Computerworld: After testing 600 enterprise SAP systems, security firm Onapsis found that more than 95 percent hadn't installed necessary security patches, leaving the companies open to espionage, sabotage and fraud. Researcher Juan Perez-Etchegoyen said that most organizations don't realize that hackers don't need to steal login credentials in order to conduct attacks. "The problem is that companies don't know the risk," he added. "SAP is working very hard on security and they are good at it, but customers need to keep up."
Perez-Etchegoyen noted that because many users customize SAP extensively, it can be difficult to deploy patches. However, he encouraged IT managers to complete patch testing and deployment quickly in order to protect their business data.