In todays IoT driven world, more and more devices are connecting to ERP Systems and their networks from various internal and external sources. This has also created vulnerabilities which can be exploited by vendors, which should force CIOs to review their ERP security policy.
The WannaCry and Petya attacks caused unprecedented disruption on to enterprises all over the world. These ransomware attacks affected thousands of organizations and computer systems and millions of users. It was based on a flaw in the older versions of Microsoft Windows operating system. The virus denied users access to the files on their system and demanded a payment to access the files again.
The cost of the attack could be in form of lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover. This should raised attention and swung companies into tightening their security systems to mitigate against such attacks in the future. But how can this be put in practice?
In a recent survey by a U.S. based cybersecurity firm, over two thirds (68%) of respondents were not confident that enterprises have made the necessary overall improvements to be more secure against virus attacks, in spite of this year’s major global attacks. This survey also covered organization policy on IT threats, manage administrative rights & controls, audit log management.
ERP vendors for products like Lighthouse ERP release ERP patches on their customer portals. These patches are received monthly or even quarterly, but the challenge is to apply them timely after running the same through the Software test environments. If left unattended, it could leave clients vulnerable to threats and errors in case of incidents.
“Adopting best practises and leveraging critical security controls will continue to be the best bet for defending against cyber attacks. Most of these attacks happen from on systems that have been left unprotected (older versions). Good security planning and implementation will greatly reduce the chances of such breaches.
In case of Wannacry Ransomware, even those companies with established security procedures were at risk, as PCs that were not connected to the enterprise network frequently were often left without a patch.
IT managers often dont have clarity whether patch have been applied Even when older version of Microsoft OS are identified. Devices usually need to be rebooted for the update to take effect. Even if company-wide emails are sent stating guidelines for end users, these emails might be missed. End Users are often shortsighted in this context, Once users feel that the the looming threat from WannaCry has been mitigated, they shift focus on to other more immediate tasks.
Therefore, it is important that IT teams have visibility into not only which machines are vulnerable and also those where users have unintentionally not updated their machines.
With an increasing amount of important data stored in various databases and organizations reliant on ERP software, it has never been more important for CTOs and CIOs to remain vigilant and educate themselves on ERP security.
Click here to see more blogs
