November-19-2015 Talk at CISO Platform Annual Summit, Mumbai “Lessons learnt from recent Cyber-attacks on SAP systems” by Alexander Polyakov
For a long time almost no real attacks on SAP and Oracle ERP systems came to public light, so only a small group of professionals was warned about the threats associated with business applications. It gave CISOs a false sense of security.
The anonymous attack on Greek Ministry of Finance via SAP happened in 2012 was a game-changing moment for ERP Security. But the worst was yet to come. ERPScan prognosticated a tsunami of SAP attack, and the predictions proved accurate. By now we have witnessed a number of examples as the recent breach of US Investigation Services (the largest subcontractor of OPM). The attacks against SAP are inexpensive and easy to perform, however, the cost to the victims can reach millions of dollars, as well as reputational damage.
There are 10 lessons that can be learned by reviewing what the companies could have done better or differently. The talk will try to prove that SAP vulnerabilities deserve closer attention.
About CISO Platform Annual Summit
CISO Platform Annual Summit is the largest security conference in India for senior security executives and decision makers. Last year the Annual Summit hosted over 250+ attendees including global Security professionals. 80+ speakers from 8 different countries shared their insights and experiences with the CISOs working to secure businesses of all sizes.