Enterprise resource planning (ERP) software systems are the heartbeat of many organizations, relied on heavily to power the business, manage critical processes like product lifecycle and supply chain, and produce a continuous flow of information. These systems are becoming more and more common, which means the potential to compromise data via cyberattack is greater than ever.
ERP systems have been the target of ongoing attacks because they house sensitive business-critical data, and systems that manage media, energy, and finance organizations were reportedly hit after failing to install patches or take security measures. If you think your ERP is safe from attack, you might want to think again.
The Growth of Cybercrime
Cybercrime is a growth industry, offering high reward at an extremely low risk. Your ERP can offer financial value to unethical competitors and criminals. A study by McAfee estimates that these crimes cost the global economy more than $400 billion. Few of the biggest cybercriminals have been caught or even identified. Even when authorities know exactly who is responsible, there is often nothing they can do about it. The rate of the return favors the criminal, which only incentivizes them to steal more.
Three basic categories of criminals account for the vast majority of cybercrime:
- Organized crime: These organizations are similar to those that run drug empires, only more sophisticated. They have extreme specialization, distributed management, and a “social network” which makes it very difficult to stop. Much of the top level of organized cyber-crime is composed of former intelligence officers in Russia, where there are an estimated 20 to 30 cybercrime groups. The purpose of these organized crime groups is, of course, to make money from the data they capture.
- Hacktivists: Hacktivists are people, like Anonymous, who are driven by conscience and cause. They’re not in it for the money but, instead, wish to disrupt or disable the organization they deem responsible. They share information and tools and are very difficult to predict.
- State-sponsored: Many nations sponsor armies of hackers. According to a cybercrime expert, China is the most sophisticated and powerful of these. Russia follows not far behind, but other nations that sponsor cybercrime include North Korea, France, and Israel. The goal of these groups range from corporate espionage to defense.
The most important cost of cybercrime comes from its damage to company performance and global economic growth. The threat of cybercrime is so significant that in 2014 President Obama issued an Executive Order on Cybersecurity, “Improving Critical Infrastructure Cybersecurity.” The EO defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
What’s the Risk?
A breakdown in ERP cybersecurity that results in an attack on corporate ERP systems could have a major impact on national economic security. ERP systems are mission-critical assets that store important company information and run core operations. Most companies depend heavily on their ERP system and a security breach could have catastrophic effects.
Even so, many companies underestimate the risk of cybercrime to their organization, deprioritizing their ERP cybersecurity. Financial crime is the easiest to measure. However, in addition to the potential financial impact, there are intangible costs, including the loss of customer confidence, loss of confidential information, and the opportunity cost of risk-averse behavior. Cybercrime can have a serious impact on any business and it is important to take steps to mitigate that impact.
Enforce ERP Cybersecurity With PositiveVision
Is it time to review your current business practices to ensure they meet best-practice recommendations for ERP cybersecurity? Protect your vital data with help from the experts at PositiveVision. Our software management consultants understand your needs, from data to access to security. As the choice for many organizations in the greater Chicago area, PositiveVision is committed to helping your company grow and achieve what you need from your business software, including robust cybersecurity.
Find out how you can help keep your data safe. Talk to a software management consultant today.