Summary of "TCT Talks - Cyber-Attacks on SAP: Are You Prepared?"

Summary of “TCT Talks - Cyber-Attacks on SAP: Are You Prepared?”

This video features a discussion on the increasing threat of cyber-attacks targeting SAP systems and practical guidance on how organizations can improve their SAP security posture. The main speakers are Andy Bailey (Technical Team Manager at TCT), Will Dunley, and Laurel Christa, both senior SAP security consultants.

Key Technological Concepts and Analysis

SAP within Cybersecurity Layers

SAP systems form part of the application layer in an organization’s cybersecurity framework. This framework also includes:

• Physical security (guards, biometrics)
• Network security (firewalls, access control)
• Applications holding critical data like SAP

SAP holds sensitive data such as HR records, intellectual property, and customer information, making it a prime target for attackers.

Real-World Risks and Exposure

Despite multiple outer security layers, SAP systems are often exposed to external threats. Recent high-profile attacks have demonstrated how hackers can bypass perimeter defenses and remain inside networks for months, exploiting weak or non-existent SAP security controls.

Types of Threats

Threats to SAP systems can be:

• Internal or external
• Accidental or deliberate

This diversity highlights the need to close as many security gaps as possible within SAP landscapes.

Vulnerability Assessment Service

TCT offers a vulnerability assessment service that includes:

1. Accessing the productive SAP system
2. Identifying risks and vulnerabilities
3. Producing a non-judgmental, business-language report
4. Conducting a workshop to explain findings and answer questions

This service helps organizations understand their current security posture and develop a roadmap toward improvement.

Business Impact of Cyber Attacks

Cyber-attacks on SAP systems can lead to severe consequences, such as:

• Losses of hundreds of millions in sales
• Halted production lines
• Reputational damage
• Share price drops
• Regulatory fines (e.g., GDPR penalties up to 4% of global turnover)
• Cultural impacts, including demotivated employees increasing vulnerability

Audit and Compliance Considerations

Organizations should align their SAP security goals with audit requirements (SOX, ISO, internal audits) and their risk appetite. Security is a continuous improvement process, aiming for pragmatic targets (e.g., 95% security effectiveness) rather than perfect security.

Simple Security “Quick Wins”

Some straightforward measures to improve SAP security include:

• Removing inactive users and ensuring locked users have no assigned roles
• Changing default passwords on critical SAP users like SAP* and DDIC, whose default passwords are publicly known
• Reviewing and enforcing security processes
• Securing help desk password reset procedures to avoid predictable or reused passwords

House Analogy for Security

Basic security measures—such as locking doors and windows—are essential before investing in sophisticated solutions. Simple, inexpensive fixes reduce the attractiveness of SAP systems to attackers.

Technical SAP Basis Security Measures

Key technical controls include:

• Monitoring RFC connections and peripheral systems
• Message monitoring and transport controls
• Applying access control lists and maintaining TLS/SSL certificates
• Utilizing SAP EarlyWatch reports to identify and track system vulnerabilities and issues
• Regularly applying SAP security patches and vulnerability notes, which are publicly available and critical to prevent exploitation

Focus on Production Systems

Security controls and fixes should first be applied to production environments where critical data resides, then extended to development and quality systems.

Continuous Improvement and Collaboration

Security is an ongoing effort requiring cooperation between SAP security teams, basis administrators, and business stakeholders. Regular reviews, adherence to processes, and timely patching are vital.

Customer Support and Engagement

TCT emphasizes a non-judgmental, supportive approach, positioning themselves as an extension of the customer’s team. They offer assistance beyond assessments, including general security advice and ongoing support.

Product Features and Services Highlighted

• Vulnerability Assessment Service: Comprehensive risk identification and reporting with follow-up workshops tailored to business understanding.

• Security Consulting and Project Delivery: Support in closing SAP security gaps, improving processes, and implementing technical controls.

• EarlyWatch Report Utilization: Encouragement to leverage SAP’s EarlyWatch reports for ongoing visibility into system health and security.

Tutorials, Guides, and Recommendations Provided

• Conduct vulnerability assessments to establish current security posture
• Prioritize securing production SAP systems first
• Implement simple fixes such as removing inactive users and changing default passwords
• Ensure help desk password reset procedures are secure and unpredictable
• Regularly review and apply SAP security patches and vulnerability notes
• Use EarlyWatch reports to track and address ongoing issues
• Develop a pragmatic, risk-based roadmap toward improved SAP security
• Engage with external experts as collaborative partners rather than auditors

---

Main Speakers / Sources

• Andy Bailey – Technical Team Manager, TCT
• Will Dunley – Senior SAP Security Consultant, TCT
• Laurel Christa – Senior SAP Security Consultant, TCT

Category

Technology

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

Video