Business process hacking is the act of using weaknesses in the way an application is exposed to garner information or break in. Recent examples include the ChoicePoint and Lexis-Nexis attacks.
Here is a new one. A couple of young traders at an Estonion bank got a Businesswire account and proceeded to dig around until they found they could see stuff that had not been released yet. Now comes the hard part. If you know a company is going to release earnings of X how do you know what the stock is going to do? These guys were savvy enough to evidently earn over $7 million in profits.
If you have exposed business applications take a new look at them. Use the assumption that your *customers* want to steal you blind. That is a good starting point. Putting in defenses is the next step.