Emergence of Robotic Process Automation (RPA)
Demand for robotic process automation (RPA) tools, which use software "robots" to replicate the actions of human workers such as data entry, is on the rise. Organizations can configure RPA software to capture and interpret the actions of existing business applications.
The software can automatically manipulate data, communicate with other systems and process transactions as needed. As with other new technologies that come on the scene, there are implications for security.
“Where RPA is most effective is with standing up a center of excellence [COE] to assess and execute automation opportunities,” says Christina Critzer, senior vice president, Enterprise Shared Services as SunTrust.
“By its very nature the COE has the ability to cut across applications and teams to automate activities,” Critzer says. “This challenges typical security models, which emphasize segregation of duties.”
Computers operated by the Democratic National Committee (DNC) were hacked, leading to speculation about possible Russian involvement in the attack and raising concerns about the impact on the U.S. presidential election. In addition, Wikileaks published thousands of emails that were stolen from the DNC.
The incident shows “that an attack exposes old emails and that nothing is truly private,” Snyderwine says. “That made our company aware that we do not want all emails potentially exposed, so we were able to change some policies to reflect tighter email training.”
In addition, Hargove will be updating its email archiving and deleting policies. The hacking incident led all levels of management “to take the message of potential risks to the user base,” Snyderwine says.
Security issues were also raised at state levels. For example, the Colorado Department of State architected election systems “with security built-in and spent a lot of time thinking about threat mitigation,” says Deborah Blyth, CISO of Colorado.
“The uphill battle was providing assurances to the general public that the systems were secure, despite the constant attention and focus on threats of nation states and the fear of cyber-attacks against the election systems,” Blyth says.
In the weeks and days leading up to the election, “we spent a lot of time monitoring for and responding to threats, rumors and fictitious claims while continuing to provide assurances to our leadership that things were under control and the systems were secure,” Blyth says.
Insider threats grow
Dealing with threats from inside the organization have long been a concern of security executives, but the emphasis seems to be growing.
“Over the past year I have seen a development and emphasis applied toward Insider threat monitoring programs,” says Robert Schadey, CISO and director of infrastructure services at 1901 Group. “The frequency and risk of employees as an insider threat—intentional or unintentional—has been a real and unrecognized danger that we must grow to understand, as we focus and learn more about the issues.”
Sign up for Computerworld eNewsletters.