Onapsis, the leader in business application protection, today announced the findings of a new IDC survey titled ‘ERP Security: The Reality of Business Application Protection’ sponsored by Onapsis. According to the sponsored survey of 430 IT decision makers, ERP applications are ‘critical’ to business operations. Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite confirmed that their deployments have had an ERP-related breach in the last 24 months.

“Enterprise Resource Planning (ERP) applications such as Oracle E-Business Suite and SAP (ECC) can be foundational for businesses. A breach of such critical ERP applications can lead to unexpected downtime, increased compliance risk, diminished brand confidence and project delays,” said Frank Dickson, Program Vice President, Cybersecurity Products with IDC. “Cyber miscreants seem to be indiscriminate when it comes to ERP systems, having an appetite for all types of data, which, if in the wrong hands, could be detrimental to the business in terms of revenue and reputation.”

Among the 64% of enterprises that have experienced breaches of large ERP platforms in the last 24 months, reported compromised information includes sales data (50 percent), HR data (45 percent), customer personally identifiable information (41 percent), intellectual property (36 percent) and financial data (34 percent). Additional findings of the sponsored survey include:

  • 78% of respondents report that ERP application users are audited every 90 days or more
  • 74% of SAP and Oracle EBS applications are connected to the internet
  • 56% of C-level executives are concerned or very concerned about moving ERP applications to the cloud

“The findings of this independent survey should raise questions at the Board level about the adequacy of internal controls to prevent cyberattacks and the level of auditing taking place.  The lack of these controls is one way for cyber insurance companies to deny claims,” said Larry Harrington, former Chairman of the Global Board of the Institute of Internal Auditors (IIA). “The information compromised most often according to this research is the highest regulated in today’s business ecosystem. Most concerning is the popularity of sales, financial data and PII, all of which should raise flags about the possibility of insider trading, collusion and fraud.”

Onapsis has published a blog titled: ERP Security & IT General Controls: Questions Every Organization Needs to Ask’ to help enterprise application, GRC and cyber-security teams assess their organizations ERP risk and compliance controls, The blog outlines best practices for cross-departmental collaboration and the types of information that will produce the most satisfactory assessment for internal and external auditors.

Methodology
To evaluate the state of securing these applications, IDC surveyed 430 IT decision makers who were knowledgeable about their organization’s ERP applications and the protections provided to them.

About Onapsis™
Onapsis protects the applications that run the global economy. Only Onapsis delivers a next-generation business application platform that provides the actionable insight, change assurance, automated governance and continuous monitoring capabilities required by cross-functional teams to discover risk, optimize workflows, control change and automate reporting. Onapsis’ holistic approach empowers enterprise organizations to embrace and accelerate SAP and Oracle E-Business Suite modernization, cloud and mobility initiatives, while keeping their ERP, CRM, PLM, HCM, SCM, BI and cloud-based business-critical applications protected and compliant.

In 2019 Onapsis acquired Virtual Forge, the leading provider of solutions to automatically prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP® applications. Together, Onapsis delivers the cybersecurity industry’s first and only comprehensive business-critical application cybersecurity and compliance platform.

Headquartered in Boston, MA, and with regional offices in Heidelberg, Germany and Buenos Aires, Argentina, Onapsis proudly serves more than 300 of the world’s leading brands and organizations, including many of the Global 2000. Through our unique strategic alliances with leading consulting and audit firms such as Accenture, Deloitte, IBM, Infosys, PwC and Verizon, Onapsis solutions have become the de-facto standard in helping organizations protect what matters most. For more information, connect with us on Twitter or LinkedIn, or visit us at https://www.onapsis.com.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis Inc. All other company or product names may be the registered trademarks of their respective owners.

Über die Virtual Forge GmbH

Virtual Forge, ein Onapsis-Unternehmen, ist ein führender Hersteller von Cybersicherheitslösungen für SAP-Anwendungen.

Seit 2006 arbeitet Virtual Forge eng mit Kunden zusammen, um die höchsten Sicherheits-, Compliance- und Qualitätsstandards für ihre SAP-Systeme zu gewährleisten. Virtual Forge ist Pionier auf dem Gebiet des SAP Custom-Code-Scannings und hat 2009 die Flaggschifflösung CodeProfiler auf den Markt gebracht. Im Juni 2019 erwarb Onapsis Virtual Forge, um die erste und einzige umfassende Cybersicherheits- und Compliance-Plattform der Branche für geschäftskritische Anwendungen anzubieten.

Als Onapsis-Unternehmen wird Virtual Forge seine Mission weiter beschleunigen, neue Technologien und disruptive Methoden zu entwickeln und bereitzustellen. So wird sichergestellt, dass SAP-Systeme und -Anwendungen vor Cyberangriffen, Betrug und unnötigen Ausfallzeiten geschützt sind.

Firmenkontakt und Herausgeber der Meldung:

Virtual Forge GmbH
Speyerer Str. 6
69115 Heidelberg
Telefon: +49 (6221) 868900
Telefax: +49 (6221) 86890101
http://www.virtualforge.com

Ansprechpartner:
Caroline Neuber
E-Mail: caroline.neuber@virtualforge.com
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.

counterpixel