How Ransomware Can Hold Your ERP Hostage

Event Image-2

Ransomware continues to be an ever-expanding threat to ERP systems around the world, especially when organizations fail to educate employees on behaviors leaving their information more susceptible to malicious software. While better practices can lessen ERP vulnerability, the structure of an ERP system, whether on-premises or in the cloud, can also impact the effectiveness of ransomware in capturing sensitive data. In this episode of The ERP Advisor, special guest, Security Awareness Advocate James McQuiggan, returns to join Shawn Windle in educating ERP users on protecting their software from the devastating effects of ransomware.


How Ransomware Can Hold Your ERP Hostage

What is Ransomware & How Does it Impact ERP?

Ransomware is malicious software designed to make your data unavailable. Data under the grip of ransomware is at risk of being unusable, deleted, or released to the public, putting businesses at significant risk. Hackers write code specifically designed to encrypt data files, specifically header files. Any data or text file is susceptible to a ransomware attack.

Ransomware attacks can be detrimental to ERP systems because the malicious code restricts data access, rendering the system useless. Lack of proper prevention of a ransomware attack can have a devastating effect on a business because it can leave them completely unable to access its data or use its ERP.

The two biggest risks are 1) you don’t have any reliable backup of your data and thus your operating data is being held “ransom,” forcing you to pay the hacker to get your ERP data back, or 2) the hacker threatens to release your sensitive data, including customer lists, onto the dark web which could leave you at risk of confidentiality issues with your clients or cause a competitive disadvantage. Therefore, simply having a disaster recovery solution to replace your data set will not necessarily prevent all ill effects of an attack.

How Do Hackers Get In?

While human capital can be an organization's greatest asset, it can also be its greatest downfall. Although many businesses have cybersecurity measures in place, human error can often put the integrity of a system at risk and leave data vulnerable to cyberattacks. Evil intent or a lack of education can dictate the risk an employee poses to their business, either of which can take down even the largest of organizations.

People are constantly in a rush, especially when it comes to work schedules where employees have meetings and deadlines, one after another. In the chaos of everyday tasks, it can be easy for people to mindlessly click through emails and complete requests without taking the time to verify the information. This careless behavior is a way in which hackers find gaps in an organization. Clicking on links from hackers or providing personal information enables them to download malicious viruses or use credentials to break into a system. Uneducated employees are much more likely to mistakenly allow hackers into the system.

Unfortunately, disgruntled employees can also pose a risk to an organization's cybersecurity because hackers will seek out these individuals to orchestrate attacks. This could be as easy as providing the employee with a flash drive housing malicious software and instructing them to plug it into the system. The code can quickly infect the ERP and destroy the system through the actions of a single employee.

Regardless of employee actions or cybersecurity protocols, hackers are constantly evolving to find ways into ERP systems outside of recognized channels.

Security On-Premises vs. In the Cloud

The on-premises versus cloud security debate is a never-ending argument encompassing the ERP world. While each option can come with hiccups, cloud ERP solutions tend to be more user-friendly due to the vendor carrying the brunt of the security concerns.

On-premises solutions require robust cybersecurity mitigations to protect the company from malicious actors. This is a tremendous task and takes multiple technical people to protect the application. When a system is on-premises, it is even more important to educate employees on proper security standards because individuals have greater access to the system as a whole.

Hosting providers maintain and monitor cloud-based applications to ensure ongoing security compliance. However, this does not remove all responsibility from the customer. There are still risks associated with storing data within “someone else’s” computer. Hackers can still access your data through security gaps and the carelessness of employees; although, it is less common.

It is still essential for cloud-based customers to remain current on the precautions vendors take to mitigate security risks. A good practice is to set up a yearly meeting with your software provider to review their security enhancements and receive clarification on their current cybersecurity protocols.

How To Mitigate a Ransomware Attack Once It Has Happened

When cyberattacks occur, businesses need to know what to do. If ransomware manages to take your data hostage, the hacker will first indicate their intentions and negotiation terms to either provide the encryption key or delete the data to prevent them from releasing it to the public. These negotiations typically occur in two parts, with two separate payments as settlements.

Hackers will conduct negotiations through the dark web, requiring bitcoin for payment and the use of a Tor browser, preventing authorities from tracking interactions or apprehending the hackers.

Some businesses will find themselves needing to involve the Federal Bureau of Investigation (FBI) depending on data sensitivity, business type, ransom set, and more. The FBI cannot guarantee successful negotiations or the apprehension of hackers, but they can assist businesses through the negotiation process.

The final step to managing a ransomware attack, or any other cyberattack for that matter, is to step back and assess the damage to the system and data. Security teams must mitigate problems caused by taking inventory of the compromised data and assessing the overall damage. Executives must also evaluate the cause of the attack and work to prevent future burdens on the organization.

Planning & Educating to Reduce the Risk of Cybersecurity Attacks

The most important step in combatting cybersecurity risks is to be proactive, not reactive. An incident response plan will prepare an organization in the event of a cyber security attack. To create an incident response plan, security teams must gather leaders within the organization and meticulously evaluate the role of each person during a cybersecurity breach. Run-throughs can then be conducted to ensure that employees can effectively uphold their roles.

The next step will be to increase the security culture at the company through training and education of the workforce. Employees cannot act in the best interest of the company if they are unaware of the scams that can plague ERP systems or how to detect the malicious actions of hackers. Companies like KnowBe4 will come into an organization and test the security knowledge of users by sending them spam emails and determining who and how often employees fall for the scam, along with other scenarios. These simulations reveal the shortcomings across the workforce and assist leaders in pinpointing the focus for education while building awareness around the importance of cybersecurity.

To prevent hackers from infiltrating the system, organizations should create policies surrounding cybersecurity and business practices. By implementing the Principle of Least Privilege, companies can limit who has access to what across the entire enterprise. The segmentation of information across the ERP system mitigates risk to the business if a single team or department gets hit. Ensure that employees are prioritizing cybersecurity by using private, secure networks, regardless of their working location, through the development of remote work protocols.

At an advanced level, organizations can seek out the implementation of non-phishable multi-factor authorization (MFA) to further protect their system. This form of MFA comes as a “key” given to each individual. MFA keys authorize a user when plugged into a system to maximize security efforts.

Cybersecurity can be well managed with thorough incident response plans and the education of your workforce. Without proper planning and preparation, businesses will be left fearing the possibility of their next attack.

Cybersecurity insurance is another way in which businesses are combatting cyberattacks because it can help cover ransomware and overhead costs associated with attacks. Unfortunately, in recent years, the cost of cybersecurity insurance has skyrocketed due to the sheer number of cyberattacks occurring every year. If your business can afford the costs of insurance, it is something that can pay out in the end and save a business from disaster.


The threat of ransomware and other cybersecurity attacks can leave businesses paralyzed in fear. With the significant number of cybersecurity attacks per year, it can be easy to believe that efforts to mitigate the risk of attacks are futile; however, this is simply not true. Detailed planning and preparation help reduce the odds that an employee will be scammed and increase the possibility of recovery once an attack has occurred.

Protect Your ERP from Cyberattacks