Enterprise Resource Planning (ERP) systems are the backbone of modern organizations, managing critical business functions such as finance, human resources, supply chain, and customer relationship management. However, as these systems have evolved to become more interconnected, they’ve also become a prime target for cyberattacks.

According to Data Horizon Research, the cloud ERP market size was valued at USD 66.2 Billion in 2022 and is expected to reach USD 274.1 Billion by 2032 with a CAGR of 15.4%. As organizations increasingly move to cloud-based ERP solutions, the importance of robust security measures cannot be overstated.

At the same time, the 2023 Cost of a Data Breach Report by IBM states that the average cost of a data breach is now $4.45 million, a 15% increase over the previous year. The same report notes that 75% of firms have said that they have faced material disruption in business processes due to a data breach.

Many organizations rely on vendor-provided security tools which require constant updating and patching to ensure the best security in real-time and avoid vulnerabilities malicious actors can exploit. This is especially important given how fast cybercrime is evolving in the digital era with the assistance of artificial intelligence and machine learning.

Here are some best practices security leaders must focus on to bolster their ERP security:

1. Audit ERP System Vulnerabilities

Improving your ERP system security will require regularly scheduled and thorough audit of the entire architecture’s vulnerabilities.  This will enable security teams to keep updated with and mitigate potential security risks before they are exploited by bad actors, thus protecting sensitive data and reducing the risk of damaging security incidents. Keeping a clear view of the organization’s ERP system’s strengths and weaknesses will enable security leaders to make well-informed decisions on priorities.

Steps to take:

• Assess current security posture: Tools like penetration testing, vulnerability scanning, risk analysis, and compliance check should be used to review systems configurations, access rights, encryption, and more.
• Update and patch systems: Audits will also enable prompt updates and ensure that patching of ERP systems is done regularly and in a timely manner, as updates from developers and vendors are crucial to quickly solving identified security vulnerabilities.
• Monitor and audit ERP system continuously: Periodic monitoring and auditing of the processes of the ERP system will highlight anomalies, errors, and threats to security while also helping to ensure compliance with security standards and regulations.

Case Study: Sunwater Improved Visibility Across ERP System For Better Access Governance and Compliance

Company profile:

Sunwater, a water service provider in Queensland, Australia, manages water supply for agricultural, urban, and industrial customers. They operate 19 dams and 1,951 kilometers of pipelines, supplying around 40% of the region’s commercial water to over 5,000 customers. The company operates SAP as its central ERP system. Among its 650 on-site employees, nearly 500 have access to SAP, with most of them primarily functioning as transactional users.

Challenge:

One of the issues that Sunwater faced was a fragmented working environment that has caused access problems and increased fraud due to system complexity and a lack of access risk control. In response, the company attempted to reevaluate their approach to access risk management in their multi-site operations.

Solution:

Sunwater’s approach to access governance helped mitigate the risks of internal fraud by providing visibility and control over access to their ERP system. With the implementation of a risk and compliance tool, Sunwater was able to proactively improve access governance and compliance, ensuring that only authorized users have access to sensitive data and transactions. This reduced the risk of fraud resulting from wrong access. Additionally, the system provided ongoing maintenance and automatic detection of potential risks, ensuring that data is always as clean as possible.

Source: CompliantERP

2. Audit User Access & Authorizations

A fundamental principle of ERP security is limiting access and granting authorizations only to individuals who require access to specific parts of the ERP system. This practice is crucial for maintaining the integrity, confidentiality, and availability of sensitive data within the organization. After all, identity and access management (IAM) is a key factor in reducing the cost of data breaches according to IBM’s 2023 Cost of Data Breach Report.

A way to strengthen this is by implementing a role-based access control (RBAC) which defines roles and assigns permission based on the functionality. RBAC helps ensure that access is granted in a logical, structured, and consistent manner, reducing the risk of over-privileged users and potential security vulnerabilities. Beyond that, it is prudent to conduct regular user audits to clean-up inactive users.

Case Study: Company implements a unified identity orchestration solution to more efficient user access certification

Company profile:

A legacy on-premises user was in the process of transitioning to Oracle Cloud ERP. Their application landscape is complex with numerous applications and vertical solutions. They were using Microsoft Azure for Identity and Access Management (IAM) and ServiceNow for IT service management.

Challenge:

The company faced challenges with user access certification organization-wide, relying on a manual and error-prone process. They wanted to move toward a policy-driven access control solution that could offer detailed visibility and seamlessly integrate with their existing applications, including Microsoft Azure, ServiceNow, and Oracle ERP Cloud.

Solution:

The company enlisted a third-party vendor to help extract sources of data from across their enterprise network including the legacy Identity Governance and Administration (IGA) system and ServiceNow, which allowed for a unified identity orchestration solution. This enabled the organization to conduct user access certification to validate employees’ access levels. The entire end-to-end user access certification process is now automated, offering insights into which access rights should be revoked and details about the actions taken on each ticket.

Source: SafePass

3. Enable Constant and Centralized Monitoring

Another way to strengthen ERP security is to establish continuous and centralized monitoring to detect potential exploitation, identify unauthorized access, provide automated alerts, and detect data leaks in real-time. After all, early detection is key to reducing the cost and damage of data breaches. This is especially important as breaches that are initiated via compromised or stolen credentials require the longest time to identify and contain, at 240 days (IBM).

Real-time threat detection allows security teams to respond quickly and effectively to potential and active threats such as malicious login attempts, unauthorized access to sensitive data, and suspicious network activities. An additional advantage is that centralized monitoring can help organizations meet compliance requirements by providing a comprehensive overview of their ERP system activities.

