Without the proper controls in place, you could be leaving the fox to guard the hen house. That’s what one NJ company just found out the hard way when its Financial Controller admitted to diverting $850,000 to her personal bank account over a 9 year period according to a report on NJ.com.
According to the prosecutor’s office, the employee was in charge of reviewing and approving expense reports. The expense reimbursement system was not integrated with the company’s accounting software and payroll system. The Financial Controller would then manually input the expense reports into the company’s payroll system. This means they had no visibility into transactions taking place across the enterprise. They also had no audit trails so they were unable to view change data logs to see that bank account details were manipulated and the payments were being rerouted.
It took 9 years to uncover this threat! And as NJ Burlington County Prosecutor Scott Coffina stated, “It is especially egregious when someone who is entrusted with helping to oversee the financial integrity of a business takes illegal action to exploit a shortcoming in the control mechanism for personal gain.”
Now take a look at all of the business-critical applications that are being used across your enterprise. Are you able to automatically review 100% of the transactions to uncover risky or fraudulent transactions? Do you have the ability to stop these transactions in their tracks as they occur? Do you have access to the audit trails within these applications to see what your users are actually doing?
If you’re in a large enterprise with over 10,000+ employees, this gets even more complex to put the right security measures in place. You may have multiple ERP systems, countless business-critical applications, a revolving door of employees, numerous privileged users, and endless other scenarios that open the door to the inside threat.
Find out what steps you need to take. Attend our upcoming live webinar on the 10 steps you need to take to protect your business-critical applications from the insider threat. Click here to learn more and register.