Protect your business applications from Ransomware.


Christmas, 2021 – many security teams had to work during the weekend to mitigate a critical vulnerability discovered right before the holidays

Ransomware attacks to business applications are raising dramatically, they have gotten incredibly easy to execute (see Ramsomware as a service), and payment methods are now much more friendly to criminals.

Businesses are growing increasingly reliant on digital infrastructure and more willing to pay ransoms, thereby increasing the incentive to break in.

The question is not anymore whether hackers will break into the company business applications, the question is when.

In this blog I would like to show you examples of what can be done in SAP to reduce the vulnerability status of your business applications and mitigate the risk of ransom.

What is ransomware?

Traditionally, ransomware is a kind of malicious software that encrypts a user’s files, making them impossible to access without a key, or in some cases gives attackers the power of shutting down a server or network, making it inaccessible to its intended users (Denial-of-Service).

The price for “freedom” is the payment of a ransom to the attackers.

More recently, cyber criminals started to threaten to leak or sell sensitive information which they were able to get by spending weeks or months into an organization’s business application, undetected.

Spending time inside the network of an organization allows cybercriminals to find the most valuable data to encrypt and exploit.

What can be done to stop ransomware?

The first step to dealing with any kind of cybercrime is to be proactive rather than reactive.

Securing enterprise technology requires assessing the entire landscape through various security lenses. This makes security a joint effort between multiple teams, therefore, very challenging to achieve in an efficient way.

There will be always vulnerabilities within the security configuration and processes, it’s unavoidable, this is because technology platforms are under constant changes in order to adapt to the ever evolving business demand.

One thing security teams can do is to fix critical vulnerabilities before attackers exploits them.

SAP Enterprise Threat Detection – System Monitoring

With SAP Enterprise Threat Detection you can visualize the current vulnerability status of your systems.

By providing real-time monitoring of users’ suspicious actions, SAP ETD can provide an end to end view on whether critical system vulnerabilities are being or about to be exploited, so that security teams can:

  1. Immediately stop suspicious and dangerous activities
  2. Fix critical vulnerabilities within the system configurations
  3. Prioritize the implementation of critical security patches


SAP ETD – System Monitoring Overview


SAP ETD – System Monitoring Overview – Drill-Down, To 20 Critical Alerts


SAP ETD – System Monitoring Overview –  Drill-Down, Top 20 missing security notes

And with SAP Analytics Cloud provide higher level reporting on the status of your landscape combining data coming from any other sources.


SAP Cybersecurity Dashboard – Overall Security Status by System

Is there anything else to do?


Security is a continuous and coordinated team effort between all its domains (see CISSP domains).

Periodic risk-assessments on all domains should be conducted, and the results should be used to prioritize mitigation plans.

So even though an extra effort should be taken towards securing the applications where the critical business processes run and sensitive data is stored (the so called crown jewels), it is equally important to ensure the effort is balanced and consistent with all the other security domains.

Visit the SAP Security topic page for more information