How to Reduce ERP Security Risks

Enterprise resource planning (ERP) systems are among the most critical enterprise applications that an organization operates and as such, they represent a lucrative target for attackers. In a session at the RSA Conference last week, Onapsis CTO JP Perez-Etchegoyen outlined what's behind ERP breaches and provided additional insight in an interview with eWEEK. Perez-Etchegoyen said that ERP is a class of business-critical applications that many organizations are legally required to protect against data loss. ERP applications are developed by multiple vendors, though the largest deployments are from SAP and Oracle. "Nation-states are targeting ERP applications to extract financial reports; they are targeting different types of internet-facing portals and applications to get data from those systems,"Perez-Etchegoyen told eWEEK. Onapsis is a provider of ERP security technology and has been actively engaged in research to identify vulnerabilities in recent years. In April 2018, the company reported a 13-year-old vulnerability in SAP that could expose all SAP implementations to exploitation by attackers. In July 2018, Onapsis partnered with dark web intelligence vendor Digital Shadows to identify how ERP systems are being exploited. Perez-Etchegoyen said Onapsis has expanded on its research in recent months to better understand what attackers are doing.