According to a recent Reuters article in May, at least 50,000 companies running SAP systems are susceptible to security breaches, as a result of user negligence in following recommended security fixes provided by SAP.
This incident shows that basic cybersecurity awareness and diligence is now fundamental for any company running on digital platforms. Here are four actions you can take to protect your SAP system:
1. Secure your default SAP account passwords as soon as initial installation and setup are completed.
Let’s start off with something easy – changing your default SAP account passwords. During installation and setup, your organisation will be provided a few generic accounts, for which the passwords are well known. Left unchecked, generic login passwords is an easy first step for any potential hacker to break into your enterprise system.
2. Install security fixes and patches regularly, especially High Priority patches.
Research done by security firm Onapsis revealed that most SAP customers resist installing security fixes and updates to avoid disrupting business-critical systems. However, working around the system downtime is a small price to pay for the assurance of knowing that your enterprise system is well-guarded.
3. Tighten your organisation’s SAP login settings to deter hackers.
- login/password_expiration_time (default 0, recommended 30)—Users are forced to change their SAP password after this number of days.
- login/min_password_lng (default 3, recommended 8+)–Sets the minimum password length.
- login/fails_to_session_end (default 3, recommended 3)—Number of times a user can enter an incorrect password before SAP ends the session.
- login/fails_to_user_lock (default 12, recommended 5)—Number of times a user can enter an incorrect password before SAP locks the user master records from further logins.
4. Invest in professional cybersecurity services or training for your IT personnel.
In the long-term, due to an increase in IoT (Internet of Things) and tighter integration between devices to systems and inter-systems, the need for proper cybersecurity management will continue to grow. Therefore, we encourage you to consider an investment into cybersecurity services with a specialised vendor or upgrade your IT personnel in cybersecurity capabilities.
Devoting some time and effort to secure your SAP system now goes a long way towards preventing security breaches happening to your organisation. If you have further enquiries, contact our team for more information.