Computer Engineer Ebu Yusuf Guven told about the most significant risks and solutions of digital era.
The time has effect on each period. And its current effect is digitalization and virtualization. The control, saving, ease of accessing and reporting opportunities -it provides with the opportunity it gives to the re-use of digital infrastructures- have started to transform to the passion of digitalizing each field that the human touches.
In the past decade, digital infrastructure had brought along electronic transformations in trade as in each field. It had started to control the private sector’s business processes –which had grasped digital development previously and with large volume- with ERP systems. And along with the improvement of internet infrastructure, ERP systems have become accessible from everywhere and every device.
Today, especially cyber threats and their sources are able to be very heterogeneous, and the targets are able to be various. Taking measures and being prepared before the attacks are of vital importance in preventing the social and economic damages. The security of ERP system –that can be the target of cyber-attacks- is constituting threat for the enterprises.
The use of old versions of software or of software whose support had been removed is constituting security gaps at enterprises. The software companies are issuing new versions and new products as per the security gaps and infrastructure problems of the software. The enterprises are not wishing to allocate source for the updates and new versions, and the software companies are pursuing product changes due to difficulty of upgrading traditional ERP. The researchers are showing that 66% of the companies are not using updated ERP versions. The resistance of companies to updates –that are generating new costs- is constituting significant security gaps. The attackers are determining the faults in the previous version through reverse engineering by especially examining the issues updates and are opting as target the companies using low level versions.
A real enterprise software should pursue an holistic approach for its security. Subjects such as the security of the ERP software, the security of the operating system on which it operates, the physical security of the server, security of network, security of end users should be inquired. The up-to-datedness of ERP operating on an operating system which is not up-to date is not indicating that the system is secure. The customers using the old products are being subjected to attacks made to gaps arising in such a case. The worst example of it is being encountered with the Windows XP operating system in the industry. In the current researches, the rate of ones using Windows XP is 20%. When the rate of operating systems being used at enterprise is considered, it is approaching to 60%. As using operating systems having security gaps is open to active and passive attacks, it is constituting significant security risks.
Insufficient reporting ability may cause external reports. And loss of data inspection is also a factor directly affecting the security of data. The reporting tools solved by new generation ERP systems generate vital data for the control of the correct and reliable operation of the system. And after being generated, this data is required to be kept at a secure location except the live system. The most dangerous command for a data system is update. The biggest problem of the reports provided by incapable reporting tools is arising from its inability of retrospective control of data and of showing the change in data that had occurred in time. The updates in retrospective data may give results that are hard to determine and impossible to compensate.
The requirement for external reporting is arising in an ERP system whose data check had been lost. Especially the export of critical data is being allowed by user friendly intermediate systems such as Access and Excel. The opening of data to another target requires not just the security of the main system, but also the security of the sub target systems that it is opened. After exporting the data, its carriage and copying and being unable to control it are causing significant security gaps. More secure, capable and centrally controlled reporting tools should be preferred. In the ERP systems, the data should be classified as per importance due to the statements to be provided by the enterprise. Data check and authorization should be increased, the permits should be given as per the classes of data while exporting it. But at this point the transparency of the security protocols should be considered, and it should be avoided from implementations that will hinder and becloud the operation of the user. ´The balance in between security and workableness should continuously be controlled by site tests.
Righteously many enterprises focus on exterior threats, physical security of data centers and security of end user. But for the enterprises the possibility of being subject to a hacker’s attack from outside is a lower.