Thought Leadership
Onapsis publishes its new study “ERP security in times of AI-supported ransomware”. The results are based on a survey of 500 cybersecurity decision-makers in companies with 500 or more employees in the DACH region and the UK.
Artificial intelligence is driving the development and spread of ransomware. Cybercriminals are using AI to develop more sophisticated and targeted attacks. Machine learning enables ransomware programs to identify and exploit vulnerabilities in networks and systems more quickly, personalize phishing attacks and make them more difficult to detect by traditional security solutions. In Gartner ‘s Emerging Risk Ranking, AI-supported attacks were the biggest concern of the companies surveyed in the first quarter of 2024.* The latest study by Onapsis also confirms that ransomware is a major challenge: A total of 83% of companies have experienced at least one ransomware attack in the last year, 46% have experienced four or more, and 14% stated that they have even been subject to ten or more attacks.
ERP systems in the focus of ransomware actors
SAP application landscapes and Enterprise Resource Planning (ERP) systems contain the most valuable company data and manage critical business processes. This makes them particularly attractive to ransomware actors. The ERP system was affected in 88% of DACH companies that had experienced at least one ransomware attack. Furthermore, 62% stated that the ransomware attack led to downtime of at least 24 hours.
“SAP applications are the operational heart of companies. If this system is paralyzed by a cyber attack, all business and production processes quickly come to a standstill,” explains Volker Eschenbächer, VP Sales International EMEA & APAC. “Against this backdrop, ERP security cannot be valued highly enough. At the same time, we often see in practice that this topic is still a major challenge: Security managers lack the necessary specific ERP know-how, the overview of all business applications in use is patchy and the security teams are understaffed.”
Lack of trust in the integrated security functions of ERP solutions
Of the companies in Germany, Austria and Switzerland that have been affected by ransomware attacks, 88% stated that their ERP applications and systems had been affected by the attack at least once. The majority of respondents in DACH are aware that this is a business-critical problem. In fact, 92% of respondents agree that a dedicated ERP security solution is required.
“While the volume of these attacks is not surprising, the increasing impact on ERP applications is notable, and it will only intensify in the face of AI-powered threats,” said Mariano Nunez, CEO of Onapsis. “This shows that ransomware actors have realized that disrupting ERP and business-critical applications is their greatest leverage. This is because downtime in large companies amounts to millions of dollars per hour. The study also shows that standard security solutions on the market are inadequate. Companies need a specialized, comprehensive solution that protects their business-critical ERP platforms from this growing threat.”
How companies deal with ransomware
When asked whether they had communicated with the attacking threat actor, the majority (69%) answered yes. Of these, 34% paid the ransom every time, 21% in some cases and 45% never paid, as recommended by the BSI and law enforcement authorities. At the same time, many companies make use of external support in the event of a ransomware attack: 83% of all respondents who had paid at least once stated that they had already worked with a ransomware broker, in DACH the figure was as high as 90%.
Because ransomware is widespread and sometimes life-threatening, almost all companies (96%) have now recognized that they need to adapt their security strategy. This also has a direct impact on cybersecurity investments in the DACH region:
- 58 % have invested in new solutions
- 57 % invested in training for their employees
- 54% have hired more employees internally for cyber security
- 38 % work with an external threat research team
(pd/Onapsis)
