Despite the threat of cyberattack, most companies are not implementing adequate security measures into their web-based SAP applications. This discovery is alarming, considering that the average ERP cybersecurity breach causes $5 million USD in damages.
“SAP is the market leader for ERP solutions for a good reason. But the applications that companies are running on top of their SAP infrastructure? Those applications are not secured against cyberattack,” says Jörg Schneider-Simon, Chief Technology Officer at bowbridge Software, which delivers protection solutions for SAP applications.
Among bowbridge’s findings:
- 70% of companies implement basic controls and restrictions to increase security against malicious files.
- But in more than 60% of cases, these restrictions could be bypassed by simply renaming the file – making this a critical vulnerability most businesses are failing to address.
- Companies also failed to require a two-step user registration process, increasing the risk of fraudulent users.
- On average, 30% of companies allowed uploads of active content in files and even malware, putting users and the SAP application at risk of being manipulated or breached.
The full report and research results are available in bowbridge’s whitepaper, “Cyberattacks and CVs: Can SAP E-Recruiting Expose Your Company to Risk?”
To perform the test, Schneider-Simon tested random companies who use one of the most common internet-facing SAP applications – E-Recruiting – to see how well they were adopting the rigorous security measures needed to protect the application.
“While we only tested the E-Recruiting application, these results can be applied to any web-based SAP application,” says Schneider-Simon. “By failing to secure their SAP applications, businesses are taking an enormous risk not only with their data, but with their future.”
About bowbridge Software
Headquartered in Walldorf, Germany, bowbridge Software is the leading provider of SAP-specific security solutions. The company’s products prevent a comprehensive range of attacks from viruses, malware and malicious content in SAP applications and central enterprise content repositories. Since 2005, bowbridge has protected the software infrastructures of the world’s most respected organizations, including GM, Siemens, Petronas, LEGO, U.S. and Australian government institutions, and more. Learn more at http://www.bowbridge.net/.