This document introduces Tunde Ogunkoya and their consulting company DeltaGRiC. It discusses how myths around SAP ERP security being limited to segregation of duties matrices have been dispelled, as attacks on SAP systems through interfaces, routers, web clients, and customized ABAP programs leave vulnerabilities. Most vulnerabilities allow unauthorized access to critical business data, so a specific SAP security system is necessary. The document then shifts to discussing cyber attacks across industries globally and lists several high-profile data breaches from 2014. It suggests anyone could be the next target and outlines five steps of best practices for security, noting that many organizations only implement the first two levels. The document promotes continuous improvement and integrating security and business goals.
SAP Forensics Detecting White Collar Cyber-crimeOnapsis Inc.
The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it.
Now, the big question arises: Has your SAP system ever been hacked? Is it compromised today? If your answer is “no”, are you sure? Do you know what to look for? Unfortunately, most organizations do not have this knowledge today, which only empowers the bad guys.
For several years at Onapsis we have been researching on how cyber-criminals might be able to break into ERP systems, in order to help organizations better protect themselves. This has enabled us to gain a unique expertise on which are the most critical attack vectors and what kind of traces they leave (and don’t) over the victim SAP platforms.
This presentation will cover how to do a forensic analysis of an SAP system, looking for traces of a security breach. Learn where fingerprints may have been left, understand which are the available system tools that may help you and which are their limitations. Watch several live demos of security breaches and find out how you may be able to detect that they took place, helping you assess the business impact and track down the attacker.
Our Company is made up of high caliber professionals with proven experience in the development and implementation of IT systems in the banking industry for more than 30 years.
The constant growth in México y Latin America of our corporation is a result of our ability to maintain the highest level of quality in our service for our clients, fulfilling your requirements with great efficiency and precision in the IT sector.
When you work with us, your long-term success is our motivation. This is why we can offer you the ability to meet every challenge and the agility to capitalize on every opportunity. That’s the power of certainty and it is our promise to every client.
SAP Forensics Detecting White Collar Cyber-crimeOnapsis Inc.
The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it.
Now, the big question arises: Has your SAP system ever been hacked? Is it compromised today? If your answer is “no”, are you sure? Do you know what to look for? Unfortunately, most organizations do not have this knowledge today, which only empowers the bad guys.
For several years at Onapsis we have been researching on how cyber-criminals might be able to break into ERP systems, in order to help organizations better protect themselves. This has enabled us to gain a unique expertise on which are the most critical attack vectors and what kind of traces they leave (and don’t) over the victim SAP platforms.
This presentation will cover how to do a forensic analysis of an SAP system, looking for traces of a security breach. Learn where fingerprints may have been left, understand which are the available system tools that may help you and which are their limitations. Watch several live demos of security breaches and find out how you may be able to detect that they took place, helping you assess the business impact and track down the attacker.
Our Company is made up of high caliber professionals with proven experience in the development and implementation of IT systems in the banking industry for more than 30 years.
The constant growth in México y Latin America of our corporation is a result of our ability to maintain the highest level of quality in our service for our clients, fulfilling your requirements with great efficiency and precision in the IT sector.
When you work with us, your long-term success is our motivation. This is why we can offer you the ability to meet every challenge and the agility to capitalize on every opportunity. That’s the power of certainty and it is our promise to every client.
Franck Cohen, chief commercial officer at SAP, discusses the impact of artificial intelligence (AI) on e-commerce. From in-store analytics to digital assistants, AI is transforming e-commerce. Since 2012, AI commerce companies have raised US$990 million across 201 deals in the United States and Canada, as well as India, France, the United Kingdom, Singapore, Israel, and others. Join us for a discussion on how retail giants and start-ups alike can benefit from using this new technology today. Learn more: https://www.hybris.com/commerce
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...Sustainable Brands
How do the Internet of Things, 3D printing and innovative data analysis promise to transform and revitalize some of the 'dirty' work of manufacturing and supply chains? How can brands use those developments to not only drive cost down, but also to create new promises and fulfill them? What sectors should watch out, and what kinds of new partnerships would make sense in this new world?
