Security Researcher: IT Managers Urged to Keep up with SAP Patches
More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.
Attackers targeting SAP platforms don't need access credentials to perform these attacks, said Juan Perez-Etchegoyen, CTO of Onapsis, a U.S. security firm with research and development in Argentina, that is focused on ERP systems and business-critical infrastructure. Perez-Etchegoyen made his remarks at the Hack in the Box conference in Amsterdam on Thursday.
Global companies, governments and defense agencies use SAP to manage everyday tasks like financial planning, managing payrolls and logistics, he said. If SAP platforms are breached intruders are able to access customer data, paralyze the company by shutting down the system or modify financial information for fraud purposes, he added.
"The problem is that companies don't know the risk," Perez-Etchegoyen said, adding that SAP systems hold the data that is sensitive and important for companies.
The main reason companies that use SAP are vulnerable is because they don't apply patches, and in that way leave their systems exposed, he said.