What is SAP Business Intelligence (BI)?
SAP Business Intelligence (BI) is one of the most widely-used systems. Being responsible for business system analytics and visualization of the critical corporate data, it is used for analysis of both regular and Big Data imported from other management and accounting systems. To a certain extent, SAP BI is an aggregator of data. Plans for the corporate business processes are based on this data. The system is often connected with industrial control systems, which makes it an extremely tempting target for attackers.
SAP BI Security Risks
There are multiple risks related to SAP Business Intelligence Systems (SAP BI). Some of them are listed below.
Financial reports: Document theft (Espionage)
After having gained unauthorized access to business intelligence system, an attacker gets hold of sensitive financial data and can disclose it to the public or use it for financial fraud purposes. As a result, the company may get embroiled in lawsuits and, consequently, suffer significant financial losses.
Financial reports: unauthorized data modification (Fraud, Sabotage)
Unauthorized changes to financial reports processed in SAP BI may cast a shadow of doubt on the credibility and the accuracy of a company’s financial statements. This can be done to divert the attention of the management from something else, to jeopardize the organization’s relationships with auditors or to put investment returns on the projects at risk.
Tangible and intangible resources: unauthorized data modification (Sabotage)
Unauthorized modification of analytical reports on resources may cause incorrect estimation of the spent resources or the employee workload. This can result in the misuse of funds and other indirect losses.
Sales reports: unauthorized data modification (Sabotage)
Distortion of sales report analytics may lead to wrong conclusions about the product range development, pricing strategy, and material purchase policies. This can result in the misuse of funds or other indirect losses.
SAP BI Vulnerabilities
SAP BI uses SAP Business Objects Application Server as its main platform. Thus it is potentially vulnerable to all vulnerabilities of the platform, which amount to at least 100. These vulnerabilities can compromise access to the system. In addition, there is a risk of attackers obtaining default passwords.
The number of vulnerabilities found in this system is not as high as in others. However the amount of available research papers is comparatively small. The report “Analysis of 3000 vulnerabilities in SAP” shows a gradual increase in the percentage of the found vulnerabilities in SAP BusinessObjects Application Server platform.
How can we help our customers with SAP BI Security?
ERPScan Smart Cybersecurity Platform for SAP is equipped with specific checks to analyze your SAP BI system for security issues. This award-winning software is the only solution on the market certified by SAP SE that identifies, analyzes, and remediates all security issues, and protects against cyberattacks and internal fraud. It embraces all the three areas of SAP security: Vulnerability Management, Source Code Review for custom programs, and Segregation of Duties (SOD).