In an organization’s IT environment, no application is not protected from risks posed by inadequate software patch management. Editors (Microsoft, SAP…) provide security updates because new vulnerabilities are regularly discovered. Once patches are published by editors, these vulnerabilities become public and their use by malicious actors is possible on unpatched systems.
Several studies performed over the last three years have revealed that there is a strong trend towards the malicious use of public vulnerabilities in ERP applications (e.g. SAP). This sensitive subject is fundamental for the cybersecurity of the company because it directly affects sensitive data and operational activities can be strongly impacted.