Threat is real for cyber attacks on procurement


The threat of cyber attacks on procurement systems is real. More so, the statistics suggest the risks are growing – fast. 

Many companies’ enterprise resource planning systems, which house their most valuable data, are still too vulnerable, commentary suggests. 

As PASA reported recently, with more and more procurement functions pursuing digital transformation programs exposure to risk also increases and the added need for mitigation mechanisms. 

McKinsey reported supply-chain attacks rose by 42 percent in the United States in the first quarter of 2021, impacting up to seven million people. 

The consultancy alluded to ERP systems, ”the crown jewels” of procurement data and accounting, being particularly vulnerable to attacks. 

The pandemic has forced businesses to shift to remote and home-based working models which has in essence forced the hand of digital transformation for businesses. 

But it’s also bitter sweet, as remote working often entails the use of personal devices and computers on residential networks creating a hunting ground for cyber cybercriminals.

In the UK, the National Fraud Intelligence Bureau (NFIB) reported (deep breath) over 445,357 cases of cyber and fraudulent crimes in the last 13 months. Total losses: 2.5 billion GBP. 

Hosting company Fasthosts reports compared to 2020 there’s a 98% increase in reported cybercrime targeting businesses. 

This week in Australia, the Federal Government has launched a new cyber crime centre as part of beefed up security measures. 

It has been established through $89 million in funding, which is part of the government’s $1.67 billion Cyber Security Strategy, IT Pro reports. 

Meanwhile, the Australian Tax Office (ATO)  is undergoing a major transformation of its IT environment and procurement activities while also pressing businesses to adopt e-invoicing practices. 

The ATO  has launched a request for tender (RFT), seeking partners to provide cyber augmentation services (CAS) -a range of skilled cyber professionals who will work with the ATO’s in-house team, ARN reports. 

Attacks on supply chains are ever increasing and the risks are obscured by the complexities of their business and supplier networks.

In November last year, PASA reported on PwC’s 2022 Global Digital Trust Insights Survey which found nearly half (59%) of Australian organisations have less than a thorough understanding of the risk of data breaches through third-parties, while nearly one-fifth have little or no understanding at all of these risks according to local data released from.

How procurement can protect ERP systems

McKinsey research says cyberattacks continue to be top of mind for businesses, but there’s a naivety when it comes to how vulnerable their ERP systems are to such attacks. 

“With these signs of increased threat levels, ERP businesses have invested in hardening and protecting their systems, McKinsey says. 

“But companies may still be vulnerable because of lack of focus, sufficient resourcing, or lack of understanding about how best to address cyber issues. Some companies, for example, have put their main focus on ERP upgrades and cloud migrations, leaving fewer resources available to focus on cyber.”

McKinsey has shared well-established practices to secure systems from cyberattacks. Here’s the seven key ways to protect your ERP system.

About Author


PASA (Procurement and Supply Australasia) is the leading provider of information, education and networking opportunities to procurement professionals throughout Australia and New Zealand. PASA supports the largest community of engaged procurement stakeholders in the region, through its renowned series of events, publications, training, awards and PASA CONNECT membership network. PASA is a trading name of BTTB Marketing Pty Ltd. BTTB Marketing has operated under the BTTB, CIPSA Conferences and PASA names for over twenty years.

Leave A Reply