How rampant robotic process automation (RPA) adoption is introducing new threat vectors

Robotic process automation (RPA) is nothing new. In fact, it is a suite of automation tools that was the first inserted in the 1990s. But in 2020, amid a global pandemic and the new remote work norm, interest in and adoption of RPA reached a new high. Why? Because with RPA, digital workers can take over repetitive manual tasks traditionally performed by their human counterparts, freeing up time, energy, and critical human resources.

Fabrizio Biscotti, vice president of research at Gartner, put it better: “The key driver of RPA projects is their ability to improve the quality, speed and productivity of processes, each of which is increasingly important as organizations try to meet demands for cost reduction. during COVID-19. Businesses can quickly advance their digital optimization initiatives by investing in RPA software, and the trend is not going away anytime soon. “

In fact, Gartner predicts that by 2022, 90 percent of organizations globally will have adopted robotic process automation (RPA). Additionally, through 2024, the largest companies are expected to triple the capacity of their existing RPA portfolios.

However, in today’s world, we know that when it comes to embracing emerging technologies, cybersecurity is all too often an afterthought. Even more vital, when it comes to RPA adoption, organizations are not just embracing new technologies, and the threat vectors and bad actors that inevitably accompany them in the digital age are embracing new ones. identities as well as. Machine identities that have access to DNA, networks, and the ins and outs of the business.

So, as RPA adoption continues to accelerate, it is imperative that organizations proactively take into account the cybersecurity concerns that will inevitably arise, and prepare for them accordingly.

Why the risk of RPA

To proactively mitigate any RPA risk, organizations must first understand that RPA, these new ‘digital workers’, have identities of their own.

Gaurav Priyadarshi of MetLife writes, “Introducing a new technology into an organization always carries certain vulnerabilities that hackers can exploit. For example, automated solutions or bots may not have the ability / functionality to identify malware, increasing the threat and provides opportunities for hackers. “

Like you and me, these new digital identities have ‘minds’, capabilities and access of their own. They are equal employee counterparts, who have as much access to sensitive systems as you or I, and can just as easily relinquish that access if they are not properly secured.

Earlier this year, Forrester foretold that 33 percent of breaches in 2021 will be related to insider threats. Which means more than a quarter of all breaches this year are due to the exploitation of employee credentials (i.e. bad actors taking advantage of internal access) or internal cybersecurity neglect. . That said, RPA is just another avenue for bad actors to potentially take advantage of unprotected or unmanaged internal access or credentials. Particularly as ‘identity sprawl’ proliferates and organizations are forced to manage more disparate ‘identities’ (both human and non-human), the need for preventive and proactive cybersecurity has never been greater.

Mitigate RPA-related threats

Zero Trust, an industry framework based largely on the notion of ‘never trust, always verify’, was praised as one of the industry’s best practices this year.

What Zero Trust essentially means is that if someone tries to access your networks, data, or any business assets, they will be asked to validate their identity before gaining access or entry, be it the CEO or an intern, and that same practice should be standard for RPA or ‘digital identities’. Risk is not one-size-fits-all and there are no guarantees when it comes to identity security, which is why a Zero Trust approach is one of the main ways organizations can mitigate risk when it comes to RPA.

Another way to minimize the cyber concerns of RPA is through third-party security solutions, such as Privileged Access Management (PAM). Through a PAM system, when a digital worker needs privileged access, the robot can retrieve the credentials automatically, without any exposure to the bot’s owners or developers. This, in turn, not only provides a complete audit trail (i.e. which digital workers accessed which applications), but also provides individual accountability and proof that no one can obtain the password, non-compliant, without slowing down robotic operations.

With a PAM tool that connects to RPA systems, organizations are better equipped to proactively protect, control, and audit bot credentials and privileges. Additionally, by choosing a PAM solution that is easy to implement and one that integrates seamlessly into your legacy security stack, PAM can be achieved quickly without compromising the productivity that RPA offers.

Like any other new technology, RPA is at its best when business ROI is high and security risk is low. But as new malicious actors and threat vectors continue to emerge, it is critical that companies embed cybersecurity at the core of their business growth strategy, leveraging it in tandem with new technologies. Making it more than an afterthought.

Image Credit: Sergey tarasov / Shutterstock

1635676842 925 How rampant robotic process automation RPA adoption is introducing new

Bhagwat Swaroop serves as President and CEO of Quest One Identity Business Unit and joined the company in November 2020. He is responsible for driving overall strategy, product innovation, GTM and P&L for One Identity. Bhagwat is a seasoned strategic leader and brings a deep understanding of the landscape of enterprise security, technology ecosystem, SaaS, and cloud-based business models. He is a sought-after expert and public speaker on cybersecurity and implementing identity-centric security models in the cloud age.

Leave a Comment