Seven steps to help protect your ERP system against cyberattacks
Many companies’ enterprise resource planning systems, which house their most valuable data, are still too vulnerable.
What would happen if your enterprise resource planning (ERP) system were attacked? For many companies, the consequences would be devastating. ERP systems not only contain the crown jewels of the business—customer data, stock levels, order entries, production plans, and contract data—they also manage such essential financial processes as order to cash (OTC), and operational processes such as production planning and steering and cash collection and payments. An ERP system is literally the operating system for the company, without which the company simply could not function.
While cyberattacks continue to be top of mind for executives, many may not fully appreciate how vulnerable their ERP systems are to such attacks. This could become a significant problem as evidence mounts of increasing threats targeting ERP systems.
Supply-chain attacks rose by 42 percent in the United States in the first quarter of 2021, impacting up to seven million people.1 And security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020.2 Hackers are becoming more systemic and discerning in their attacks, shifting from distributed denial-of-service (DDoS) attacks and encryption of databases toward disruption of productive systems, and the threat landscape will likely shift further. The German government published an annual report recently highlighting how the cyberthreat is shifting pronouncedly from the theft of data to the disruption of systems.3 The US Department of Homeland Security has issued multiple warnings against cyberattacks targeting ERP systems.4
3. Install middleware to monitor data flows
Companies could consider putting in place a service bus, or middleware, to reroute all the identified interfaces to it. This step is instrumental in enabling management of data flow between the ERP system and the legacy environment. By collecting and organizing system interfaces in one place, the middleware layer makes them easier to monitor and quickly shut off when an interface is under attack.
Rerouting each interface connection to the middleware can be arduous, but it’s crucial. The rerouting process is generally not complex, though that depends on the kind of data passing through or what conversions are necessary. The complexity comes in managing the scale of this interface-by-interface rerouting process, which may require discipline in systematically executing, tracking, and testing each change.
4. Reduce vulnerabilities and data flows where possible
With the middleware in place, a company could systematically start to eliminate or remediate at-risk interfaces. In some cases, it may make the most sense to “cut off” the data flowing through certain interfaces, either because it is no longer needed or is redundant. This essentially reduces the number of vectors that can introduce an attack.
When it comes to remediating at-risk interfaces, many companies are tempted to focus on those that are the most complex, but they could instead consider focusing on those interfaces that are easiest to remove—for example, where standard interfaces are available or the data is simple and doesn’t need to be converted. Many ERP systems use vulnerable legacy technologies such as file transfer protocol (FTP) or clear text exchanges, which are easy to hack. Phasing out legacy technologies could allow the company to make quick progress in shutting down vulnerabilities and building momentum.
For any remaining interfaces that are difficult to migrate, companies could consider a thoughtful risk assessment that accounts for how often each one is used and what type of data is going through it—and then decide whether to keep it with additional monitoring or simply remove it.
This article originally appeared on mckinsey.com, to read the full article, click here.