The implementation of comprehensive ERP systems is nothing new. Businesses across major industries have been working with some form of ERP for some time now, and as far back as the mid-2000s, surveys of college and university CIOs included ERP (as well as security) among their “leading strategic concerns.” As the years have passed along though, and ERP applications have become more popular and more capable across businesses, we’ve begun to see growing concern about the cybersecurity issues that come with them.
To some extent this was inevitable, given that cybercriminals are always seeking new ways to compromise valuable business systems. In this case though, the expansion of ERP appears to have directly led to more security vulnerabilities. In 2018, a report on increasing attacks on ERP applications in fact noted that in just three years’ time there had been a “100 percent increase in the number of publicly available exploits” for these applications. The report went on to state that numerous campaigns “targeting ERP applications in different ways” had been uncovered as well.
This poses a significant problem for modern businesses, which are now relying quite heavily on ERP applications to optimize operations, but which must also be careful about protecting data, and the systems on which it is transferred and stored. To address the problem, business leaders must engage with various means of maintaining cybersecurity where ERP is concerned.
Consult Cybersecurity Experts
For a responsible leader, the first impulse in solving a problem of this nature should be humility. That is to say, business leaders should recognize that they are likely not as well equipped as true cybersecurity experts to address the problem in the first place.
One solution is to hire or contract just such an expert. With a growing concentration on this very subject in online learning institutions in recent years, relevant job fields have grown expansively. Trained graduates with online cybersecurity degrees are quickly entering the market to help address not just ERP applications but the virtually innumerable cybersecurity issues that modern businesses have to deal with. This means that leaders seeking to address ERP application vulnerabilities have plenty of experts to explore hiring or contracting to help get security measures in place.
Alternatively, appropriate help for matters like this can also be sought for free, through individuals who share expertise for free. We’ve discussed the prevalence of helpful artificial intelligence influencers before, and they represent a growing phenomenon of knowledgeable tech types who readily (and freely) share their insights online. A business leader with some cybersecurity savvy may learn all he or she needs to know from the right influencer, and apply the education to the development of effective solutions.
Consulting experts in the field is a good idea no matter what other steps a business end up taking. But another universally beneficial step in reducing cybersecurity risks associated with ERP is to train employees. This is a common recommendation regarding business cybersecurity in general, and it’s not too difficult to understand why. When cybersecurity measures are put in place, employees need to be knowledgeable about them so as to do their part to uphold them.
The unfortunate fact is that human error and employee vulnerability are consistently cited as some of the most common causes of business security failings and data breaches. So, from advising employees to make use of complex passwords and guard their devices, to teaching them any and all relevant precautions developed for specific ERP vulnerabilities, business leaders should make education part of your plan.
Patch Vulnerabilities as Needed
This is a more technical step, but it’s actually the simplest measure business leaders can take to stop vulnerabilities from being exploited. Basically, organizations behind ERP systems conduct reviews now and then that are designed to identify and address vulnerabilities. This is the process of patching, and it’s important for businesses using ERP to stay on top of.
Another piece on ERP cyber risk mitigation points out that different ERP vendors have different patching cadence (which basically refers to the timelines on which they conduct review and add patches). But by “aligning with your vendor’s security patching cadence,” a business leader can be sure that identified vulnerabilities are addressed as quickly as possible.
Monitor for Vulnerabilities
The aforementioned piece on risk mitigation also makes the point that businesses should do their own monitoring for “leaked” ERP data or user credentials, which are evidence of an unaddressed vulnerability. Basically this means keeping a vigilant eye out for ERP-related information that has made its way outside of company boundaries and onto the internet. Identifying this sort of problem can lead to the discovery of a given application’s weakness or employee shortcoming.
As you can see, cybersecurity for ERP systems and applications is a complex matter. But business leaders today can take a thorough approach to handling it, and ultimately bring about the best possible protection. Consulting with experts, educating employees, and identifying and patching vulnerabilities is a good start.