One of the main ERP business issues in our internet age is the increase in the number of these so called hackers, with some of them even hosting their own virus-filled websites. While some of them do this for financial gains, others just do it for fun. Largely, security in ERP requires a fresh approach; one that not just focuses on data but also on the security of the transactions involved.
While threats from outsider intrusions and attacks continue to go up, the chances for insider systems misuse has also grown by a long way. The fact is that, at the level of transaction, security flaws can be used more often than not by people inside the system. Although many of the available ERP systems present data encryption features which restrict people from exporting any files, it doesn’t satisfy the need for security from fraudulent insiders who take advantage of the authorization they have.
Though ERP systems have used audit logs for keeping an eye on the transactions made by an insider, or any updates in the system; these don’t give much information on whether the transaction was actually necessary or appropriate. And even though suspicious transactions can be sorted out by internal auditors; many organizations don’t install the audit log feature for their ERP system, as some believe that it may affect the performance of the employees.
What’s more, ERP applications continue to be susceptible to security attacks from outsiders as well, as anyone can now break feeble passwords with plain dictionary attacks. On the other hand, some of the most destructive hacker tricks arrive with the use of social engineering, which is about fooling people into giving out their identification details. Meanwhile, many companies have cut down on security related measures that focus on insiders, as they feel that it may act like an added overhead for their employees, and as it appears to affect their efficiency in carrying out their work.
Overall, the threat from insiders seems like the one that causes most of the security issues in organizations these days. And it does look like the future of ERP security would be all about identifying improper use of the system by users inside the organization. After recognizing the significant shortage in ERP security for protecting from insider threats, leading businesses are now using methods that continuously monitor transactions made by authorized users. These work by identifying suspicious transactions and checking whether it is linked to any fraudulent activity. So, if any employee appears to be doing some hacking-like activity, he or she can be instantly contacted though voip and questioned about the reason for such a transaction
0 comments:
Post a Comment