Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

Tweet

C-level
Executives

Problem

Modern SAP systems, although robust, can be vulnerable to internal fraud and threats. A classic example is Internal Fraud, which organizations are wary of even today. A survey done by KPMG in 2010 shows that a vast majority of the 200 CEOs who were questioned suppose that internal fraud is one of the most important risks for their organizations. A detailed study by the Association of Certified Fraud Examiners (ACFE) spanning through the years 2006-2010, noted an average of 7% annual losses due to internal frauds. Speaking in terms of losses in revenue: in 2010 alone, an average loss for a single incident constituted a whopping $ 1.7 million.

SAP systems facilitate data storages and operations like: procurements, stock resource management, human resources management, financial reports, and more, along with related data mining. Local or external attackers are intent on manipulating these SAP systems. The acquired data can eventually be used to manipulate any business or organization of its resources, like:

  • Changing financial transaction limitations;
  • Manipulating payment details with subsequent fraudulent details;
  • Temporarily masking bank details of vendors or contractors (mask information for a period of time);
  • Modifying transaction information that facilitates payment procedures;
  • Manipulating goods in stock;
  • Signoff or substitution of actual data;
  • Manipulating human resources;
  • Modifying payroll data creating ghost employees etc…

These are possible manipulations especially if SAP systems lack multi-level functional security control.

Solution

ERPScan, the multi-layer security monitoring suite for SAP, takes care about business and technical layers, controls security settings in various SAP systems and analyses them according to their compliance to the commonly recognized security recommendations such as SOX, NERC CIP, or PCI DSS.

ERPScan is reliable for every kind of business primarily because of it various integrated levels of security mechanisms. The first control level is the defense from external and internal attacks that are conducted through SAP software vulnerabilities, which currently amount to more than 3000 officially.

The second line of defense is controlling access to stored financial and technical operations within the SAP system. The third defense mechanism is searching for any vulnerabilities or backdoors hidden in the source code. The systems' source code written either by in-house or third-party developers is always at risk.

These three levels of security checks assure the safety of your core business operations, functions, and information. ERPScan Security Monitoring Suite with its high reliability ratio forestalls any rogue actions initiated by insiders, third-party contractors, and cyber criminals on your SAP system.

Recommended solutions:

  • ERPScan Security Monitoring Suite for SAP

Modules:

  • Vulnerability Management
  • Source Code Scanning
  • Segregation of Duties

Advantages:

  • Mitigate fraud risk and prevent actions caused by cyber criminals, insiders and third party developers;
  • Comply with regulations such as SOX, NERC CIP, and PCI-DSS, and accomplish that within hours instead of a month;
  • Save up to 80 % time and resources by evading manual assessments;
  • Keep your audit ready at all times with regular automatic checks following the Big Four audit recommendations done by ERPScan.