View Points >> Viewpoints

Alexander Polyakov, ERPScanAlexander Polyakov, ERPScan


I want to talk a little about the security of big companies. There are some areas which are underestimated by many companies. While a lot of buzz exists about mobile, SCADA, cloud and cyber attacks, we forget about key elements of IT infrastructure that store and process all corporate data.

I’m speaking about enterprise business applications, like ERP or CRM systems etc. The IT infrastructure of every big company consists of different big systems like ERP where all the business processes go on. The different business applications are connected with each other by enterprise service bus solutions to process critical data (HR, financial, material, customer, etc.). Looking at this scheme, it is clear that the of those business applications is one of the main topics of corporate .

The biggest business application is . Years ago, the topic of was not very popular, but now we see more than 30 unique papers per year discussing new attacks, and the number of vulnerabilities closed by is more than 2 500. More and more companies begin to focus on this area. Nowadays, this threat has become more realistic after the news about Anonymous, who said the Greek Ministry of Finance was hacked using a 0-day in and critical data leaked.

While this is still neither confirmed nor denied, we must understand that this scenario is more than possible. Every month, our researchers receive acknowledgments from for helping to find and close different vulnerabilities. Some of them are very critical and allow any anonymous user to gain access to all data stored in system.

About the author: is chief technical officer at ERPScan. He will be speaking at the upcoming Security Summit taking place at Sandton Convention Centre from 7-9 May.