EN, Security Boulevard

Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications

2023-12-13 19:12

Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications

Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications

Wed, 12/13/2023 – 17:25

In case you missed it, in the first part of this series we talked about the importance of hardening security for the application layer as part of your proactive approach to mitigating ransomware. We know exploited vulnerabilities are the most common root cause of ransomware attacks and we also know that threat actors are actively targeting SAP applications as an entry point to enterprise systems.

Avoiding these application vulnerabilities before they can be exploited is an essential part of a proactive ransomware strategy, as recommended by NIST and SAP (in partnership with Onapsis). However, understanding your SAP attack surface and addressing these vulnerabilities is easier said than done. Consider the following challenges:

Which patches should you prioritize? Given the frequency of releases, complexity of the patching process, and size of app landscapes, most organizations are facing a backlog of patches combined with under-resourced teams. How do you know where to focus your efforts?
Were your patches applied completely and correctly? Patching is typically handled by application teams or sometimes a third-party service provider. How can you validate their work?
What v

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Security Boulevard

Read the original article:

Taking a Proactive Approach to Mitigating Ransomware Part 2: Avoiding Vulnerabilities in SAP Applications

Share this:
Facebook
X
LinkedIn

Related

Tags: EN Security Boulevard

Post navigation

← Ransomware-Gruppe BlackCat kennt Vorschriften zu Data Breaches genau und setzt Opfer mit Melde-Deadline zusätzlich unter Druck

New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe? November 4, 2025

Tiny Bug, Huge Loss: $100M+ Balancer Exploit Rocks DeFi November 4, 2025

FBI Warns of Criminals Posing as ICE, Urges Agents to ID Themselves November 4, 2025

IT Security News Hourly Summary 2025-11-04 21h : 7 posts November 4, 2025

Apple Patches Major iOS and iPadOS Flaws in Critical Update November 4, 2025

Google fixed a critical remote code execution in Android November 4, 2025

What is Managed ITDR? Key Definitions, Features, and Benefits November 4, 2025

Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea November 4, 2025

Digital Warfare and the New Geopolitical Frontline November 4, 2025

Russian spies pack custom malware into hidden VMs on Windows machines November 4, 2025

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces November 4, 2025

100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in AI Engine WordPress Plugin November 4, 2025

Online Fraud and Abuse 2025: AI Is in the Driver’s Seat November 4, 2025

SesameOp Backdoor Abused OpenAI Assistants API for Remote Access November 4, 2025

Learn what generative AI can do for your security operations center November 4, 2025

Critical RCE Vulnerability in Popular React Native NPM Package Exposes Developers to Attacks November 4, 2025

Consumer Financial Protection Bureau’s security falls apart amid layoffs November 4, 2025

CISA Releases Five Industrial Control Systems Advisories November 4, 2025

Fuji Electric Monitouch V-SFT-6 November 4, 2025

IDIS ICM Viewer November 4, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}