“More than 4,000 known bugs in SAP and 5,000 in Oracle software pose security threats”
In July this year the Department of Homeland Security issued an alert citing this study by security firms Digital Shadows and Onapsis that highlights the risks posed to thousands of unpatched business systems from software makers Oracle and SAP.
The report highlights that:
- 17,000 SAP and Oracle software installations are exposed to the internet at more than 3,000 companies, government agencies and universities
- At least 10,000 servers are running incorrectly configured software that could subject them to direct attack using known SAP or Oracle exploits
- More than 4,000 known bugs in SAP and 5,000 in Oracle software pose security threats, especially in older systems that operators may consider uneconomical to fix
The Oracle and SAP security patches that should fix these issues are time-consuming to apply, requiring significant time and effort from your entire team to fix often non-customer facing issues. Many companies ignore these vendor patches until they need to upgrade, but this can put you at significant risk!
A cautionary tale: If you break the weakest and most insignificant link in a company’s security, you damage the whole brand
On 9th October, Google launched the Google Pixel 3 and 3 XL phones. Both use AI to deliver perfect photos and provide an ‘intelligent’ digital assistant, technology which Google is hoping will let them break into the duopoly of Apple and Samsung at the top of the technology most-wanted list.
But because of a failure to properly invest in security for their failed social media experiment – Google Plus, the BBC headline for the launch of the Pixel 3 was ”Google Pixel 3 phones launch during privacy storm”.
Google have since said that they will be discontinuing public access to Google Plus this year, but the damage caused to their brand (after not properly protecting the personal data of 500,000 members of the social network) highlights the need to protect not just your mission critical systems, but all systems that are exposed to the internet.
Your Oracle and SAP systems are especially at risk
This is one of the reasons that Support Revolution implements the Trend Micro Deep Security product for its customers (Gartner recommended). This solution creates a firewall around your servers hosting the databases from vulnerabilities at a server level. Our solution is far more responsive and does not require any downtime to patch the fixes, and if a major threat is detected the fix can be applied in as little as 12 hours.
This means that Support Revolution acts as your safety net for those ‘uneconomical to fix’ security issues that may just cost you much more than you could possibly imagine.
Reach out to a member of our team if you want to learn more about how we keep our customers protected throughout the year – or click here to use our free calculator to see how much you could save by moving to 3rd party support.