According to multiple sources, the average hacker spends about 200 days in your system before you’ve even realized they’re there. “The amount of data mining that they can capture in that time is incredible,” says Bill Oliver, , Head of Technology for Winterhawk. He says these days, it’s more likely a matter of when you’ll be hacked than if you will be.
Oliver has specialized in SAP security, audit, and cybersecurity for a little over 20 years and has helped businesses with SAP Security worldwide. He says that cybersecurity breaches in SAP systems have seen a rise in recent years, including an anonymous attack on SAP systems in the Greek Ministry of Finance in 2012 (the first attack on SAP systems to be reported in the public eye) and attacks on SAP systems affecting at least 36 different organizations as reported by the Department of Homeland Security (DHS) in a US-CERT Alert, “Exploitation of SAP Business Applications.”
“The current market is trying to address this new scenario, both with SAP and non-SAP products,” says Oliver. And it makes sense that SAP is an increasing target. “SAP is the largest platform in the world for running businesses. Perpetrators are looking for that data. Most countries’ governments, including the United States Department of Defense and the Greek Ministry of Finance, run SAP.”
So what does Oliver recommend for protecting your SAP system? It’s a solution that’s been around since the early ‘90s, is free as part of your SAP Licensing , and records security-related system information such as unsuccessful logon attempts, changes to user master records, and RFC calls for your review and investigation: The Security Audit Log in SAP.
"If you’re doing nothing right now to protect your SAP systems from a breach, you can put in the Security Audit Log in just a couple weeks and you’ll be in a much better position than being completely unprotected,” says Oliver, who believes that the solution is underutilized because many people aren’t aware of its functionality, which has evolved since its creation. During his session at our SAPinsider 2020 conference in Vegas March 17-19, “How to get the most out of using the Security Audit Log — From configuration to monitoring,” Oliver will walk attendees through the configuration steps for setting up the Security Audit Log, help attendees understand the best ways to report and monitor the events, and review what types of activities can and should be monitored, including unsuccessful transaction starts, RFC calls to function modules, unsuccessful RFC logon attempts, and unsuccessful logon attempts.
He’ll also provide tips for selling the use of the Security Audit Log to senior management. The biggest incentive is that it’s low cost. “You have to pay for disk space but storage is getting cheaper. You don’t need to make a large investment; you have to make an investment in people but not in software licenses,” says Oliver.
Most hackers consider breaches to be a business—they work 9-5, make billions of dollars, and their biggest business goal is to get into your system and get your data. The most important place to start is to monitor what’s happening in your SAP System, and the Security Audit Log in SAP will help with that. Register for SAPinsider's event at The Bellagio in Vegas to see Oliver and many other SAP experts share their thought leadership and research-based insights.