According to the findings of a recent independent survey of 430 IT decision makers, 64 percent of ERP deployments have experienced security breaches in the past 24 months. The findings are published in the report ERP Security: The Reality of Business Application Protection. In the words of the IDC, “ERP applications such as SAP can be foundational for businesses. A breach of such critical ERP applications can lead to unexpected downtime, increased compliance risk, diminished brand confidence and project delays…..Cyber miscreants seem to be indiscriminate when it comes to ERP systems, having an appetite for all types of data, which, if in the wrong hands, could be detrimental to the business in terms of revenue and reputation.”
The survey revealed that of the 64% of organizations that reported security breaches in ERP systems, the majority included the compromise of sensitive data including sales data in 50% of cases, as well as HR data (45%), customer data (41%), financial data (34%) and intellectual property (36%).
The survey also revealed the following:
- The estimated cost of downtimes in ERP applications is $50,000 or more per hour at almost two thirds of organizations
- 62% of ERP systems may have critical vulnerabilities
- 74% of ERP applications are accessible from the Internet
- 56% of executives are concerned or very concerned about moving ERP applications to the cloud
According to the former Chairman of the Global Board of the Institute of Internal Auditors (IIA), “The findings of this independent survey should raise questions at the Board level about the adequacy of internal controls to prevent cyber attacks and the level of auditing taking place. The lack of these controls is one way for cyber insurance companies to deny claims….The information compromised most often according to this research is the highest regulated in today’s business ecosystem. Most concerning is the popularity of sales, financial data and PII, all of which should raise flags about the possibility of insider trading, collusion and fraud.”
SAP ERP installations can be protected against cyber attack using the Cybersecurity Extension for SAP Solution Manager. The extension implements automated vulnerability and patch management, and security incident detection and response for SAP systems, without requiring additional hardware or agents.