Today’s supply chains have become highly volatile and unpredictable. Yet, while issues caused by severe weather and port closures might not be preventable, there are other disasters that can be avoided, such as severe damages caused by a cyberattack.

IBM reports that 23% of ransomware reports tie back to the manufacturing sector, making it the most attacked industry. These incidents not only disrupted operations but also caused millions of dollars in damages. In fact, each manufacturing data breach costs roughly $5 million on average, while taking over 200 days to discover and almost four months to remediate. It’s evident that manufacturing companies still have a long way to go to secure their operations.

As the manufacturing sector continues to rapidly accelerate its digital transformation, it’s critical that these organizations are also prioritizing the security of their enterprise resource planning (ERP) applications amid the unprecedented threat landscape. Otherwise, their digitization efforts are put to waste. Manufacturing companies must invest in cybersecurity tools that can detect and mitigate any critical vulnerabilities or suspicious activity within the ERP. Yet many don’t know where to start when it comes to their business application security strategy. Following are some steps that manufacturers should take to strengthen their cybersecurity defenses.

Understand the current threat landscape. Manufacturers rely on ERP applications to manage their facility processes and operations, such as inventory management, payroll and production scheduling. Given its importance to the organization, an ERP that isn’t well-protected can present countless security issues and leave the business highly vulnerable. Unfortunately, many companies delay in applying necessary patches, or often don’t even realize a vulnerability exists within their application ecosystem.

The three high-severity vulnerabilities found in SAP Internet Communication Manager, a crucial part of SAP business systems, in early 2022 were perhaps one of the most daunting examples of ERP system flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) even added one of the flaws to its Known Exploited Vulnerabilities Catalog (KEV), urging companies to apply the necessary fixes before it’s too late. Despite the push to patch these flaws, many organizations have yet to apply the recommended remediations, leaving themselves vulnerable to threats like data exfiltration and financial damage.

Cybercriminals are well aware of business applications’ profitability and are evolving their tactics to directly target them. For instance, the cybercrime group Elephant Beetle was caught sitting within company networks for months while silently siphoning off millions of dollars. The threat group remained undetected for months on end by blending in and acquainting itself with each company’s financials prior to carrying out fraudulent transactions. Organizations must be prepared to face the new wave of threats, but this can only be done with full visibility into the IT ecosystem.

Obtain deep visibility into ERP applications. Threats like ransomware have traditionally been prioritized by security teams, who spend considerable time and money on defense-in-depth tools that provide layered network protection. Yet, as we witnessed with Elephant Beetle, a direct attack on an ERP can wipe out an organization’s financials, resulting in an incident that’s far more disastrous than a ransomware attack on a printer or desktop. Thus, while network security, intrusion detection and other defense-in-depth cybersecurity technologies are critical investments, they aren’t enough to protect the business application layer.

Security teams must take a deeper look at their cybersecurity strategy to ensure it includes ERP defense. To prevent threats like misconfigurations and unauthorized access, end-to-end visibility into the business application landscape is absolutely critical. This, coupled with strong security controls, will enable teams to keep a close eye on suspicious activity and take a proactive approach to risk management.

Deploy the right security defenses. Data from the Ponemon Institute shows that a majority of security experts understand that defending applications should be a priority, yet nearly two-thirds still struggle to reduce risks and contain attacks on business applications due to a lack of resources. While budget and time restrictions can certainly be a challenge, investing in the right cybersecurity tools can help security teams defend their operations. Application security tools catered to ERP, for instance, are strategic assets to any cybersecurity program. These technologies can alleviate overburdened security teams by continuously monitoring for vulnerabilities and misconfigurations. If an issue is identified, they proactively alert the team and automatically provide recommended steps for corrective action. From there, security teams can understand the severity of each vulnerability and prioritize those that need immediate attention.

Tackle ERP application security threats head-on. The above steps can help manufacturers make more strategic cybersecurity investments and prevent a potential supply chain security crisis. By becoming well-acquainted with new threats and risks, achieving visibility into their business application landscape, and implementing application security tools, companies can confidently ensure they have a strong cybersecurity strategy. ERP applications are facing a new level of risk in 2023, and manufacturers must be equipped to take on any cybersecurity challenge that comes their way.

Sadik Al-Abdulla is chief product officer of Onapsis.