What is special about ERP software is that all a company’s processes are integrated in one single IT system, explain the scientists in Würzburg . They want to create an add-on toolbox: DeepScan , to promptly detect any attempted fraud and manipulations. As an example, they cite a repair department worker who flags a still-working product as ‘not repairable’ in the IT system, in order to sell it on for cash to line his own pocket. DeepScan leverages machine-learning to learn which processes are normal in a given company, and so to automatically report any abnormalities. Apart from attempts at manipulation, DeepScan’s security net also catches other abnormalities, including inadvertent errors. The researchers in Würzburg are still looking for industry partners to help further develop their toolbox. Interested parties can contact them here .
Back in 2015, German portal IT-Zoom warned of sabotage of ERP systems, describing such attacks as a “direct attack on a company’s expertise and the effectiveness of its processes”. While the focus then was on external attacks, the report also stated that a high level of complexity and lack of resources meant that many patches were not being installed in ERP systems, resulting in security vulnerabilities.