Protecting Utility SAP ERP Software from Hacking

 In Industry Highlights

ERP

SAP, along with cloud consulting firm Onapsis, recently issued a warning regarding a vulnerability in unpatched SAP systems that run enterprise resource planning (ERP) software.  The sad part about this is that SAP releases dozens of patches every day, and the vulnerabilities could easily be resolved with patches that have already been made available but were never implemented.

How Utilities Can Protect Their ERP Systems

Hackers are getting more savvy every day.  Not only are they able to identify SAP-based ERP platforms that are not up to date on their patches, but they are often able to patch the backdoors they use for gaining entry after the fact, essentially covering their tracks!

Making matters even more dire is that SAP typically feeds multiple systems within a company, affecting the data, functionality and users associated with those connected systems.

With that being said, all is not lost.  I trust your company has solid cybersecurity plans and procedures in place, which is a great start and lays the foundation for a strong security mindset and culture.  According to this PowerGRID article, in addition to maintaining excellent communication and planning, here are 3 other best practices for fortifying SAP-based ERP systems:

  • Develop and implement a process to track the release of new vendor patches (SAP as well as all other vendors) so none fall through the cracks.
  • Prioritize by patching the most critical items first. This is important because patching can take time, as it usually results in downtime which requires approval and negatively impacts users.
  • Audit all systems at least quarterly to identify any new patching needs or security requirements.

The bottom line is that system hacking is the fastest-growing risk we’re facing in the utility industry, and the goal should be to stay one step ahead of the bad guys.  By having a plan that is always up to date, focusing on communication, regularly reassessing security needs, and optimizing your process for tracking and implementing new security patches, you’ll be well-equipped to ensure your ERP system is as protected as possible.  Good luck!

Recommended Posts

Leave a Comment

Start typing and press Enter to search