As SAP rapidly advances with AI-driven features, many enterprises struggle to keep pace, leaving them vulnerable to cybersecurity threats. A recent DSAG survey shows that only 11% of SAP users can match this transformation speed, while ransomware attacks on SAP systems have surged 400% between 2021 and 2023. In this Q&A, JP Perez-Etchegoyen, CTO of Onapsis, addresses the primary cybersecurity challenges SAP users face, strategies for leveraging AI in defense, and best practices for managing technical debt to ensure secure, resilient ERP systems. The recent DSAG survey indicates that a significant portion of SAP users are struggling to keep up with technological advancements. What are the primary challenges these enterprises face in staying current with SAP’s updates and innovations?
The challenges enterprises face in staying current with SAP’s AI-fueled innovations reflect a broader issue, highlighted by DSAG’s recent study. With only 11% of respondents saying they could easily match the pace of digital transformation, AI integration, and other technological advances, many SAP customers feel the relentless march of SAP’s progress risks leaving them behind. Unfortunately, this includes their ability to maintain a strong cybersecurity posture. In particular, the transition to SAP S/4HANA Cloud and SAP Business Technology Platform (BTP), both cornerstones of the RISE with SAP initiative, requires significant investment and adaptation, especially for organizations operating on-premises or hybrid setups.
The survey also indicated a low familiarity with SAP's AI technologies, with only 1% of respondents seeing themselves as experts. As the titan continues advancing and adding new updates, enterprises are falling further and further into technical debt, creating unpatched vulnerabilities in their security posture. Given that ransomware attacks on SAP systems increased by 400% between 2021 and 2023 alone, businesses need to keep cybersecurity at the heart of their legacy ERP systems – or risk falling victim to cyberattacks optimizing on weakness.
Given the 400% increase in ransomware attacks on SAP systems between 2021 and 2023, how critical is it for enterprises to address unpatched vulnerabilities in their legacy ERP systems, and what are the most common security oversights you're seeing?
Bad actors are increasingly exploiting unpatched application-level flaws in financially or politically motivated ransomware campaigns. The use of AI by cybercriminals is amplifying these risks, enabling attackers to automate and scale their operations with a new precision. These advancing phishing tactics and other automated attacks now target ERP system access directly, allowing attackers to bypass traditional defenses through complex manipulations.
A comprehensive SAP security strategy requires continuous vulnerability monitoring, the use of AI-driven tools to detect suspicious behaviors, and real-time threat intelligence. Additionally, alignment between cybersecurity teams and ERP administrators is essential for identifying and closing security gaps, as attackers often exploit these vulnerabilities to compromise critical business systems.
Without regular, system-wide security audits and a strategy to keep SAP systems up to date, businesses remain exposed to these escalating threats. Organizations must prioritize patch management and invest in real-time threat detection to mitigate these risks.
With only 1% of SAP users identifying as AI experts, what role does AI play in securing ERP systems like SAP, and how can organizations better leverage AI to improve their cybersecurity posture?
AI can enhance SAP security by detecting threats, recognizing patterns indicative of cyber threats, and automating responses, which are particularly essential as most large SAP customers operate within complex hybrid environments. Today, SAP landscapes consist of on-premises applications, cloud applications (SaaS), public cloud-hosted ERP solutions, and Platform as a Service (PaaS) offerings like SAP Business Technology Platform (BTP). These interconnected and highly complex layers expose SAP systems to a broader range of vulnerabilities, where each component may have unique security challenges.
Businesses must focus on cybersecurity hygiene, particularly as they maintain their sensitive data across multiple platforms. Integrating these ERP systems into holistic security practices ensures consistent defenses across on-premises, cloud, and PaaS services, effectively reducing risks of unpatched vulnerabilities
As AI becomes increasingly integral to both attack strategies and defense solutions, combining AI-enhanced monitoring with employee awareness training will equip businesses to respond more effectively to complex threats.
Technical debt is a growing issue for enterprises using SAP, often leading to unpatched vulnerabilities. What strategies or best practices would you recommend for reducing technical debt while maintaining system security and performance?
Organizations can mitigate this debt by implementing a structured patching and update process, applying regular audits to identify outdated components, and gradually adopting modular updates available within SAP and cloud services. The challenge of maintaining older on-premises systems with new cloud capabilities makes it increasingly necessary to prioritize modernization alongside security.
As a general rule, it is important to first and foremost stop introducing additional vulnerabilities in SAP Applications. Once the development processes are properly integrated with security gates in place, then organizations can focus on addressing technical debt and prioritize these efforts by criticality and availability of resources. All of this can and should be done with the right compensating controls in place.
Additionally, DSAG has called for SAP to provide uniform best practices and standards for integrating AI models across on-premises and cloud environments. This would assist in managing technical debt effectively, heightening the need for a clear migration strategy to avoid accumulating unmanageable technical debt.
As SAP customers generate a significant portion of global commerce, what is the potential impact of a large-scale cyberattack on an ERP system, and how can companies proactively defend against increasingly sophisticated threats targeting these critical systems?
A large-scale cyberattack on SAP’s ERP systems could disrupt global commerce, given that SAP customers contribute 87% to global trade. The stakes are especially high as AI-driven ERP functions become increasingly prevalent, with SAP S/4HANA now integrating AI functionalities to streamline business processes. However, these AI capabilities require comprehensive security measures due to vulnerabilities unique to AI, such as adversarial attacks that exploit weaknesses in AI models. A successful attack could result in compromised financial data, supply chain disruption, and the exposure of sensitive information, with significant reputational and financial repercussions.
Ask your security team - are they including real-time monitoring, end-to-end encryption, and proactive vulnerability management tailored for both legacy and AI-integrated systems?
Have they ensured regular patching, collaboration between IT and security teams, and adherence to new regulatory requirements?
If you’re not having these conversations, you need to be.