Was sind die häufigsten ERP-Sicherheitsbedrohungen und wie können sie verhindert werden?

The biggest exposure to ERP data breaches is due to poorly designed user access and security profile design. E.g. copying from one user access to the next and adding access based on individual requests instead of defined roles. Another one is to expose recent production data in development and test environments which rarely are on the radar of IT security or GRC, but can expose confidential data to third party developers and employees who should not be able to access it.

Moving application to the cloud isolates internal systems and reduces the ability of an attacker to compromise the business data via email and other social engineering means. However this comes at a price where an organization is loosing the direct control over the "server" level command and control structures. Internal IT organizations are reluctant to move into new schema where they need to work thru a third party cloud operator to perform multitude of tasks they used to control in-house.

Christopher, I was struck by your comment, "Another one is to expose recent production data in development and test environments" REAL Data should/MUST Never Be Used during software development and testing!!! Real data could be converted to 'pseudo-data' that has all the markings of real information, but containing NO information based on real products, suppliers, customers, employees, dates, etc., etc. ! I can not believe that such a simple practice is not universal, at least during development! After rollout of the system, security of the data becomes a problem with very different solutions and challenges.

Sure, educating users on how to avoid being hacked or scammed or phished is a great idea, but what bugs me to no end is the apparent unwillingness of companies to demand from the Federal Government information or support to help EVERY company have availability of the latest and best software tools and practices to prevent that from happening in the first place! I don't intend that to be the start of a political rant, but if some agency of the Federal Government is NOT chartered or tasked with helping ALL of the companies within its borders be safe from these attacks, a fragmented, company-by-company reinvention of wheels will certainly lead to failures in the long term. This should fall under "National Security"!

With the increased dependency on cloud based and virtual services, ransom attacks are becoming more frequent. Ransom attacks involve attackers taking control of a system, encrypting the files or data, and then demanding a ransom payment in order to regain access. To protect against ransom attacks, ERP systems should have robust security measures such as anti-virus protection, firewall protection, and data encryption. Additionally, regular backups should be taken in order to restore data in the event of an attack.

My introduction to DoS attacks, I think was back when I was in computer marketing for Hewlett-Packard. Back in the '90s. I think HP had developed software that would throttle the flow of such attacks such that the servers could not be overwhelmed beyond their capacity to handle connections. So, it astounds me that DoS can still be a problem. Bandwidth, load balancing and redundancy can all help (I was also associated with HP's system-redundancy programs and products,) but one of my favorite observations was when the State of California brought up a new computer system for citizens' use. The system crashed immediately at launch, . It appeared that Nobody on the development team had EVER considered doing stress test or benchmarking.

It strikes me that the same suggestions in the "Human Errors" section, below, apply here, too. Errors of configuration should never happen. All of the issues listed here should be checkoff items for the finished system. One possible 'system design' might be to make many of the design and delivery steps into Team Efforts, where multiple sets of eyes (and brains) can more effectively notice and fix missing parts or steps, long before delivery of the finished product. If imperfections in the product are costly to the maker, the added cost of personnel might be relatively inexpensive insurance!