An analysis of Salesforce's Revenue model, ama;yzing its robustness and a 3 year revenue forecast based on a breakdown of their industry and geographic sectos
SAP Fuqua Tech Symposium 2016 Keynote: Driving Live Customer ExperiencesFred Isbell
Abstract: Digital disruption comes with unprecedented opportunities and risks. Trends and technologies such as cloud, IoT, blockchain and others are fundamentally reshaping how companies create value. Ajit will discuss SAP’s perspectives on these tectonic shifts, marketing and strategy, and how the right approach to digital transformation can unleash infinite possibilities for innovation.
Speaker: Ajit Kaicker is the Global Vice-President for Marketing Strategy at SAP. Previous roles in his 20-year career include strategy consulting, digital and social community leadership, go-to-market planning and field enablement. His research contributions have been published in the Journal of Business Research, The Journal of Services Marketing, and the Journal of Food Products Marketing. Ajit has both a PhD and an MBA from the University of South Carolina-Columbia.
How to Bring Suppliers to the Ariba NetworkSAP Ariba
Every great transformation starts with the end in mind. Enabling suppliers on the Ariba Network is no different. Join this session and learn from the experts as they share how they have successfully enabled suppliers and achieved great results in getting their spend and documents digitized on the Ariba Network. You'll hear the perspective of suppliers, buyers, and the SAP Ariba team – starting with the up-front business case and diving into the details of the actual enablement. You will also learn about exciting new Ariba Network developments that support SAP Ariba’s vision to help buyers and suppliers simplify commerce with a single platform, including a new, free supplier enablement option and improved supplier packaging and pricing.
Franck Cohen, chief commercial officer at SAP, discusses the impact of artificial intelligence (AI) on e-commerce. From in-store analytics to digital assistants, AI is transforming e-commerce. Since 2012, AI commerce companies have raised US$990 million across 201 deals in the United States and Canada, as well as India, France, the United Kingdom, Singapore, Israel, and others. Join us for a discussion on how retail giants and start-ups alike can benefit from using this new technology today. Learn more: https://www.hybris.com/commerce
Radical Optimization: How the Internet of Things, 3D Printing and Innovative ...Sustainable Brands
How do the Internet of Things, 3D printing and innovative data analysis promise to transform and revitalize some of the 'dirty' work of manufacturing and supply chains? How can brands use those developments to not only drive cost down, but also to create new promises and fulfill them? What sectors should watch out, and what kinds of new partnerships would make sense in this new world?
An analysis of Salesforce's Revenue model, ama;yzing its robustness and a 3 year revenue forecast based on a breakdown of their industry and geographic sectos
SAP Fuqua Tech Symposium 2016 Keynote: Driving Live Customer ExperiencesFred Isbell
Abstract: Digital disruption comes with unprecedented opportunities and risks. Trends and technologies such as cloud, IoT, blockchain and others are fundamentally reshaping how companies create value. Ajit will discuss SAP’s perspectives on these tectonic shifts, marketing and strategy, and how the right approach to digital transformation can unleash infinite possibilities for innovation.
Speaker: Ajit Kaicker is the Global Vice-President for Marketing Strategy at SAP. Previous roles in his 20-year career include strategy consulting, digital and social community leadership, go-to-market planning and field enablement. His research contributions have been published in the Journal of Business Research, The Journal of Services Marketing, and the Journal of Food Products Marketing. Ajit has both a PhD and an MBA from the University of South Carolina-Columbia.
How to Bring Suppliers to the Ariba NetworkSAP Ariba
Every great transformation starts with the end in mind. Enabling suppliers on the Ariba Network is no different. Join this session and learn from the experts as they share how they have successfully enabled suppliers and achieved great results in getting their spend and documents digitized on the Ariba Network. You'll hear the perspective of suppliers, buyers, and the SAP Ariba team – starting with the up-front business case and diving into the details of the actual enablement. You will also learn about exciting new Ariba Network developments that support SAP Ariba’s vision to help buyers and suppliers simplify commerce with a single platform, including a new, free supplier enablement option and improved supplier packaging and pricing.
