Distribution Is a High-Value Target Without the Defenses to Match
Your ERP touches purchase orders, vendor payments, inventory counts, and customer records all day long. If it's running on-premises and hasn't been updated in a few years, someone outside your building may already know that — and may have spent the last several weeks learning the layout.
Distributors process transaction volumes and payment velocity that rival banks. The difference is that banks have spent decades building regulatory infrastructure, fraud controls, and security investment into every payment workflow. Most distributors haven't.
The FBI's 2025 Internet Crime Complaint Center Annual Report documented more than one million cybercrime complaints last year, with total losses surpassing $20.8 billion — a 26% increase from 2024. Business email compromise alone accounted for $3.05 billion of that total.
Fraud researchers who have worked inside these criminal networks describe distribution as a deliberate focus — not because distributors are careless, but because the transaction volume is there and the security infrastructure often isn't. These aren't random scans. They're structured campaigns run by organized groups that study specific companies before making contact.
What Investigators Find After a Breach
When a technology consultant gets called in after a mid-market distributor gets hit, the configuration tends to look similar. Open firewall ports. An ERP running a version that hasn't been patched in years. A legacy VoIP system from a vendor that stopped issuing security updates. EDI connections to suppliers with direct visibility into orders and payments — and no documented access controls.
These aren't unusual configurations. For distributors that built their technology environment in stages over the past decade, this is often the baseline.
Ransomware appeared in 44% of all reviewed data breaches in 2025, according to Verizon's annual Data Breach Investigations Report. The consistent pattern in those incidents: attackers identify their entry point — usually a legacy component — weeks before the encryption payload executes. By the time the alert fires, they've already mapped the environment.
The MFA Gap Most Distributors Don't Know They Have
Most distributors have deployed multi-factor authentication for email and stopped there. VPN access, ERP logins, and administrative accounts frequently remain unprotected. Shared accounts in warehouse and operations environments — common because they're operationally convenient — eliminate the transaction-level accountability that fraud controls depend on.
When MFA gets treated as an IT inconvenience rather than a financial control, the risk isn't theoretical. When an attacker gets into a payment workflow using compromised credentials, the transaction looks legitimate because it's moving through a legitimate channel. There's nothing to flag.
In one documented case, an accounts payable team processed six to seven fraudulent payments totaling approximately $300,000 before the fraud was detected. The attacker had spent two weeks silently mapping the AP environment before generating a single fraudulent invoice.
Why Legacy Architecture Is Harder to Defend
On-premises ERP systems require your team to manage patching, monitor access logs, and maintain firewall configuration — on top of everything else they're doing. When the ERP is running a version that's multiple generations behind, you're defending an environment the vendor has stopped actively hardening.
Legacy VoIP systems are a specific example that comes up in post-incident reviews. Equipment from vendors that no longer issue security patches can function as a network entry point that bypasses more modern infrastructure. If it's connected to your network, it's part of your attack surface — regardless of whether anyone on your team thinks of it as a security concern.
The average cost of a data breach in the United States reached $10.22 million in 2025, according to IBM's annual Cost of a Data Breach Report. That figure covers direct costs. It doesn't include operational disruption, stock impact, or the multi-quarter earnings effects that large distributor breaches have produced — some exceeding $500 million in combined revenue headwinds.
What Moving to Cloud ERP Actually Changes
A modern cloud ERP doesn't eliminate risk. But it changes the security equation in ways that matter operationally for distributors.
Patch management shifts from your team's backlog to the platform's responsibility. Compliance with current security standards is built in and continuously updated. Access controls, audit logs, and approval workflows are configurable at a level most legacy on-premises systems can't match. MFA across every system touchpoint — not just email — becomes a realistic operational baseline rather than a multi-year infrastructure project.
Dynamics 365, hosted on Azure, runs on infrastructure Microsoft actively defends at a scale no mid-market distributor can replicate internally. That's not a product argument — it's a practical observation about where security investment is concentrated and what that means for your exposure.
What it requires is an honest assessment of where your current environment actually stands: what's patched, what's exposed, what's connected to what, and what controls exist in documentation versus assumption.
Where to Start
Western Computer has been doing that assessment with distributors for 35 years, across more than 1,250 implementations. The starting point is understanding what the current environment actually looks like before deciding what needs to change. If you want a straightforward look at your technology environment's security posture, our cloud readiness assessment is a good place to start.
