Without the proper controls in place, you could be leaving the fox to guard the hen house. That’s what one NJ company just found out the hard way when its Financial Controller admitted to diverting $850,000 to her personal bank account over a 9 year period according to a report on NJ.com.
According to the prosecutor’s office, the employee was in charge of reviewing and approving expense reports. The expense reimbursement system was not integrated with the company’s accounting software and payroll system. The Financial Controller would then manually input the expense reports into the company’s payroll system. This means they had no visibility into transactions taking place across the enterprise. They also had no audit trails so they were unable to view change data logs to see that bank account details were manipulated and the payments were being rerouted.
It took 9 years to uncover this threat! And as NJ Burlington County Prosecutor Scott Coffina stated, “It is especially egregious when someone who is entrusted with helping to oversee the financial integrity of a business takes illegal action to exploit a shortcoming in the control mechanism for personal gain.”
Now take a look at all of the business-critical applications that are being used across your enterprise. Are you able to automatically review 100% of the transactions to uncover risky or fraudulent transactions? Do you have the ability to stop these transactions in their tracks as they occur? Do you have access to the audit trails within these applications to see what your users are actually doing?
If you’re in a large enterprise with over 10,000+ employees, this gets even more complex to put the right security measures in place. You may have multiple ERP systems, countless business-critical applications, a revolving door of employees, numerous privileged users, and endless other scenarios that open the door to the inside threat.
Find out what steps you need to take. Attend our upcoming live webinar on the 10 steps you need to take to protect your business-critical applications from the insider threat. Click here to learn more and register.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.