You can manually set up the program to issue a notification when a record is changed, moved, added, or removed, Kimmell says, or such a feature could be added by Microsoft. It's all about regular reconciliation and auditing to catch these types of nefarious intrusions so inside jobs aren't long-term and devastating, he says.
Onapsis' Nunez says sophisticated targeted attacks against the organization's financial systems are a real threat today. "We are not talking anymore about protecting ourselves only from our employees. Now we need also to protect our system from high-profile targeted attacks that can be exploited by malicious parties who don't even have a valid user account in the ERP systems," Onapsis' Nunez says. "If they are successful in breaking in, you can be sure that a financial fraud would be a matter of minutes."
A copy of Eston and Kimmell's white paper is available here for download.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.