ERP systems make a very appealing target for hackers, as these systems run business-critical processes and contain highly sensitive financial information, manufacturing secrets and even customer information such as credit card numbers.

The Department of Homeland Security Computer Emergency Readiness Team (US-CERT) recently released an alert citing a study that highlights the risks posed to thousands of unpatched ERP systems. This study specifically discussed SAP and Oracle systems, but similar risks can exist for any ERP system which may be incorrectly configured, out-of-date, unpatched, etc. 

If you have contracts with the United States Department of Defense (DOD), NASA or GSA, or are a subcontractor to a prime contractor with those contracts, your organization had until December 31, 2017 to begin your journey towards NIST (National Institute of Standards and Technology) 800-171 compliance. 

What is NIST 800-171?

If you're in need of a nap, you can read the full NIST Document 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations. 

If you need to remain awake, here's the short of it... 

From Infor:

This week, the world became aware of two major vulnerabilities, “Meltdown” and “Spectre,” that impact a large majority of computer processors. The vulnerabilities were discovered in late 2017 by teams of researchers who alerted major processor makers such as Intel, AMD, and ARM. The vulnerabilities that have been identified are fundamental designs within the chip architectures and must be addressed at the OS level on every system.

Peter Bright, Technology Editor at ARS, authors a series of especially informative, albeit technically complicated, explanations of the two vulnerabilities named Meltdown and Spectre.

In this post,  we will include some excerpts as we attempt to simplify the vulnerabilities and key takeaways in the interest of satisfying your curiosity or concern, and saving you from reading the plethora of technical articles that have justifiably been a part of the recent news cycle.

At BizTech, we empower each client to accomplish their mission through technological innovations and operation improvements. This includes anticipation and response to technical issues that might impact user productivity.