Leveraging AI and large language models (LLMs) can make all the difference here as these technologies are able to automate and regulate threat intelligence, monitoring and detection, testing and validation, and incident response and recovery. It’s ability to analyze data from multiple sources, generate and prioritize alerts, and provide additional information for human teams to investigate a potential threat in real time cannot be overestimated.

Case Study: Kymera International Improved Workflow Visibility and Security

Company profile:

Kymera International is a specialty materials manufacturer specializing in metal powders for industrial and chemical applications.

Challenge:

The company was grappling with various challenges due to ongoing acquisitions and a transition to a new ERP system, particularly concerning data management, consolidation, and security. The corporate accounting department, which handles consolidations, required a solution that could effectively amalgamate data from various sources while guaranteeing precision, data security, and user-friendliness.

Solution:

Kymera International partnered with Mindstream Analytics to develop a detailed workflow hierarchy for their various entities, making it easier to apply security measures and meet specific needs. They built out various data sources to bring in fixed source files and developed mapping requirements for the data sources to eliminate the need for manual manipulation of the source data. This solution also addressed mapping issues to capture as many situations as possible, ensuring new accounts could be added smoothly.

Source: Mindstream Analytics

4. Improve Data Backup Cycles

Backing up your ERP data is the last line of defense in the event of a security incident or unexpected data loss. Backups not only aid in mitigating the impact of security breaches but also allow organizations to operate with confidence, knowing that their valuable data is securely preserved and recoverable.

Constantly improving the efficiency, frequency, timing, and methods of backup – both incremental and full backups – are essential to the sustainability of a business.  It is also worth considering both offsite and cloud-based backup solutions as these offer added protection in the event of on-site or cloud-based incidents, and provide redundancy.

Additionally, encryption of backed up data can make all the difference. IBM found that encryption could reduce the cost of data breaches by about USD 221,000. Despite that, Thales’s 2023 Cloud Security Report shows that only 22% of IT professionals say that more than 60% of their sensitive data in the cloud is encrypted.

Case Study: Katyani Plastic Udyog Centralized Data Storage to Mitigate Risk of Data Loss

Company profile:

Katyani Plastic Udyog specializes in the production of small and medium-sized plastic injection molded components. They offer an extensive range of products that serve various industries, with a primary focus on the automotive sector.

Challenge:

The company relies heavily on data from various systems, including their customized ERP, Tally for accounting, and local software. They sought a secure and cost-effective backup solution to mitigate risk of data loss and would allow them to continue using S3 Storage for reliable data storage. They also required minimal downtime to ensure productivity in case of system failures or accidental data deletions.

With ERP users across multiple locations and offices, the organization needed to move critical data to a scalable cloud-based storage system to reduce upfront on-premises hardware costs. They also needed centralized access to stored data from multiple remote locations, and the data had to provide concurrent millisecond-level performance to support their active production needs.

Solution:

The organization used an AWS cloud-based solution, using S3 Storage, to meet their data backup needs. They centralized data collection, backed up data from different locations, and identified seven systems for backup on S3 Standard Storage in AWS. This choice was made for immediate data access, considering the data size and the absence of archival requirements. An administrator-friendly UI was deployed for file browsing and verification. AWS backup service was utilized to protect backups of the customer’s EC2 instances, which hosted their ERP system, aligning with the client’s requirements.

This solution led to enhanced security and reliability of the organization’s data storage and provided them with robust data retention and recovery that aligns with the company’s operational blueprint. They have S3 Backup that now serves as a resilient disaster recovery solution.

Source: Operisoft

5. Update Incident Response Plan

Preparation is key to minimizing the impact of a breach. Ensuring that your incident response plan is updated with the latest in cyberthreat intelligence (CTI) and is aligned with the organization’s needs and available resources is key to ensuring a rapid response to reduce the severity and cost of a data breach.

The plan should include steps for identifying, containing, and eradicating the incident, as well as steps for communicating with affected stakeholders. It should also take into account any changes in the organization’s enterprise architecture or ERP strategies as well as potential gaps that must be addressed for a more robust recovery plan.

Case Study: Origin Property’s ERP Back Up Enabled Quick Recovery From Ransomware Attack

Company profile:

Origin Property Public Company Limited is Thailand’s leading real estate company. Established in 2009, the company grew rapidly. It launched 10 new condominium projects valued at 13,300 million USD $384.50 million. This expansion led to a substantial increase in data management requirements due to the growing number of properties under their management. The company stores customer and enterprise data, including their ERP software, in a substantial company-owned data center situated in Bangkok, Thailand. To enhance data security, they conduct nightly backups of all data to their geographically separated disaster recovery site.

Challenge:

Origin had been relying on an outdated backup and recovery system for an extended period. In 2022, the company’s IT team initiated a search for a new data security and management solution with the goals of reducing backup time, enhancing data security, simplifying scalability, and enabling swift recovery to accommodate their ongoing expansion.

Earlier in the year, Origin fell victim to a ransomware attack, which caught them off guard. They had believed their data was well shielded from such threats, but the limitations of their legacy data protection software became evident in their inability to prevent or recover from the ransomware attack. When the attack struck, it brought all of Origin’s databases, servers, and applications to a complete halt – including their ERP systems.

Solution:

Having just initiated a proof of concept with a provider of a data security and management platform, the company was able to shorten their data backup window from 20 hours to just three hours. This meant that they were able to avoid a massive ransomware payout, recover all their data promptly, and reduce their back up window by 85%. Additionally, they are also able to easily transfer their data center to the cloud in the future.

Source: Cohesity.

ERP Security is Crucial

Protecting ERP systems from potential threats is a critical responsibility for security leaders. As the ERP landscape continues to expand and evolve, staying proactive in the ERP security best practices is vital for safeguarding your organization’s sensitive data and business continuity.