25 Jul 2022 Andrew Spicer
As the pandemic sent virtually every country in the world into lockdown in early 2020, hackers and cybercriminals were going to work.
The unprecedented shift to remote working proved to be an irresistible opportunity to exploit the security vulnerabilities that went hand in hand with millions of workers logging on to access sensitive business information from their home office or, in many cases, their dining table.
Phishing and ransomware attacks surged. Not even the hospitals dealing with the first wave of Covid patients were safe. The hackers also went after enterprise resource planning (ERP) systems to an extent not witnessed by security analysts before.
ERP in the crosshairs
After all, the ERP system holds some of the most valuable and sensitive information for any organisation, including financial, human resources and client data. SAP, Dynamics and Oracle systems were in the crosshairs of cybercriminals. Organisations that hadn’t applied the right software updates, or had lax password hygiene and authentication protocols, were very vulnerable to attack.
Those running on-premise ERP systems were left unable to physically access their IT infrastructure. It led to many sleepless nights for many IT managers who were behind on their security patches and suddenly had to accommodate a wholesale shift to online operations. There just wasn’t scope for testing and outages to apply new software and security updates quickly.
At Realtech we helped a number of clients through tough situations during 2020-21, helping them with SAP upgrades and even large cloud migrations. They were grateful for the assistance and those projects serve as a reminder of the importance of having good software update processes in place.
If you are producing widgets in a factory, you’ll make sure the machinery is well serviced and maintained so as to avoid a halt in production. Running an ERP system should be no different.
We can’t predict when the next crisis will require all hands on deck, leaving precious little time for maintenance as 24/7 access to the core platform running the business is demanded by the business.
Yes, it’s complicated!
The problem is that when it comes to SAP, some of the security updates can be quite complicated to implement. SAP supplies excellent, regular security alerts and patches. But patching and testing a major software update for an extensive SAP environment can require the equivalent of up to 90 days of hands-on work. That’s a big commitment for an in-house IT team. Too many businesses put security updates in the too hard basket, applying the urgent ones and waiting two years or longer to apply patches and updates fully.
SAP regularly issues patches (SAP Security Patch Day) to enable SAP systems to be kept up to date and protected as much as possible. However, if the SAP systems have not been upgraded for more than two years, SAP will not guarantee the availability of Security Note updates, which means you run the risk of incompatibilities leaving your systems unpatched and vulnerable.
There are three things you can do to avoid this scenario threatening your SAP environment:
The cyber threat landscape is changing too rapidly for most businesses to keep pace with. IT departments lack the time and resources to adequately devote attention to applying updates and security patches.
Whether you are running SAP on your own infrastructure or in the cloud, Realtech can help you stay up to date. We evaluate and apply patches to your SAP environment, but can also advise on non-SAP software that helps in the fight against security breaches.
Cyberthreats aimed at ERP systems aren’t going away. SAP security updates need to be treated as a critical function for every business running SAP. As the SAP experts, Realtech is here to help you take the hassle out of software updates and security patches.
Get in touch with Realtech to find out how we can help you stay on top of security patch management.