According to a study by Cybersecurity Ventures, cyber-crimes will cost the world almost $6 trillion a year by 2021. In the last few years, cyber-crimes have increasingly been in the news, with tech giants like Facebook becoming a victim of data and security breaches. This is why when it comes to cyber-crimes, it’s not a question of "if", it’s a question of "when" it will happen.
Five key cyber threats that enterprises need to take seriously and should watch out for in 2020:
Social Engineering Attacks
IoT-Based Attacks
Ransomware Attacks
Internal Threats
State-sponsored Attacks
Although SAP is investing a lot to deliver its products with secure code, there still remains the need to deliver security corrections to released products due to new flaws identified, or new attack patterns becoming known. The security maintenance of installed SAP software is therefore key to continuously protect against new types of attacks or newly identified potential weaknesses.
Based on feedback from customers, partners, and SAP user groups, SAP has launched a regular SAP Security Patch Day, scheduled for the second Tuesday of every month — which is purposefully synchronized with the Security Patch Day of other major software vendors. On these patch days, SAP publishes software corrections as Security Notes solely focused on security to protect against potential weaknesses or attacks.The recommendation is to implement these corrections as soon as possible. Several tools are available to help identifying, selecting and implementing those corrections.
The generally recommended procedure for each patch day is:
Check the updated list of Security Notes.
Use the tool System Recommendations in SAP Solution Manager to check which security notes are relevant for the various systems of your system landscape.
Use available tools like the Note Assistant — transaction SNOTE — to apply individual ABAP Security Notes or the Maintenance Optimizer, which now shows a section about required Security Notes as well, to plan the implementation of ABAP Support Packages or Java Patches.
Use configuration management platforms to monitor and track your patch levels across your landscapes and components. IT-Conductor can automate mini-check reports across your application stack with findings and recommendations based on SAP security and compliance best practices.
On 11th of August 2020, SAP Security Patch Day saw the release of 15 Security Notes. There was 1 update to previously released Patch Day Security Note. SAP Security Patch Day – August 2020
You should pay attention to the most critical vulnerabilities in recent months and take measures to eliminate them.
2845377 - [CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
2835979 - [CVE-2020-6262] Code Injection vulnerability in Service Data Download
2928570 - 'Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
2928635 - [CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
2928635 - [CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
2890213 - [CVE-2020-6207] Missing Authentication Check in SAP Solution Manager
Give IT-Conductor a try to help you automate monitoring, security compliance and software patching