• Advertise
  • Contact Us
  • Supplier Directory
  • SCB YouTube
  • About Us
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Parcel & Express
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Robotics
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Customer Relationship Management
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • Green Energy
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • Sourcing/Procurement/SRM
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Management & Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Warehouse Automation
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • WHITEPAPERS
  • VIDEOS
Home » Blogs » Think Tank » Manufacturing’s Hidden Risk Will Be Outdated SAP Systems

Think Tank
Think Tank RSS FeedRSS

Manufacturing’s Hidden Risk Will Be Outdated SAP Systems

A visualization depicting the letters "SAP" in a circle int he center, connected to other circles surrounding it
Photo: iStock / bymuratdeniz
August 7, 2024
Paul Laudanski, SCB Contributor

The manufacturing industry faces a ticking time bomb in the form of outdated SAP enterprise resource planning (ERP) systems.  While SAP, the number three ERP provider after Microsoft Dynamics and Workday, is rapidly innovating and migrating its software to the cloud and implementing Business AI, many manufacturers are clinging to on-premise deployments of older SAP versions, particularly SAP's ECC (ERP Central Component). This creates a significant security risk, as these legacy systems become increasingly vulnerable after 2027 when mainstream maintenance support ends for Business Suite 7. 

Compounding the problem is the slow migration rate to SAP's S/4HANA, the company's next-generation cloud-based ERP system.  Research by Basis Technologies reveals that less than 60% of companies using SAP's on-premise ECC software application are on track to fully migrate before the 2027 deadline, due to system complexity and potential costs associated with the migration process.  Additionally, today’s growing tech talent shortage and skills gap is expected to further hinder the migration efforts of many manufacturers. 

The consequences of inaction are severe. With nearly three-quarters of SAP customers yet to make the transition, a significant portion of the manufacturing industry remains vulnerable.  Companies that fail to address this challenge risk running unsupported software, exposing themselves to critical security vulnerabilities and rising cyberattacks. These attacks can cripple production lines, cause significant financial losses, and damage a company's reputation. Manufacturers must prioritize modernizing their SAP infrastructure and implementing robust security measures to safeguard their critical operations and sensitive data. 

Manufacturer’s Must Prepare 

If enterprises aren’t preparing to transition, they will suffer from technical debt compounded by SAP ending its support of ECC models in the next three years. As these systems manage the most valuable data, they attract diverse threat groups, motivated either by financial gains or disruptive goals — and will have a clear opening for attack.  

The manufacturing industry has been of particular interest to cybercriminals, with 260 data violation incidents in 2023 in the United States alone. In fact, North America accounted for 40% of ransomware attacks on industrial organizations and infrastructures worldwide, and in 2022, the global average cost per industrial data breach was around $4.73 million U.S. dollars. 

Already, research has found that from 2021 to 2023, ransomware incidents that compromised SAP systems increased by 400%. During the same period, discussions on exploiting SAP vulnerabilities saw a staggering 490% increase across the open, deep, and dark web.  

Disrupted supply chains, loss of intellectual property, and product interference were real threats that 39% of manufacturers experienced from breaches in the last 12 months.  

This disturbing trend is a clear indicator that SAP applications are highly valued targets, connecting various crucial aspects of manufacturing and supply chain operations, making their security a top priority. 

Pace of Adoption Poses Risk 

Fueled by global competition and the need to bounce back from disruptions like COVID-19, many manufacturers have embarked on a digital transformation at breakneck speed.  While this rapid integration of technology has yielded efficiency gains, it often comes at the expense of security. Companies prioritizing speed over security have left gaping vulnerabilities in their systems, ripe for exploitation. 

This problem is compounded by the growing complexity of ERP systems.  As manufacturers embrace sustainable practices and Industry 4.0 principles, their ERP software needs to not only handle traditional functions but also integrate with new "green" processes and service-based models. This increased complexity creates blind spots within these systems, making them even harder to secure. 

Further exacerbating the issue is the ongoing cybersecurity skills gap.  With stretched-thin security teams juggling digitization initiatives, product innovation, and supply chain protection, critical tasks like ERP security often fall by the wayside. The World Economic Forum reports a staggering 95% of cyber leaders believe a greater effort is needed to recruit and develop cybersecurity professionals. This lack of skilled personnel makes implementing robust security measures even more challenging, particularly with the looming threat of mainstream maintenance ending for one of the top ERP softwares. 

On top of this, a crucial defense mechanism, Multi-Factor Authentication (MFA), is often not enforced, further weakening the overall security posture.  This combination of factors — increased complexity, a talent shortage, and lax security practices — creates a perfect storm for cyberattacks targeting these vulnerable organizations. 

