Canadian Manufacturing

Protecting ERP systems from cybersecurity breaches

To safeguard against cyber-attacks, manufacturers and distributors should watch out for a number of ‘social engineered ’ scams that try to exploit organizational weaknesses.

June 14, 2021  by JP van Loggerenberg, Chief Technology Officer at SYSPRO

Protecting your ERP system from cybersecurity breaches

Cybercrime taps into the vulnerability of business systems and can pose a real threat to a robust supply chain. A sophisticated ransomware attack recently targeted the world’s largest meat processor (JBS SA). Following the business system breach, operations in the US and Australia were disrupted, resulting in a knock-on effect. The meat processor had no option but to shut down nine beef plants in the United States and several plants in Australia. Several truck drivers who specialize in hauling livestock also had no choice but to drive hundreds of miles to pick up cattle from an alternative supplier. For the end-consumer, the long-term impact of the cyber-attack could mean inflated meat prices.

Unfortunately, this is not the only instance of a cyber-attack on critical business. Earlier this year, a ransomware attack on the Colonial Pipeline, that provides nearly half the United States East Coast’s fuel supply, resulted in gas and jet fuel shortages in the US. In this case, the hackers demanded  $4 million in ransom. While the ransom was paid on the same day, and authorities have since been able to recover around $2.3 million in bitcoin paid in the Colonial Pipeline ransom, the pipeline was only able to function again after six days.

With increased reliance on digital tools, businesses are now understanding the importance of company-wide cybersecurity strategies that take into consideration all IT systems. For manufacturers and distributors, this includes your Enterprise Resource Planning (ERP) solution, as it integrates internal systems and integrates with external third-party systems.

ERP systems contain sensitive information ranging from supplier data on the creditor side and customer information on the debtor side. From a compliance perspective, this information needs to be  carefully protected.

Advertisement

Your first line of defense starts with knowledge

To safeguard against cyber-attacks, manufacturers and distributors should watch out for a number of ‘social engineered ’ scams that try to exploit organizational weaknesses.

Distributed denial-of-service (DDoS) attacks seem to be amongst the most prevalent amongst ERP users. Here, cybercriminals target a public-facing endpoint, where a network resource is rendered unavailable to intended users.

Across all cyber-attacks, the one common denominator is the human factor. The risk lies from within a business, so manufacturers should consider a number of steps to safeguard their ERP investment.

Steps to guard your ERP system against possible risks

  1. Don’t delay software updates

Security technologies are ever-evolving. What may be safe today, may not be safe tomorrow. Therefore, businesses need to protect their devices by installing the latest versions of any software – including the latest version of your ERP software.

  1. Consider access rights

For some, applying specific access rights across an organization is an effort. In this scenario, most employees are given full access rights. The problem with this scenario is that it opens up more opportunities for cybercriminals to access sensitive information.

  1. Choose a multi-factor authentication approach

One-factor authentication is archaic and involves a person who matches one credential to verify himself or herself online. This poses a real risk for businesses and a real opportunity for malicious users.

Instead,  businesses today need to have an extra layer of security with two-factor or multi-factor authentication.

Rinse and repeat

Ultimately, a company’s cybersecurity is only as strong as its weakest link. Because the human factor can place your business at risk, a rinse and repeat approach should be taken around cybersecurity education. Staff need to be reminded not to open suspect emails, be wary of unexpected messages, and be reminded to change their passwords often. Education and awareness can strengthen this mindset and can protect your ERP solution from malicious intent.


Print this page

Related Stories