ERP systems make a very appealing target for hackers, as these systems run business-critical processes and contain highly sensitive financial information, manufacturing secrets and even customer information such as credit card numbers.
The Department of Homeland Security Computer Emergency Readiness Team (US-CERT) recently released an alert citing a study that highlights the risks posed to thousands of unpatched ERP systems. This study specifically discussed SAP and Oracle systems, but similar risks can exist for any ERP system which may be incorrectly configured, out-of-date, unpatched, etc.
The report mentions that ERP systems at two government agencies and at firms in the media, energy and finance sectors were hit after failing to install patches or take other security measures advised by their ERP software provider.
While most software companies issue patches for their ERP products, customers can struggle to apply them due to complex system architectures, customized functionality, or even lack of knowledge about the patching process. These difficulties can then be exploited by hackers and cyber attackers.
When these alarms are raised, it makes you wonder if your own systems are secure. Are they? How do you know? It may be time for a security assessment that will test your internal, external and physical systems for vulnerabilities. BizTech can help with this.
Read these articles which go into more detail: