SAP security provider bowbridge software has warned that companies using SAP web-based e-recruiting applications could be exposed to cybersecurity breaches.
A study by the company found that 70 per cent of companies implemented basic controls and restrictions to provide security against malicious files, but in more than 60 per cent of cases, these restrictions could be bypassed by renaming the file, representing a critical vulnerability.
Companies also failed to require a two-step user registration process, increasing the risk of fraudulent users gaining access to the system. And on average, 30 per cent of companies allowed uploads of active content in files and malware, placing users and the SAP system itself at risk.
To perform the test, bowbridge chief technology officer Jörg Schneider-Simon and his team tested random companies who use one of the most common internet-facing SAP applications, E-Recruiting, to see how well they were adopting the rigorous security measures needed to protect the application.
“While we only tested the E-Recruiting application, these results can certainly be applied to any web-based SAP application that companies are using,” says Schneider-Simon. “By failing to secure their SAP applications, businesses are taking an enormous risk not only with their data, but with their very future.”
The full report and research results are available in bowbridge’s whitepaper, “Cyberattacks and CVs: Can SAP E-Recruiting Expose Your Company to Risk?”.