Protecting your ERP system from cybersecurity breaches


Cybercrime taps into the vulnerability of business systems and can pose a real threat to a robust supply chain. A sophisticated ransomware attack recently targeted the world’s largest meat processor. Following the business system breach, operations in the US and Australia were disrupted, resulting in a knock-on effect. The meat processor had no option but to shut down nine beef plants in the United States and several plants in Australia. Several truck drivers who specialise in hauling livestock also had no choice but to drive hundreds of miles to pick up cattle from an alternative supplier. For the end-consumer, the long-term impact of the cyber-attack could mean inflated meat prices.

Unfortunately, this is not the only instance of a cyber-attack on critical business. Earlier this year, a ransomware attack on the Colonial Pipeline, which provides nearly half the United States East Coast's fuel supply, resulted in gas and jet fuel shortages in the US. In this case, the hackers demanded $4 million in ransom. While the ransom was paid on the same day, and authorities have since been able to recover around $2.3 million in Bitcoin paid in the Colonial Pipeline ransom, the pipeline was only able to function again after six days.

With increased reliance on digital tools, businesses are now understanding the importance of company-wide cybersecurity strategies that take into consideration all IT systems. For manufacturers and distributors, this includes the Enterprise Resource Planning (ERP) solution, as it integrates internal systems and connects with external third-party systems.

ERP systems contain sensitive information ranging from supplier information on the creditor side and customer information on the debtor side. From a compliance perspective, this information needs to be carefully protected. There is no doubt that ERP is at the heart of the business and needs to be an integral part of the cybersecurity strategy of the organisation.

Your first line of defence starts with knowledge

To safeguard against cyber-attacks, manufacturers and distributors should watch out for a number of ‘social engineered’ scams that try to exploit organisational weaknesses.

Distributed denial-of-service (DDoS) attacks seem to be amongst the most prevalent amongst ERP users. Here, cybercriminals target a public-facing endpoint, where a network resource is rendered unavailable to intended users.

Phishing is another example where criminals can exploit systems by sending emails that seem to be from trusted sources or companies. For example, an ERP customer would receive an email from their ERP vendor, often promising a reward or refund, to deceitfully obtain personal information, including passwords, identity number, banking login details.

Another example is pharming. Pharming is a cyber-attack intended to redirect a website's traffic to another, a fake site that aims to steal your information and money. In a pharming attack, the criminal hacks into the website you have opened and redirects you to an imposter site. Much like a phishing scam, many of us won't notice any difference in the rogue site and will enter our username and password, or credit information as usual. The attacker then intercepts the captured information.

Across all cyber-attacks, the one common denominator is the human factor. The risk lies from within a business, so manufacturers should consider a number of steps to safeguard their ERP investment.

Steps to guard your ERP system against possible risks

1. Don’t delay software updates

Security technologies are ever-evolving. What may be safe today, may not be safe tomorrow. Therefore, businesses need to protect their devices by installing the latest versions of any software – including the latest version of their ERP software. In addition to leveraging the latest features, newer software versions remove any vulnerabilities that may put a business at risk.

2. Consider access rights

For some, applying specific access rights across an organisation is an effort. In this scenario, most employees are given full access rights. The problem with this scenario is that it opens up more opportunities for cybercriminals to access sensitive information. Organisations should instead ensure that employees are provided with specific roles and form part of groups with associated security and clearance authorisations.

3. Choose a multi-factor authentication approach

One-factor authentication is archaic and allows a person who only matches one credential to verify himself or herself online. This poses a real risk for businesses and a real opportunity for malicious users.
Instead, businesses today need to have an extra layer of security with two-factor or multi-factor authentication. Luckily, modern technology today does offer the option of single sign-on.

Rinse and repeat

Ultimately, a company’s cybersecurity is only as strong as its weakest link. Because the human factor can place your business at risk, a rinse and repeat approach should be taken around cybersecurity education. Staff need to be reminded not to open suspect emails, be wary of unexpected messages, and be reminded to change their passwords often. Education and awareness can strengthen this mindset and can protect your ERP solution from malicious intent.



Related news & editorials

  1. 27.07.2021
    by      In
    The past weekend saw the launch of a new campaign from Bapcor, Asia Pacific’s leading provider of vehicle parts, accessories, equipment and service. The campaign, called The unseen parts of every Australian journey, focuses on the role the firm plays in the lives of ordinary Australians.
    Coinciding... Read More
  2. 27.07.2021
    by      In
    Entries are closing soon for the Premier’s Sustainability Awards 2021, Victoria’s annual sustainability awards program.
    With less than a week to apply, the awards recognise and celebrate individuals, organisations and communities that are contributing to Victoria’s long term sustainability efforts... Read More
  3. 27.07.2021
    by      In
    Whereas the world’s first industrial robot was brought to life in 1962, it wasn’t until 2008 that the first collaborative robot (cobot) made its way onto the scene. As the name suggests, a cobot is a robot that is intended for direct human-robot interaction within a shared space. These robots are... Read More
  4. 22.07.2021
    by      In
    The Arctic is warming twice as fast as the rest of the Earth. As its permafrost ice melts, powerful methane greenhouse gases are released into the atmosphere, which speeds up global warming in an increasingly destructive cycle.
    Professor Katey Walter Anthony is an Arctic researcher and National... Read More