Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

61 In some cases, the RPA bots work together with humans for functions such as moving or copying data between applications. Companies that rely on a large human workforce for process work, in which people perform high-volume, transactional functions, stand to gain from using RPA, according to the Institute for Robotic Process Automation and Artificial Intelligence (IRPA AI). RPA software can deliver efficiencies to enterprise applications such as enterprise resource management (ERP), customer relationship management (CRM), supply chain management, and applications that support functions in human resources and finance. Clearly the emerging technology is having a huge impact on the way enterprises perform day-to-day business processes. According to Deloitte, 53 percent of organizations have started to leverage RPA to robotize and automate repetitive tasks to allow the human workforce to focus on higher value work. Overall, RPA adoption is expected to increase to 72 percent in the next two years and, if adoption continues at its current level, RPA will achieve near-universal adoption within the next five years. While RPA software is being deployed in all industries, the biggest adopters include banks, insurance companies, telecommunications providers and utility companies. These companies traditionally have lots of legacy systems, and implement RPA tools to enhance integration among these systems and quickly accelerate their digital transformation efforts while leveraging their IT investments. This is creating new security risks that organizations need to be aware of. Addressing the Security Risks Considering the scale and speed at which bots work and the number of systems and applications they can access, security should be a primary consideration when deploying the technology. As with any other newer technology, RPA can easily become a new attack vector for bad actors if security isn’t factored into the platforms. RPA software interacts directly with critical business systems and applications, which can introduce significant risks when bots automate and perform routine tasks. Bots don’t need administrative rights to perform their tasks. But they do need privileged access to log in to ERP, CRM and other enterprise business systems to access data, copy or paste information, or move data through a process from one step to the next. Privileged access without security is a recipe for disaster. According to a recent study, 84 percent of organizations believe that IT infrastructure and critical data is not secured unless privileged accounts are fully protected.
62 The typical approach in providing privileged access credentials to bots is to hard-code privileged access credentials into the script or rules-based process a bot follows. With another method, the script might include a step to retrieve credentials from an insecure location such as an off-the-shelf application configuration file or database. As demand for RPA increases among lines of business, the number of privileged account credentials hard-coded into scripts or stored insecurely grows. That significantly increases the associated risks. With these approaches, the credentials end up being shared and reused repeatedly. Unlike the credentials used by humans, which typically must be changed regularly, those used by bots remain changed and unmanaged. As a result, they’re at risk from cyber criminals and other bad actors who are able to read or search scripts to gain access to the hard-coded credentials. They are also at risk from users who have administrator privileges, who can retrieve credentials stored in insecure locations As RPA deployments expand to include larger numbers of bots, the risks become exponentially greater for organizations. If privileged account credentials used within an RPA platform are left unmanaged and unprotected, that can transform RPA processes into a backdoor through which attackers can gain access to corporate systems and do damage. Organizations can take three critical steps to start mitigating the risk of the RPA pipeline becoming compromised, building security directly into their RPA workflows and processes. 1. Store and manage privileged credentials securely To keep privileged account credentials from falling into the wrong hands, they can remove credentials from bot scripts and other insecure locations. Instead, they can be stored in a system that encrypts the credentials; holds them in a secure location; hands them securely to authenticated bots on-demand; automatically rotates credentials at regular intervals or on-demand; removes human intervention from the process; and scales to meet rapid growth in RPA use. 2. Limit the bots’ application access If an attacker acquires privileged account credentials, companies can minimize the impact by limiting the number of applications to which the credentials allow access. That means granting bots privileged access only to the specific applications they need, preventing other applications from executing. This prevents bad actors from using multiple applications on a client machine and gaining the local administrator rights allowing them to install spyware and other malware. 3. Protect administrator credentials or else Companies should deploy a secure infrastructure that protects and manages administrator credentials in the same way as bot credentials, using encryption and secure storage and automatic rotation; and allows isolation and monitoring of administrator activity.
Page 1 and 2:
1 8 Most Common Cybersecurity Mista
Page 3 and 4:
2
Page 5 and 6:
4 The Internet Got Safer In 2019: A
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
8
Page 11 and 12: 10
Page 13 and 14: 12
Page 15 and 16: 14
Page 17 and 18: 16
Page 19 and 20: 18
Page 21 and 22: 20 8 Most Common Cybersecurity Mist
Page 23 and 24: 22 You can prevent (or decrease) th
Page 25 and 26: 24 While it’s not feasible to res
Page 27 and 28: 26 The major difference is the addi
Page 29 and 30: 28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32: 30 • Conduct cybersecurity traini
Page 33 and 34: 32 Persistent Cybersecurity Industr
Page 35 and 36: 34 Automation is welcome and seen a
Page 37 and 38: 36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45 and 46: 44 Government Agencies Are Prime Ta
Page 47 and 48: 46 It’s a basic fact of contempor
Page 49 and 50: 48 simpler way to approach these pr
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53 and 54: 52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61: 60 The Security Challenges of Robot
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100: 98 Some of the most damaging Inside
Page 101 and 102: 100 Out-Smarting the Cybersecurity
Page 103 and 104: 102 Empower Other Teams Network and
Page 105 and 106: 104 New Security Report Highlights
Page 107 and 108: 106 The Threat Lab team also analyz
Page 109 and 110: 108 Drive, AWS, Office 365, etc. It
Page 111 and 112: 110 former governor, this bill also
Page 113 and 114:
112 I mean, if you want to be able
Page 115 and 116:
114 Is It Safe to Connect to Public
Page 117 and 118:
116 5. Safe Browsing Additional dil
Page 119 and 120:
118 flawed method in which Evernote
Page 121 and 122:
120 Really, Imagine a Day Without W
Page 123 and 124:
122
Page 125 and 126:
124
Page 127 and 128:
126
Page 129 and 130:
128
Page 131 and 132:
130
Page 133 and 134:
132
Page 135 and 136:
134
Page 137 and 138:
136
Page 139 and 140:
138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?