Research from ERP solution provider Forterro with UK midmarket industrial companies has found that 40% of respondents identified security as their top priority for the future. A similar number (37%) have security concerns with their current ERP systems.
Another research report by the Royal Institution of Chartered Surveyors revealed that 27% of UK businesses experienced a cyberattack in the past year, up from 16% in 2023. According to Orderwise, Forterro’s ERP solution designed for distributors, wholesalers, retailers and manufacturers, there are major implications to this increase.
“Over the last 18 months, we’ve seen midmarket firms really embracing digital transformation and the cloud,” said Carrie Tallett, Senior Product Manager, Orderwise. “This rapid digitisation offers enormous operational benefits, such as speed, efficiency and growth. However, with increased digitisation comes increased vulnerability. More data stored in digital environments means more potential points of attack. Robust cybersecurity measures should be embedded into every digitisation strategy and utilising cloud ERP can be highly beneficial in that regard.”
Addressing cybersecurity can be daunting for companies lacking the resources and expertise of their larger counterparts. What’s common between all businesses though, is the desire to focus on their operation, not the peripheral; this is where vulnerabilities can appear as security isn’t always a focal point.
The first step to securing an ERP system is understanding where its vulnerabilities lie. Companies should begin by mapping out the system’s operating platform as well as its full architecture, including all third-party integrations.
Also, access must be tightly controlled. A critical step is to deploy multi-factor authentication (MFA) across the board and regularly review and remove unused or excessive user privileges.
Modern ERP systems do not operate in isolation and are usually connected to many disparate parts of the business. Every single integration represents a potential entry point for cyberattacks. To mitigate this, organisations should use secure middleware and API gateways, enforce data encryption in transit, and apply network segmentation to isolate high-risk components.
Another key element of cybersecurity, according to Tallett, is compliance.
“ERP security is not a purely technical issue and is also a matter for governance and compliance. Organisations must define clear policies around ERP use, including password hygiene, data access and acceptable behaviour.”
Ultimately, regardless of the ERP vendor you work with, it is essential to stay current with security updates. Some cloud providers offer regular deployment of patches if internal resources are scarce. www.orderwise.co.uk
Comments are closed.