By Marius Wessels
There’s no question about technology’s role in driving business evolution and revolution, but it also creates new layers of cyber threats to organizations. New technologies are driving up cybercrimes, and businesses ought to put the right measures in place to safeguard their enterprise resource planning [ERP] systems against cyber-attacks, which can result in unprecedented and devastating effects.
ERPs, which are at the core of many businesses, house delicate and vital information from customer data, stock levels, order entries, production plans, to operational processes such as production planning and financial processes such as cash collection and payments, and therefore their security should be on the forefront of any company’s security preparations.
One needs to be mindful of how vulnerable their ERPs may be to attacks, since attackers are ‘upping their attacking game’, shifting from encryption of databases and distributed denial-of-service [DDoS] attacks to disruption of productive systems through attacks that use artificial intelligence and quantum technology. It can only be worse for those using legacy ERP systems without protection.
Some of the top aspects that present cybersecurity risks to an organization include not knowing the data it has, therefore not knowing which to protect, and not educating the workforce on the dangers and preventive measures to attacks, which can be executed through simple email phishing.
While cyberattacks often result in great losses to business, not only through ransom amounts demanded by the hackers but also downtime and loss of productivity and revenue, it is not all bleak news. There are several ways of ensuring your ERP software is cyber secure in the wake of these sophisticated activities by criminals.
Identify the Crucial Data
The first step to securing your ERP is identifying your most important data, and where it resides. While many businesses are less knowledgeable of their crucial and critical data and systems, it is of great essence to have a clear view of the data that matters the most, where it is stored, and how it is accessed.
This data is typically stored in various places within an ERP, and it is therefore necessary to track it down to know how to protect it. By doing this, you will not only be creating a roadmap of how data flows in your system, but also identifying the interfaces involved.
Many of the recent ERP software are cloud based, and while many people perceive the cloud to be more secure, it may not always be the case since after all, it is just somebody else’s computer. It is crucial to ensure your cloud-based ERP is shielding the web-accessible ERP data from being compromised.
One way of ensuring the data is protected is by exploring your own ERP for vulnerabilities so as to seal all the loopholes that hackers can explore. Also, for these internet-facing ERPs, it is essential to restrict the access to the system through a company VPN [Virtual Private Network] connection or firewall. The number of persons accessing crucial data points also needs to be limited, to eliminate unnecessary access by employees, which at times proves to be the weak link for attackers.
Additionally, if you rely on third parties to host or work with your ERP system, it is crucial to ensure they have the best security measures in place. Even with cloud-based security solutions, these companies must be evaluated on a case-by-case basis to vet the security measures they are employing.
Ensure Secure Integration
ERP systems are oftentimes integrated with other applications of an entity. It is therefore important to ensure these integrations are secure. Mapping of the integration interfaces and APIs routinely will ensure customization of the system does not compromise the security. Here, your organization could consider installing a middleware to reroute the interfaces, enabling easy management of data exchange between the integrations, and subsequently making it easy to monitor and shut off when an interface is compromised.
There is also a need for regular assessment of existing configuration of these interfaces and strong encryption where necessary to prevent data deciphering by hackers in the event of possession. With the middleware in place, it can also assist in identifying the unsecure integrations, paving way for their elimination or remediation, therefore reducing the number of vectors that attacks can emanate from.
Update Your System
As aforementioned, cyber attackers keep changing their tactics, and coming up with new ways of executing their malicious activities. With outdated security, your system is more vulnerable and would offer little resistance to attacks. Software developers have a better understanding of the security threats to their applications and tend to address them in the form of software updates. While many businesses are ignorant of updating these systems, owing to their difficulty in updating due to complexity, keeping your system updated comes with enormous benefits.
However, it is not only the system that needs to be updated. You need to ensure you are on the know of current ERP security trends. This involves educating your employees on what to look out for and what to do to prevent attacks. Also, it is crucial to ensure passwords for your system are very secure, by avoiding default passwords that are easy to guess.
Insure Against the Risk
With the increased cyber-attacks in the recent past, it is only wise to be prepared on how to deal with the aftermath of the event, since there is no guarantee that your system will never be hacked, even with the best security measures in place. Having cyber insurance can help mitigate the destruction caused, ensure quick return to production, therefore the survival of the company.
Marius Wessels, Manager: Professional Services at SYSPRO Africa