auditing you by the way). So if you are looking for more than just the stamp, the sign-off, you should be looking at user behavior in your systems, in your SAP systems. That is where the weakest link actually works. If you had the possibility to be warned about suspicious USER BEHAVIOR while it was going on, would you not take that possibility?

Phishing, human error, and ransomware, oh my!

At 43 percent, phishing, hacking and malware incidents accounted for most incidents. We will write some more about a few meaningful statistics in a future blog. But a very large percent of incidents were initiated by some form of human error (accidentally or purposed).

Phishing is particularly difficult to stop. we see that all the time, simply because

1) we are becoming digital natives -- we all grew up, and our 24/7 "have to be" online business has accustomed us all to the rapid response cadence of social media and to answer emails from their coworkers very quickly.

2) people deep down like to trust more than distrust -- many workers fall prey to business email comprises that appear to come from their CEO, CFO or another peer but in reality, include a malicious payload.

No matter how good your technology is, there is no 100% prevention. So it takes only one (one email, one click, one employee) and the damage is being prepared. The good news is that LAYERED defense tactics work better than that one silver bullet approach. Through the proper DETECTION mechanisms, you can catch the execution of the damage in your ERP (SAP) systems while it is going on. Think about that phishing email to prepare a financial payment. You can catch those in the act if you have the proper OVERSIGHT mechansims.

SAP security programs need work

There is no one-size-fits-all approach to cybersecurity or SAP security readiness. Every company ticks differently (each company has a different culture, different processes, a different IT landscape, different industry, different security appetite, different people, different vulnerabilities)

“It’s really all about getting a well-defined strategy and security roadmap, something that FITS YOUR COMPANY, something that makes sense for you and you can actually implement".

We help customers in ASSESSING, PREVENTING, DETECTING and RESPONDING to these ever-increasing SAP security threats. “It really starts with having the correct baseline, where are you now, how does your company compare to your peer group, compare against the "best in class", and what security ambition level makes sense for you, and how can you get there (steps to be taken over time).

The goal for our customers is to be able to communicate in a transparent, thoughtful and meaningful way about their SAP security. You want to be able to answer the basic questions your management and your end-customers want to be answered: "What happened? How did it happen? Could it have been avoided? What are we doing to stop it from spreading? What are we doing to stop this from happening in the future?”

If you are curious about the SECURITY ELEMENTS you need for that INSIGHT, PREVENTION, DETECTION and RESPONSE, please contact us at and we will be happy to explain what works when it comes to SAP Security for your organization.

Picture©: GettyImages-919533640-metamorworks

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer