Security: What 'I Love You' Can Teach Us About SAP
Blog Last and Least

Security: What ‘I Love You’ Can Teach Us About SAP

People who’ve been in the IT business long enough might still remember a global virus with the nice signature “I love you”. Back then, a ripple went through the complacency of the IT world.

Even SAP responded in its own way. Then SAP executive board member Gerd Oswald talked about the danger of viruses during Sapphire Europe (anyone still remember that?) in Nice, France. However, according to Oswald, there was little to talk about when it came to SAP and security.

The R/3 system relies on Abap tables, and viruses supposedly didn’t stand a chance against those. And true enough, the “I love you” virus wasn’t able to penetrate SAP’s system.

Some time ago, I attended a NTT Security conference in Germany. I got there with a strong opinion in mind. I thought that cybercriminals attempting to steal data and files or corrupt them with viruses and trojans won’t have any luck with SAP systems. ERP systems are just too complex; the invaluable data stored within them will never be an open book to someone without the right access codes.

I was fairly confident about that – my own experience with our own SAP Business One system was enough to make that judgement, I thought.

Security is important for SAP as well

However, hackers don’t have to steal the data – encrypting it and then demanding ransom money would suffice. Furthermore, if a cybercriminal succeeds to tap into the connection between server and client, they can easily understand what’s happening – without ever touching a single Abap file.

NTT Security very impressively demonstrated what cybercrime can mean today. Unfortunately, they were no talks or demonstrations focused solely on SAP – which isn’t NTT Security’s fault. There is still a prevailing lack of interest in security in the SAP community.

At Sapphire 2019, Hasso Plattner himself mentioned a small security scandal. Customers had trouble dealing with a data breach. However, this security issue was mostly caused by customers not implementing security patches from over ten years ago. So, Hasso Plattner was right in saying that SAP customers should be more careful themselves.

NTT Security also backed this position up: if customers keep their systems up to date with the most recent patches and updates, they are already halfway to a sustainable security strategy.

E-3 Magazine June 2019 (German)

About the author

Peter M. Färbinger, Editor-in-Chief

Peter M. Färbinger is Editor-in-Chief and Publisher at E-3 Magazine, AG, Munich, Germany. He can be reached at

Add Comment

Click here to post a comment

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors