September 22, 2020

Volume X, Number 266

September 22, 2020

Subscribe to Latest Legal News and Analysis

September 21, 2020

Subscribe to Latest Legal News and Analysis

Could your ERP system make you a victim of cybercrime?

We frequently blog here about incidents where companies, government agencies or public have suffered data or security breaches at the hands of hackers. They’re often incidents that come to light because they affect the public in some way – by shutting down hospitals, exposing sensitive personal information, or threatening government security. But what about hacks that, while not having wide-reaching public implications, go to the core of a business’ operations?

A new survey has given an insight into the vulnerabilities companies running SAP or Oracle enterprise resource planning (ERP) software are facing – with 64% of respondents reporting a breach of their ERP systems in the past 2 years.

The information that was most sought after? Sales data. This was followed by personal information, IP and financial data. All information, if in the wrong hands, could destroy a company.

90% of SAP systems are reported to be vulnerable to 10KBLAZE, a public exploit discovered in April this year. The Oracle Payments module contains four critical bugs which require patching – if left unpatched, put sensitive data – including credit and bank account information – at risk.

If your business has an Oracle or SAP ERP system in place, how do you protect yourself? As a starting point, you should make sure you have in place robust cybersecurity and application maintenance policies and procedures. You should also make sure that included in those procedures is an audit process that truly assesses the system – identifying any vulnerabilities, and ensuring fixes and patches are implemented in a timely manner.

Copyright 2020 K & L GatesNational Law Review, Volume IX, Number 303


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Allison Wallace, KL Gates, Commercial Technology and Sourcing lawyer, Australia

Allison Wallace is a lawyer in the Melbourne, Australia office of K&L Gates, working in the Commercial Technology and Sourcing Practice.