What is SAP Business Intelligence (BI)?
SAP Business Intelligence (BI) is among of the most widely-used, it is responsible
for business system analytics and visualization of critical corporate data. It is used for analysis of
both regular and Big Data imported from other management and accounting systems. In some way it is an
aggregator of data. On the basis of this data plans are made for the corporate business processes. The
fact that it often has connections with industrial control systems makes it extremely appealing for
SAP BI Security Risks
There are multiple risks related to SAP Business Intelligence Systems (SAP BI).
Here you can find descriptions for some of them.
Document theft (Espionage)
After having gained unauthorized access to business intelligence system, an
attacker gets hold of sensitive financial data and can publicly disclose it or use it for financial
fraud purposes. As a result, the company may get embroiled in lawsuits that would incur serious
unauthorized data modification (fraud) (sabotage)
Unauthorized changes made to financial reports that are processed in SAP BI may
cast doubt on the credibility and accuracy of the company’s financial statements. This could be done to
divert the attention of the management from something else, to jeopardize organization’s relationships
with auditors or to put at risk investment returns on the projects.
Tangible and intangible
resources unauthorized data modification (sabotage)
Unauthorized modification of analytical reports on available resources may cause
incorrect estimations of the resources being spent or employee workload. This can result in misuse of
funds and other indirect losses.
unauthorized data modification (sabotage)
Distortion of sales report analytics may cause wrong conclusions about the product
range development, pricing strategy and material purchase policies. This can lead to misusing funds or
provoke other indirect losses.
SAP BI Vulnerabilities
SAP BI uses SAP Business Objects Application Server as a main platform, thus it is
potentially vulnerable to all the vulnerabilities of the platform, which approximate to at least 100.
These vulnerabilities can compromise access to the system. In addition, there is a risk that attackers
can obtain default passwords.
The number of vulnerabilities found in this system is not as high as in the others,
however the amount of available research papers is comparatively small. The report “Analysis of 3000
vulnerabilities in SAP” shows a gradual increase of the percentage of vulnerabilities found in SAP
BusinessObjects Application Server platform.
How can we help our customers with SAP BI Security?
ERPScan Security Monitoring Suite for SAP have specific
checks to analyze your SAP BI system for security issues. This award-winning software is the only
solution on the market certified by SAP SE to identify, analyze and remediate all security issues, and
to protect against cyber-attacks and internal fraud. It embraces the three tiers of SAP security:
vulnerability Management, source code review for custom programs, and segregation of duties (SOD).