50,000 businesses exposed to cyber attacks through SAP systems

Up to 50,000 businesses running Sap software are at risk of being hacked after security researchers uncovered new ways to exploit insufficiently protected systems.

German firm Sap, which provides software to more than 90 per cent of the world’s top 2,000 firms, said it had issued guidance on configuring security settings in 2009 and 2013.

However, security company Onapsis said 90 per cent of businesses were not fully protected against cybercrime.

Read more: SAP to buy Qualtrics for $8bn days before unicorn's planned IPO

Mathieu Geli, a security consultant at French tech firm Sogeti, told Reuters that if a company’s security settings are not configured properly, hackers are able to gain full access without login credentials by tricking applications into thinking they are another Sap product.

“Basically, a company can be brought to a halt in a matter of seconds,” said Onapsis chief executive Mariano Nunez, whose company specialises in securing business applications, told Reuters.

“With these exploits, a hacker could steal anything that sits on a company’s Sap systems and also modify any information there – so he can perform financial fraud, withdraw money, or just plainly sabotage and disrupt the systems.”

Businesses using Sap software, for tasks ranging from employee payrolls to product distribution, distribute 78 per cent of the world’s food and 82 per cent of medical devices, the company said on its website.

Read more: Apple teams up with SAP to seek new business opportunities

“This risk to Sap customers can represent a weakness in affected publicly-traded organisations that may result in material misstatements of the company's annual financial statements,” said Larry Harrington, former chairman of the Institute of Internal Auditors (IIA),

Sap said: “Sap always strongly recommends to install security fixes as they are released.”