How to Respond to an Attack on Your SAP Applications

You don’t want to be caught off guard in a breach to your SAP applications, but how do you best prepare to respond to a breach? The answer relies on defining a clear incident response process that aligns the organizational resources that are required to address a potential breach to your most critical SAP applications.

An incident response plan specifically focused on SAP applications has multiple phases, including preparation, identification, containment, analysis and eradication, recovery, and lessons learned.


Preparation is one of the most important phases of building an incident response plan that focuses on SAP applications, as the organization would have to dedicate resources to plan and enable all the different internal teams to act accordingly when a breach occurs.

The organization would need a clear inventory of all SAP applications, their versions, their hosts, and the business processes that are handled by each one. Additionally, understanding the risk posture of each application would allow you to better understand which systems have a higher exposure to risks.

Training the internal teams on SAP security, SAP controls, and the SAP incident response process is another component of the preparation phase. This training will help reach a broader audience and get better sponsorship for the project.

All in all, the main objective of the preparation phase is to arm the organization with the right people, processes, and technology to support an incident affecting SAP applications.

To get a comprehensive understanding of what an SAP incident response process looks like, together with lessons learned from real cases, join me at Cybersecurity for SAP Customers 2018 in Prague, June 27-29.