Skip to main content

Hackers Continuing to Target SAP, Oracle, Other ERP Users

By November 6, 2019Blog, Cloud Trends

64 percent of SAP and Oracle ERP users say they have been hacked in the past 2 years.

64 percent of SAP and Oracle ERP users have been hacked the past two years, according to an IDC report. A survey of hundreds of IT decision makers, about half of whom used either SAP or Oracle software, revealed this and several other developing trends pertaining to enterprise application security. Despite regular security audits and patches, most of those surveyed (62 percent) felt that their systems still contained serious cybersecurity gaps.

SAP and Oracle ERP Vulnerabilities

This is not the first time that SAP and Oracle applications have been found to have critical security vulnerabilities. The study’s sponsor, Onapsis, has repeatedly highlighted major exploits existing in the majority of SAP products, including the 10KBLAZE bug alert earlier this year. Previous warnings were even echoed by national security agencies, with the Department of Homeland Security’s cybersecurity division alerting users of Dark Web chatter building around recently found ERP exploits.

Transactional, Personal Data Most Sought by Hackers

The survey’s subjects that had been hacked most often had several different types of data compromised per breach. However, the majority of information that was sought by attackers came from sales, employee or customer files, with engineering specifications, intellectual property and accounting data following close behind. Being that ERP acts as a library for all of this data, it appears that hackers are specifically targeting enterprise software to collect any and all potentially valuable files they can find before vanishing to avoid detection.

Cost of an ERP Data Breach

Any data breach can have a high cost, from both short-term and long-term damage, but hacked ERP applications can especially sensitive to lingering expenses. According to Onapsis, much of the data included in enterprise software (and which is subsequently being stolen) is some of the most regulated information today. This means that businesses can face even more losses from an ERP breach if they are found liable for data security damages.

User Credentials and Privileges

Most data breaches begin with privileged credential abuse, and this is extra true for ERP exploits. Relatively small but critical misconfigurations like 10KBLAZE in SAP NetWeaver allow hackers to mirror or bypass administrator access and gain the “keys to the kingdom” through your enterprise applications. Even amateurs can run rampant with this level of control before being discovered, but experienced cyber attackers will be able to leverage access privileges to erase enough user history to ensure their actions go unnoticed.

Most data breaches begin with privileged credential abuse, and this is extra true for ERP software exploits.Cloud Security Concerns for ERP Applications

Besides these revelations, one of the biggest takeaways from the report is the concern of many IT managers of moving to the cloud, with 77 percent saying their C-suite had security worries. The other findings only reinforce this apprehension, as SAP, Oracle and other traditional ERP systems have been reconfigured for SaaS functionality, but often without adequate security measures for legacy software that was never designed to be connected to the Internet.

Business and IT objectives do not always align, and software hosting in the cloud has become the nexus of many competing decisions from application developers, cloud service providers and network security resources. This does not negate the benefits of application hosting delivered as a service, but doing so requires knowledge, preparation and experience to secure your enterprise software infrastructure.

Protect Your Software in the Cloud with Secure Hosting

Moving your ERP to a digital infrastructure means investing in cloud security – the best way to protect a modern network is by reinforcing the human element to ensure no endpoint goes unmonitored. Your enterprise applications are too important to let your data protection controls slack, and suffering a data breach here can put your business in serious danger.

Download our on-demand webinar to learn how to migrate to a secure cloud solution for FREE with SWK’s cyber-secure hosting service.

FormCraft - WordPress form builder