Modern Solutions and Strategies 

Addressing the sophisticated nature of threats facing ERP systems in manufacturing today requires a multifaceted approach. This includes: 

  1. Automated Security Processes: Automation plays a crucial role in modern cybersecurity strategies. By automating security measures, companies can minimize human error, accelerate response times, and ensure ongoing protection of critical systems.
  2. Human-in-the-loop: When dealing with automated processes, human expertise must also be kept in the loop. This ensures the output stays consistent and enterprises can lessen entropy. Having data that is rich, relevant, and curated is still key to success. 
  3. Research-Driven Insights: Leveraging the latest findings from cybersecurity research is essential. Continuous threat intelligence allows companies to stay ahead of cybercriminals, especially those targeting specific vulnerabilities in SAP systems. This approach is crucial for developing a proactive defense strategy that adapts to new threats as they emerge.
  4. System Integration: Security must be integrated into the ERP system's architecture from the outset. A holistic approach ensures that every component of the ERP system is designed with security in mind, enhancing the overall resilience of business operations.
  5. Joining the MFG-ISAC: Join communities such as the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) to play a part in defending the manufacturing sector and staying up to date. 

Risk Management Requires a Holistic Approach  

Implementing advanced security measures involves more than just deploying technology; it requires a strategic approach to risk management. Best practices include continuous system monitoring, regular security assessments, and the proactive integration of security features during the system design and development phases — such as SAP S4/HANA.  

By understanding the specific threats that have historically targeted SAP systems, companies can better prepare and mitigate potential risks. Proactive security not only helps in managing the immediate threats but also prepares the organization for future challenges. Industry leaders in the manufacturing sector must not underestimate the importance of advanced ERP security strategies and must reassess existing security frameworks that are quickly becoming outdated.  

Paul Laudanski is director of security research at Onapsis.

Cloud & On-Demand Systems ERP & Enterprise Systems Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A PARTIALLY OPEN AIRCRAFT MANUFACTURING HANGAR SPORTS HUGE IMAGES OF PLANES ON ITS SLIDING DOORS

    Boeing Dismantles DEI Team as Pressure Builds on New CEO

    Air Cargo
  • A CLOSE-UP OF VARIOUS PILLS ON A MAGENTA TABLE.

    U.S. More Susceptible to Drug Shortages Than Canada

    Global Supply Chain Management
  • A large blue container ship docked at a port, below three white shipping cranes, while a grey barge moves through the waterway in the foreground

    Montréal Employers Threaten to Suspend Striking Port Workers’ Salary Guarantee

    Global Gateways
  • A WOMAN OF COLOR IN BLUE OVERALLS HOLDS A WELDING TORCH IN A FACTORY SETTING

    A Call for Reinvigorating the U.S. as the World’s ‘Manufacturing Superpower’

    Regulation & Compliance
  • An above view of crates of red apples stacked on top of each other, next to a man in a plaid shirt and a white hard hat looking at a tablet.

    The Fight Against Food Fraud in Our 'Biggest, Weirdest Supply Chains'

    Global Supply Chain Management

Digital Edition

Cover nov 24 scb q4 2024

Supply Chain Innovation 2024: A Formula for Thriving in the Age of Disruption

VIEW THE LATEST ISSUE

Case Studies

  • Recycled Tagging Fasteners: Small Changes Make a Big Impact

  • A GRAPHIC SHOWING MULTIPLE FORMS OF SHIPPING, WITH A HUMAN STANDING AT THE CENTER, TOUCHING A SYMBOLIC MAP OF THE WORLD

    Enhancing High-Value Electronics Shipment Security with Tive's Real-Time Tracking

  • A GRAPHIC OF INTERLACING HONEYCOMBED ELEMENTS REPRESENTING GLOBAL BUSINESS TRANSACTIONS

    Moving Robots Site-to-Site

  • JLL Finds Perfect Warehouse Location, Leading to $15M Grant for Startup

  • Robots Speed Fulfillment to Help Apparel Company Scale for Growth

Visit Our Sponsors

AutoStore Beumer Group Brightdrop
CHEP Cleo Coenterprise
Comarch Commport Cycle Labs
Dassault Descartes Enveyo
Eva Air Exiger ForwardX Robotics
Frayt Generix Georgetown University
GEP Holman Logistics iGPS
Integrity Staffing JLL Kinaxis
Korber LoadSmart Lucas Systems
Manhattan Associates Netstock OWD
Old Dominion Ortec PartnerLinQ (Visionet)
Plante Moran Quickbase RapidRatings
Rockwell Automation SAP S&P Global Mobility
TADA Tecsys Zebra Technologies
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2024 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing