RPA and Security
Robotic Process Automation (RPA) is the streamlining of repetitive business processes with software that can perform image recognition and interact with legacy applications, usually performing tasks with much greater speed and accuracy than humans. RPA is usually is based on rule-oriented software but is beginning to also include AI tools to automate simple decision making processes.
What are the advantages of RPA? Based on a survey from 3Gem Research, the benefits include:
Elimination of repetitive work
But one challenge of RPA is managing security. RPA software often interacts with sensitive customer data. Insiders or remote hackers might be able to have access to or gain control of RPA scripts and change them in ways that perform fraudulent actions.
A report by EY found that “when it comes to securing RPA implementations, an organization must consider the technical, process and human elements of the entire robotics ecosystem. A secure design should include the entire product life cycle from requirements, selection, architecture, implementation and ongoing operations.”
Jon Knisley, principal, Automation and Process Excellence at FortressIQ, told DarkReading.com that “Despite the massive value RPA can deliver in terms of increased productivity and improved compliance, the technology does introduce a new vector for cyberattacks. RPA bots require the same access to systems as humans because they operate at the presentation layer. Because they constantly access different applications to cut, copy, paste and move data, credentials are too often hard-coded into scripts or pulled in from an insecure location.”
Cuneyt Karul, director, Information Security & Compliance with BlueCat, told DarkReading.com that “as part of critical systems, RPA can constitute a single point of failure and cause outages that are hard to recover from. Bots scale well, but so do the security risks they pose, which makes them the perfect tool for DDoS attacks. RPA is also susceptible to zero-day vulnerabilities that are inherent to the platforms and operating systems they run on. To mitigate the risks of RPA, it should be treated as any other system in the IT infrastructure. That means it should be rigorously designed, developed, tested, and monitored.”