A couple of days ago a good friend, whose work as a freelancer depends on his computer, was attacked by a malware or ransomware type malicious program: malicious software that restricts access to certain parts or files of the infected operating system, and asks for a ransom in exchange for removing this restriction. In the case of my friend, all his work files were blocked, and the software demanded a ransom of USD$2,000 to free them. He knew, as do we, that this would not solve the problem (usually in these cases, the ransom is useless: hackers do not remove the restriction on files). He not only lost months of work, but his income will be affected by not being able to deliver projects on time, his reputation will be affected with his clients, and many days of extra work await him to recover what he lost. The consequences are not very different when an organization suffers a cyberattack.
This reminded me an article by Jim Noble, expert in cybersecurity, which he published through the The Institute for Robotic Process Automation and Artificial Intelligence (IRPA AI), and which expresses very directly the reality of cybersecurity: “Cybersecurity professionals have a tremendously difficult job. They cannot be simply good. They have to be impeccable. Your colleagues who perform application development, service desk operations or infrastructure management can afford to be a little less than perfect. But people in cybersecurity? They should be almost perfect almost all the time. Good is not good enough.” Think of the most famous case of ransomware: the WannaCry, a malicious software that in 2017 contaminated at least 141,000 computers worldwide. It is estimated that a company attacked by a similar malware, would have all servers and networks contaminated in just 10 minutes. How many companies are prepared for these attacks, and how quickly could they react?
Jim Noble points out that the first problem that organizations must face when addressing cybersecurity is keeping up with the complexity. Organizations must implement a wide range of tools, software and complex processes to prevent an attack, such as: maintaining an updated antivirus solution; updating all important systems and programs with the latest security patches; employing an identity access and management solution (IDAM); a solution for intrusion detection (IPS); methods for encryption and decryption of data; allow the use of the device staff (BYOD); and use software that allows the management of mobile devices, blocking suspicious URLs through a blacklist. And this puzzle is barely enough to contain the bad guys. Because the problem is that the bad guys do not sleep at night. They do not take vacations. They do not take breaks. In fact, the bad guys have all these advantages because they are not even people. They are robotic software that works to penetrate networks by tracking IP addresses in search of vulnerabilities.
So organizations must play on three fields. They must cover conventional defenses, be able to react in real time in case of an attack, and keep their staff constantly alert against social engineering types of attacks.
Automated solutions using RPA can help significantly to have safe processes, as noted by CiGen RPA, experts in the implementation of RPA. These are five aspects of security risk management that can be controlled by these implementations:
- Assign roles and profiles.The automation of processes through RPA involves segregating access to data according to the assignment of different roles in an RPA team. This is one of the first requirements of any security system (and one of the first that the auditors request, by the way).
- Monitoring and control of activities.If the Active Directory is integrated when creating profiles and permissions for the applications from Microsoft, not only are computer credentials centralized, but a unified means of control is provided for credentials, log-on and monitoring of activities performed by robotic processes. This facilitates the task of monitoring unusual activities.
- Data encryption.If the data used by the RPA tools is encrypted, a secure means of data usage is guaranteed.
- Zero contact.The implementation of an RPA creates the ideal conditions for a zero contact environment, where humans do not have access to the data that is treated by RPA. By eliminating manual work, automation minimizes security risks at the macro level. The zero contact environment also helps to mitigate other risks that have to do with human intervention, such as errors of appreciation, biases, prejudices or variable results according to the mood of the people. Because of this, RPA guarantees a job with less risk and with consistent and reliable data.
- Reducedrisks of social engineering. Social engineering remains the favorite method for the bad guys to access valuable information because they do not need to spend so much time trying to identify or surround a firewall or an intrusion detection system (IPS). By eliminating access to information by humans (since robotic processes do the job) the risk is greatly reduced from malicious requests coming through doorways or telephone lines, seeking answers to questions and using the information obtained with those answers to access information or restricted areas.
Today, we need solutions that add functionality not only intrinsically, but also strengthen the organization. And in that sense, RPA provides aggregate value such as mitigation of security risks, a documented, segregated, predictable working environment, without random or variable aspects. This guarantees a uniform performance that allows not only to achieve the operational and commercial requirements of the organization, but also compliance requirements. In addition, RPA tools by themselves ensure the scalability of automated processes, given their ability to adapt to change and increased complexity. And that is exactly what is needed in the dynamic business world of today.
Author: Jorge Oropeza
CiGen RPA ,”Security Risks in Robotic Process Automation (RPA): How You Can Prevent Them”, November 2017, medium.com
Jim Noble , “The Five Greatest Cybersecurity Challenges Plaguing SMEs”, April 2019, IRPA AI