Contact us today.

Subscribe me to your mailing list

SAP SCM Security

What is SAP SCM?

SAP SCM is one of the most widely-used systems. It’s a part of SAP Business Suite, which is intended for business systems that store and process critical corporate data. It is used for supply chain management optimization, measuring optimal usage of resources to improve product profitability. Retail industries usually build their business processes around SCM system. An unauthorized access can lead to compromising control over logistics processes. This system can be accessed through the Internet to give vendors a convenient remote access which makes it a perfect target for attack.

SAP BI Security Risks

There are multiple risks related to SAP SCM Security. Some of them are listed below.

Unauthorized modification of data (Sabotage) / changing data in the chain supply process

It is possible to decrease tender efficiency by gaining unauthorized access to SAP SCM. The problem is that it is quite common for a company to process all the key business-processes on the basis of logistics. For example, logistics is the key factor of business optimization and cost reduction for a retail industry. Having gained control over SAP SCM attackers can change the information about supplies to cause financial losses. It is easy to imagine a situation where some goods were sent to a fully occupied warehouse or could not reach it, because the corresponding information was changed by an attacker.

Theft of funds. Corruption (Fraud)

An attacker can cause income shortage or even transfer money to a different organization using an unauthorized access to SAP SCM, especially if the company’s employees are in collusion with a third party organization. The difference between the real cost of services and the deceptively entered one may be used as a means for funds embezzlement. In addition, an attacker can create a false vendor to transfer money to him. A well-known example of such operation is when with the help of a surreptitious vendor an order was made for bomb detectors for Iraq. Back then the total cost exceeded 55 million dollars.

Theft of goods (Fraud)

Having access to SAP SCM an attacker can transfer funds to an unknown bank account via a front company.

SAP SCM Vulnerabilities

SAP SCM uses SAP NetWeaver Application Server ABAP (AS ABAP) as a main platform, thus it is subject to all the vulnerabilities of the platform, that totals to at least 1050. Also, there are about 80 vulnerabilities, that are specific to different modules of SAP SCM.

The most critical vulnerability of this platform was found back in 2007 and sometimes is still relevant in many systems. It is a Gateway-service vulnerability, which can potentially compromise access to SAP server allowing to run any of the OS commands.

How we can help with SAP SCM Security?

ERPScan Security Monitoring Suite for SAP have specific checks to analyze your SAP SCM system for security issues. This award-winning software is the only solution on the market certified by SAP SE to identify, analyze and to remediate all security issues, and to protect against cyber-attacks and internal fraud. It embraces the three tiers of SAP security: vulnerability Management, source code review for custom programs, and segregation of duties (SOD).