Sap R / 3 Virus and Vulnerabilities
Do you remember the first virus discovered on SAP R / 3 back in 2002?
It was called SAPvir and contained just 24 lines of code using Advanced Business Application Programming (ABAP), the language integrated into SAP R / 3.
Are you no longer worried about this story almost 20 years later?
Too bad you should see what happens today in the way of fraud and Data Breach on your systems.
Vulnerabilities found in SAP R / 3
In 2015, the vulnerabilities found in SAP were more than 3500 in all products and about 350 in the ECC version alone.
What does all this mean? That your data was not and is not secure even today and it is necessary to calculate the risk or perhaps the damage suffered by your organization: according to ACFE Association Certified Fraud Examiner, the overall fraud perpetrated in organizations, including through the improper use of IT tools, they amount on average to 7% of the company’s total turnover.
Vulnerability and Missing Authorization in SAP R/3
For instance, if we think that one of the major vulnerabilities found is based on “Missing Authorization”. In other words that is the lack of authorizations in SAP and that by virtue of this, users can perform undisturbed insertion of false supplier invoices, their approval and the relative payment without checks, taking home a supplementary salary every month, this must make us reflect on the implementation of suitable measures to contain these phenomena.
Penetration Test and Cybersecurity or Red Flags
The best methodologies to prevent such problems are based on the implementation of an integrated Cybersecurity plan that includes different activities and Penetration tests.
Above all there are also the so-called “red flags”, literally red flags, which in combination with the Penetration tests and other investigative tools help to reduce or intercept such fraudulent phenomena.
Fraud Risk Assessment and Integrated Investigative Projects
In conclusion t is always better to turn to professionals with a holistic approach to the problem who are able to field skills in the IT sector, at a corporate investigative level, verify the correct behavior of employees, including top management, and implement Fraud Risk Assessment plans through integrated investigative projects.
