Companies aren’t protecting their ERP systems from cyber-attacks, says new report
ERP software is vulnerable to cyber-attacks but enterprises are not doing enough to secure their systems, according to a new report.
The ERP Cybersecurity survey 2017, conducted by Crowd Research Partners and ERPScan, spoke to more than 1,900 cybersecurity experts and found that 89% expect to see a surge in attacks on ERP systems. 33% said they expect a “significant increase” in attacks.
The report said that there is a general lack of awareness around ERP security – one in three respondents said that they hadn’t implemented any ERP security strategy.
Furthermore, it found that many organisations are still unclear as to who is responsible for ERP security. 43% said it should be the CIO’s task but 28% said it was the CISO’s responsibility.
The authors added that the responses show that there is still a lot of work to be done in securing ERP systems and spreading awareness. SAP tips the average costs of a security breach at $5 million.
The survey found that cybersecurity professionals are most concerned about the following three areas: protecting customer data (72%), protecting employee data (66%), and protecting emails (54%). This is all data that may be stored in some kind of ERP system. The report recommends regular pen-testing.
Despite the recent ransomware attacks that hit companies and organisations globally, including theNHS, Alexander Polyakov, CTO of ERPScan, said the results of the survey were unsurprising. He claimed that “most enterprises are still unprepared” for cyber-attacks targeting ERP systems.
“ERP systems store and manage essential business information and processes. Taking into account the recent ransomware attacks and its costs to organizations, we can imagine how huge the impact could be if hackers target SAP. CISOs should include this area in their list of top priorities if they haven't done it yet,” he said.
Five quick actions to improve internal ERP security
Give your internal ERP security a boost with these quick, actionable tips
Why mobile ERP security must differ from standard security practices
Threats to mobile ERP security aren't the same as those affecting traditional ERP; this should be...
Ten actions that reduce the risk of ransomware attacks on your ERP
From backups to BYOD policies, these steps can help to reduce the likelihood and impact of ransom...