Can your enterprise resource planning (ERP) system withstand a cyber attack? Because of the critical information they contain, your ERP and other core business systems are targets of cybercrime. While mobility, web interfaces and cloud computing have offered tremendous benefits to companies, these same technologies open up the door to on-line attacks.
Your ERP has Value for Cybercriminals
Cybercrime is a growth industry. It offers high reward at a very low risk. Your ERP can offer financial value to unethical competitors and criminals. A study by McAfee estimates that the cost to the global economy is more than $400 billion. Few of the biggest cybercriminals have been caught or even identified. Even when authorities know exactly who is responsible, there is often nothing they can do about it. The rate of the return favors the criminal so the incentive is to steal more.
There are three basic categories of criminals that account for the vast majority of cybercrime:
- Organized crime: These organizations are similar to those that run drug empires except these are more sophisticated. They have extreme specialization, distributed management and a social network which makes it very difficult to stop. Russia is home to most of the organized crime. One estimate is that there are 20 to 30 cybercrime groups with leadership composed of former Russian intelligence officers. The purpose of these organized crime groups is, of course, to make money from the data that they capture.
- Hacktivists: Hacktivists are people, like Anonymous, who are driven by conscience and cause and are not in it for the money but, instead, wish to disrupt or disable the organization that they deem responsible. They share information and tools and they are very difficult to predict.
- State-sponsored: Many nations sponsor armies of hackers. According to a cybercrime expert, China is the most sophisticated and powerful of these. Russia follows far behind, and other nations that sponsor cybercrime include North Korea, France and Israel. The goal of these groups range from corporate espionage to defense. China, for example, has stolen complete business records in order to create a competitive business. They will steal patents and business secrets and sell it to Chinese companies in order to bolster China’s competitive advantage.
The High Cost of Cybercrime on Your ERP
The most important cost of cybercrime comes from its damage to company performance and global economic growth. The threat of cybercrime is so significant that, in 2014, President Obama issued an Executive Order on Cybersecurity— “Improving Critical Infrastructure Cybersecurity.” The EO defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
An attack on corporate enterprise resource planning systems could have a major impact on national economic security. ERP systems are mission-critical assets that store important company information and run core operations. ERP systems store data including manufacturing recipes, employee information, credit cards and financial results. They run essential operations including procurement, manufacturing, logistics, sales and payroll. They interface with payment gateways, SCADA and government entities. Most companies depend on their ERP system and a security breach could have catastrophic effects.
Many Companies Underestimate the Cost of Cybercrime on Their Enterprise Resource Planning System
Even so, many companies underestimate the risk of cybercrime to their organization. Financial crime is the easiest to measure. For example, during the holiday season of 2013, Target suffered a data breach that ultimately cost the organization more than $10 million. Malicious hackers found a way into an ERP system and stole customer financial data. However, in addition to the potential financial impact, there are intangible costs including the loss of customer confidence, loss of confidential information, and the opportunity cost of risk-averse behavior.
Have you considered the cost of cybercrime to your organization? Consider how much the information in your ERP system would be worth to your competitor. How much money would you lose if your ERP system were taken offline for a period of time? What would be the economic impact if someone is able to manipulate all of your financial information and processes? How would your business be impacted by a decrease in customer confidence and loss of revenue?
The facts are that cybercrime can have a serious impact on any business and it is important to take steps to mitigate that impact. This is the first installment on a series about cybersecurity. In future blogs, we will offer suggestions to prevent cyber attacks on your ERP and how to educate your employees on cybersecurity issues.
We recognize the importance of security to your company and your enterprise resource planning system. Contact us to review your current business processes and provide recommendations to help your business succeed and keep your data safe. Emerald TC specializes in helping mid-market, multi-location companies transform their processes to increase productivity, growth and profitability. Serving Atlanta, Georgia; Birmingham, Alabama; and Nashville, Tennessee; we focus on delivering complete, customized solutions designed for the manufacturing, distribution, healthcare and financial industries.