There’s an old Hollywood saying that showcases the cinematic battle between the well-armed and the ill-prepared:
“Never bring a knife to a gun fight.”
Classic quote. But a far more accurate representation of today’s conflict between hackers and legacy application owners might read:
“Never bring a slingshot to a nuclear bombardment”
ERP systems, the cornerstone of many organization’s application infrastructures, are typically wielding slingshots when battling bad actors with sophisticated technology and pervasive social attacks.
ERP systems have been increasingly targeted by hackers and nation state cyber terrorist due to several factors:
- ERP systems typically hold the keys to the kingdom for an organization. Names, national identifiers, bank account info and proprietary company financial data are just some of the types of data that ERP applications store.
- ERP systems are complex (millions of lines of code) and typically onerous to administer, patch and upgrade. There is typically very little tolerance for the downtime needed to keep the system up to date on necessary maintenance.
- Customized functionality is often introduced into ERP applications without a view into the security vulnerabilities that might be exposed.
- Legacy ERP systems were originally designed to operate within an organization’s network. It has only been recently that bolt on additions have been adopted to allow Internet access. This increased attack surface has led to known vulnerabilities being exposed to a much larger group of bad actors.
In 2018, a report was published by Onapsis and Digital Shadows detailing current trends in ERP security. Both firms are active in forensic consulting and incident response. Some of the key findings included:
- Attacks on ERP systems are evolving. They aren’t focusing on finding new vulnerabilities, but rather on taking advantage of known existing vulnerabilities that likely have not been patched.
- Several known botnet packages (Dridex, etc) have been modified to utilize the delivered malware to target internal ERP applications. This allows for the easy theft of credentials of users across the system.
- Hacks are no longer just about stealing data. There is clear evidence that nation state hackers are seeking to sabotage critical business operations for key organizations.
- Cloud and mobile are increasingly expanding the threat surface of most ERP implementations. Access without the appropriate controls has created a playground for bad actors.
ERP systems have been around for thirty plus years. For many organizations they are like the foundation of a house. Key business operations rely on the availability and integrity of their functionality. Disrupting that availability or compromising that integrity would likely result in significant losses – or worse – to the business.
In 2019, attacks against ERP systems will continue to evolve. And regardless of whether the intent is to steal data or to disrupt business operations, these attacks will look for cracks in that foundation.
Appsian can help protect against those attacks. Appsian can help shore up your foundation.