Cybercriminals are getting better at attacking critical business applications, according to a recent report by Onapsis. The report found a rise in threat actors targeting SAP vulnerabilities.

According to the report, 2023 was an important year for the SAP application threat landscape. The report found a 400% increase in ransomware incidents that involved compromising SAP systems and data at victim’s organizations.

The report found that conversations on SAP vulnerabilities and exploits have increased 490% across Open Deep and Dark Web from 2021 to 2023, including:

• Details on how to exploit SAP vulnerabilities
• Guidance for executing certain SAP exploits against victims
• Actors discussing SAP compromises

According to the report, active discussions in cybercriminal forums about SAP-specific Cloud and Web services have increased 220% from 2021 to 2023

The SAP threat landscape is seeing well-established, highly sophisticated threat actors and state-sponsored groups that are more aggressively targeting SAP applications for financial gain, espionage and sabotage, the report finds. Unpatched SAP vulnerabilities are being exploited and used in ransomware campaigns, according to the report.

Recent evolution of ransomware and malware capabilities has occurred to enhance awareness of SAP processes and services, which demonstrates a renewed focus on successful ransomware execution and data extraction across SAP technology.

Read the report

Security leaders’ cybersecurity preparedness was analyzed in a recent report by Coro. According to the survey, 73% of SME security professionals have missed, ignored or failed to act on critical security alerts, with respondents noting a lack of staff and a lack of time as the top two reasons. 

The report found the following concerns among cybersecurity professionals:

• 35% of respondents admitted to having missed a security alert at work.
• 31% turned down the sensitivity on a security tool
• 26% muted a security alert entirely
• 25% have failed to act on a high-priority alert, and 22% have ignored a security alert entirely.

Respondents gave feedback on the most time-consuming parts of their day, including:

• monitoring security platforms
• managing and updating endpoint devices and agents
• vulnerability management or patching
• installing, configuring and integrating new security tools.

According to the report, respondents spend an average of four hours and 43 minutes managing their cybersecurity tools every day, with an average 11.55 tools in their security stack. Fifty-two percent of respondents said the most time-consuming task was monitoring security platforms, followed by vulnerability patching.

Respondents estimated it takes 4.22 months for a new cybersecurity tool to become operational; with equal time spent on installation, configuration, training staff and integration with their existing security stack. On average, respondents manage 2029.91 end point security agents installed across 655.92 endpoint devices. Fifty-three percent of respondents must deal daily or weekly with vendors’ updates of these endpoint agents. Eighty-five percent of respondents say they are looking to consolidate their tools in the next 12 months. The most important benefit cited was improving their security posture.

Read the report