1. Website Planet
  2. >
  3. Blog
  4. >
  5. Paul Laudanski on Why SAP Applications Are a Prime Target for Cyberattacks – Insights from Website Planet
Paul Laudanski on Why SAP Applications Are a Prime Target for Cyberattacks – Insights from Website Planet

Paul Laudanski on Why SAP Applications Are a Prime Target for Cyberattacks – Insights from Website Planet

Luka Dragovic Written by: Luka Dragovic
SAP applications have become a prime target for cybercriminals, as their compromise can cripple entire businesses.

In an interview with Website Planet, Paul Laudanski discusses the findings of the 2024 CH4TTER Report, which highlights the growing interest of threat actors in SAP vulnerabilities and their devastating potential. Unlike typical network breaches, SAP attacks can lead to prolonged downtime, financial losses, and even bankruptcy, as seen with Stoli Group in 2024.

To combat these risks, companies must prioritize SAP security, patch vulnerabilities swiftly, and implement proactive monitoring to safeguard their most critical systems.

Why are SAP applications a high-value target for cyberattacks?

In 2024, we published our CH4TTER Report, which found that more and more threat actors are talking about SAP in their native environments and everyday conversations. We see that adversaries are starting to understand the value of SAP application data and how it can devastate a company if compromised.

We often see breaches that impact networks, and while they set back the business, they are able to recover. However, when SAP applications are compromised, the business can no longer function successfully and can take months to recover, if at all. Adversaries understand that they can cost the business its profits and use it as a forcing function to get what they want and are seeing this method as an opportunity.

Cybersecurity and Infrastructure Security Agency (CISA) is noticing this too- in their known exploited vulnerabilities (KEV) catalog, they also reported an increase in SAP-based attacks, according to our report. Unfortunately, attacks on SAP don’t get as much attention or feel the same sense of urgency as some of the consumer-facing product vulnerabilities, but that is why we need to keep raising awareness about the risks of SAP-based attacks.

Cybercriminals are using everything they can, from security tools to policies, extortion, and in some cases, reporting to government agencies, to compromise companies for financial gain. Organizations need to protect themselves and prioritize patching.

What are the most common vulnerabilities that lead to SAP breaches?

The simple answer, it’s the ones that do not get patched.

From what I see, it’s the ones that are reverse-engineered or have public exploits. SAP vulnerabilities are typically not on the radar or a priority for most companies. From a technical perspective, I think there’s a framework threat actors follow in which the vulnerabilities they go after are usually accessible over the internet without having to log in, and they can just simply slip through firewalls or web application firewalls undetected because they look like an HTTP request that doesn’t trigger standard detections. This is why it is critical to find solutions that have a unique understanding of these types of attacks, as they can prevent even the most sophisticated adversary from entering an organization’s systems.

Earlier this year, we released our Year in Review report, which looked at the common vulnerabilities and trends of SAP applications in 2024 and found that criminals are exploiting SAP vulnerabilities for:

• Ransomware attacks

◦ 400% increase in ransomware incidents from 2021 – 2023 that include SAP Data

• Financial fraud; exploitation of payment systems

• Accessing SAP information

• Taking advantage of infrastructure

◦ Cryptocurrency mining

◦ Deploy malicious software

How can an SAP security breach impact a company in the long run?

We saw the worst-case scenario on how an SAP security breach can impact a company- a popular vodka company, Stoli Group, filed for bankruptcy in late 2024 because its SAP systems were compromised once they fell victim to a ransomware attack.

An SAP security breach can cause the company to panic. As I mentioned, it can set the company back months, if not completely derail its momentum and profits. However, I often notice that there are workforce changes following this type of breach, but I firmly believe that this is not the best approach as this can impact the company even more in the long run.

I strongly urge those impacted not to play the blame game and fire the team deemed responsible, as the company will lose the workforce and the knowledge they possess. The company will then have to pay to replace and retrain them. This does not take into consideration that the company has the same budget to invest in security, which, if not, could lead to a bigger cybersecurity skills gap problem for them as businesses typically invest in tools and other priorities. The prior workforce understands the company’s needs and helps them recover from the attack to create a more successful and secure business.

What proactive measures should businesses take to protect their SAP systems?

If an organization starts today, it first needs to bring in a third party to pressure test its systems. This will give the company a realistic starting point and an objective evaluation of its security. When I conduct these tests, I often see organizations go into complete shock at the actual state of their security, as business leaders typically think they are a lot farther along than they are.

After pressure testing systems, security leaders should hire a “threat modeling architect.” This person will map out the businesses’ entire threat landscape so they can identify the gaps in their SAP systems and what needs to be monitored.

Organizations need to start monitoring and treating SAP systems like they do with firewalls, identity, or email. Typically, companies invest in logging tools to help single out where the gaps are and deploy solutions to remediate them proactively. The architect can establish this monitoring and logging system for SAP solutions and help bring experts to secure an organization’s most valuable assets.

How does regulatory compliance play a role in SAP security?

The better question is, “Where does compliance not play a role in SAP security?”

As I noted earlier, when a company’s SAP is locked down by an attack, it is destructive to the company for many reasons, one being that it cannot run or export compliance reports. Unfortunately, regulatory agencies do not care if the organization is attacked; they have laws and policies in place to ensure organizations care about the integrity and availability of the data. Threat actors know that a company won’t be able to comply with compliance regulations and policies if they take out a SAP system.

Additionally, compliance plays a large role in the RISE with SAP transformation. The deadline for this transformation is quickly approaching. For many organizations, it’s going to take them right to the 2027 deadline to move their data to the cloud, however- when they move the data, they need to make sure that they are not only securing it but also moving all the data over that is necessary to remain compliant.

Compliance and SAP security are intertwined, and you can’t have one without the other.

What lessons can companies learn from past SAP security breaches?

It is no longer a matter of “if” an SAP security breach happens but when. The biggest lesson is companies must treat and invest in SAP security like insurance.

People get insurance for when things happen, not if. Security tools and patches are there for the same reason- when an attacker gets into systems, they are able to protect the network before it has long-term impacts on the company.

Just like it doesn’t make sense to drive a car without insurance, running SAP without security in place isn’t safe in today’s business world. SAP security systems need to be vetted and tested often to ensure that they are able to protect against today’s most sophisticated threats and vulnerabilities. By doing this, it provides peace of mind to enterprise leaders that their most business-critical applications and data are thoroughly protected.

Ninety-eight of the 100 largest companies in the world are SAP customers, so if one SAP system gets knocked offline the implications have an even bigger impact across industries. We saw this recently with the Lee Enterprises breach. Once a parent company is breached, a ripple effect occurs, and ramifications grow.

From my experience, the best lesson I can give to organizations to prevent an SAP security breach from happening is to patch often and fast, test your systems, and deploy real-time threat monitoring in place.

Find out more at: www.onapsis.com

Luka Dragovic
Luka Dragovic
Luka, a skilled individual from Serbia, set aside his aspirations of becoming a Web Designer but discovered a fresh passion for content writing. With a keen interest in IT-related domains, encompassing Web Design and UI-UX Design, Luka is now delighted to express his thoughts on his favorite subjects. His proficiency in these areas positions him as an excellent source for those seeking valuable insights into the realm of technology.

Follow our experts on
Rate this Article
4.0 Voted by 2 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Required Field Maximal length of comment is equal 5000 chars Minimal length of comment is equal 50 chars
0 out of minimum 50 characters
Reply
View %s replies
View %s reply
Related posts
Show more related posts
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3617433
50
5000
114315694