With the influx of new, connected technology over the last several years, cybersecurity has become a hot topic and a critical issue to address for any company with modern computer systems. Mobile interfaces, cloud computing and virtual payments have offered tremendous benefits to businesses including lowering costs and providing more flexibility and increasing user access, however, these technologies have also opened the door to cybercrime. Your ERP and other core business systems are targets because of the critical business information that they hold.
Cybercrime is a Growth Industry
Cybercrime is a growth industry. It offers high reward at a very low risk. Your ERP can offer financial value to unethical competitors and criminals. A study by McAfee estimates that the cost to the global economy is more than $400 billion. Few of the biggest cybercriminals have been caught or even identified. Even when authorities know exactly who is responsible, there is often nothing they can do about it. The rate of the return favors the criminal so the incentive is to steal more.
There are three basic categories of criminals that account for the vast majority of cybercrime:
- Organized crime: These organizations are similar to those that run drug empires except these are more sophisticated. They have extreme specialization, distributed management and a social network which makes it very difficult to stop. Russia is the home of much of the organized cybercrime. One estimate is that there are 20 to 30 cybercrime groups with leadership composed of former Russian intelligence officers. The purpose of these organized crime groups is, of course, to make money from the data that they capture.
- Hacktivists: Hacktivists are people, like Anonymous, who are driven by conscience and cause and are not in it for the money but, instead, wish to disrupt or disable the organization that they deem responsible. They share information and tools and they are very difficult to predict.
- State-sponsored: Many nations sponsor armies of hackers. According to a cybercrime expert, China is the most sophisticated and powerful of these. Russia follows far behind, and other nations that sponsor cybercrime include North Korea, France and Israel. The goal of these groups range from corporate espionage to defense. China, for example, has stolen complete business records in order to create a competitive business. They will steal patents and business secrets and sell it to Chinese companies in order to bolster China’s competitive advantage.
The Cost of Cybercrime
The most important cost of cybercrime comes from its damage to company performance and global economic growth. The threat of cybercrime is so significant that, in 2014, President Obama issued an Executive Order on Cybersecurity— “Improving Critical Infrastructure Cybersecurity.” The EO defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
An attack on corporate ERP systems could have a major impact on national economic security. ERP systems are mission-critical assets that store important company information and run core operations. ERP systems store data including manufacturing recipes, employee information, credit cards and financial results. They run essential operations including procurement, manufacturing, logistics, sales and payroll. They interface with payment gateways, SCADA and government entities. Most companies depend on their ERP system and a security breach could have catastrophic effects.
Even so, many companies underestimate the risk of cybercrime to their organization. Financial crime is the easiest to measure. For example, during the holiday season of 2013, Target suffered a data breach that ultimately cost the organization more than $10 million. Malicious hackers found a way into an ERP system and stole customer financial data. However, in addition to the potential financial impact, there are intangible costs including the loss of customer confidence, loss of confidential information, and the opportunity cost of risk-averse behavior.
Have you considered the cost of cybercrime to your organization? Consider how much the information in your ERP system would be worth to your competitor. How much money would you lose if your ERP system were taken offline for a period of time? What would be the economic impact if someone is able to manipulate all of your financial information and processes? How would your business be impacted by a decrease in customer confidence and loss of revenue?
The facts are that cybercrime can have a serious impact on any business and it is important to take steps to mitigate that impact. This is the first installment on a series about cybersecurity. In future blogs, we will offer suggestions to prevent cyber attacks on your ERP and how to educate your employees on cybersecurity issues.
Accounting Systems, Inc. (ASI) understands your need to focus on the tasks that make your business successful and leave the technology tools to the experts. We offer proven software and services that your business needs to grow and thrive. We have been helping clients solve their most difficult business problems since 1986. Contact us to review your current business processes and provide recommendations to help your business succeed and keep your data safe.