1. Welcome; Journey to Cyber-Maturity
TundeOgunkoya, DeltaGRiCConsulting
tunde@deltagricconsulting.com
2. The wide-spread myth that SAP ERP security is limited to SOD matrix has been dispelled lately and
seems more like an ancient legend now. Within the last 7 years SAP security experts have spoken a
great deal about various attacks on SAP from RFC interface, SAPROUTER, SAP WEB and SAP GUI
client workstations. Also, the programs developed in SAP’s own language – ABAP, which exists in
almost every company to customize ERP solutions, can store program vulnerabilities left by unqualified
developers or special backdoors which can help insiders to gain illicit access to business data
Most of these vulnerabilities allow an unauthorized user to gain access to all the critical business data,
so it is necessary to think about implementing a specific system of SAP security. Unfortunately, many
information security officers are scarcely informed about the security of business applications like SAP &
Oracle.
Welcome
Tunde Ogunkoya [MBA, GRCP, SAP GRC AC10.0, OWASP]
Consulting Partner, DeltaGRiC Africa
3. Mobility & Cloud; Next Drivers of
Technology. Where does that leave Cyber
Security?
4. 4
Cyber Attacks? Where?Global Pandemic, Across All Industries
USA
42%
South
America
17%
Asia
25%Africa
3%
Australia
13%
Cybersecurity expertssay thisenormousdatabreach isjust thelatest evidencethat cybercrimehasbecomeaglobal business—one
that, including all typesof cybercrime, coststheworld economy an estimated $400 billion ayear
http://time.com/3087768/the-worlds-5-cybercrime-hotspots/
7. Who's Next? Me? You? Him?
Date
(2014) Company
Numberof records
exposed Types of records
25 Jan Michael's 2,600,000 payment cards
6 Feb HomeDepot 20,000 employeeinfo
14 Mar Sally Beauty Supply 25,000 credit/debit card
17 Apr Aaron Brothers 400,000 payment cards
22 Apr IowaStateUniversity 48,729 student social security numbers
30 May HomeDepot 30,000 credit/debit card
22 Jul Goodwill Industries 868,000 payment systems
18 Aug Community Health Systems 4,500,000 patient data
21 Aug United Postal Service 105,000 credit/debit card
28 Aug JPMorgan Chase 1,000,000 financial information
2 Sep HomeDepot 56,000,000 credit/debit card
2 Sep Viator/Trip Advisor 880,000 payment cards
25 Sep Central Dermatology 76,258 patient data
7 Nov HomeDepot 53,000,000 email addresses
10 Nov USPostal Service 800,000 personal data
18 Nov Staples 1,200,000 credit/debit card
10. What is the worth of your data on SAP?
SAP holds the corporate crown jewels:
•Over 280,000 customers run SAP
•87% of the global 200, 90 % of fortune 1000 in Africa
•98% of the most valued brands
•SAP touches 74% of all global transactions
•USD 16 Trillion of retail sales
Criminal Hackers
Competitors
Partners
Nation State
Unhappy Employees
Contractors
#feesmustfall
13. 5 Steps – Best Practice
What step do Stop at? Almost 33% of organizations stop at level 2
Continuous
Improvement
Business Risk
Management
Scanning
Assessment
&
Compliance
Analysis &
prioritization
Attack
Management
Scanning
Vulnerability Assessment, Ad-hoc Solution, Rudimentary Patching, Basic process
and Metrics
Assessment & Compliance
Driven by regulations, Scheduled scanning, Scan to Patch lifestyle, Emerging
process, little measurability
Analysis & Prioritization
Risk Focused, Scan data prioritization, Measurable process, Emerging Metrics
AttackManagement
Threat focused, Vectors scanned and prioritized, Patching based on risk to
critical Assets, Efficient, Metric based processes, Threat driven metrics and
trends
Business RiskManagement
Risk Aligned with business goals, All vectors scanned and prioritized, Continuous
patching, Unified business and IT processes, Measurable Integrated Enterprise
Management