95 percent of SAP systems were exposed to vulnerabilities

Onapsis study found that over 95% of SAP systems are exposed to vulnerabilities that could lead to full compromise of the company’s business.

SAP is one of the most popular enterprise software used by companies to manage business operations and customer relations.

A recent study conducted by the SAP solutions provider revealed that more than 95 percent of enterprise SAP installations is affected by serious security issues that open them to cyber attacks that could result in a dangerous data breach. The assessment confirmed that more than 250,000 SAP business customers worldwide, including 98 percent of the 100 most valued brands, are potentially exposed to cyber attacks that could exploit a series of vulnerabilities. On average the companies result vulnerable for a period of 18 months from the disclosure of the vulnerability.

“The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,” Onapsis chief executive Mariano Nunez says. “The truth is that most patches applied are not security-related, are late or introduce further operational risk.“

The study also reported that SAP released 391 security patches in 2014 and more that 50 percent of them was ranked as high priority.

The principal cyber attacks against SAP applications was grouped in the following categories:

• Pivots – Pivoting from a low to high integrity systems in order to execute remote function modules.
• Database Warehousing – Exploiting flaws in the SAP RFC Gateway to execute admin privilege commands in order to obtain or modify information in SAP databases.
• Portal Attacks – Creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and other internal systems.