1. Securing RPA:
RPA introduces a new attack surface that can be leveraged to disclose, steal, destroy or modify sensitive data and/or high-value information, access unauthorized applications and systems, and exploit vulnerabilities to gain further access to an organization. This section focusses on RPA cyber risks, leaving specific considerations about cognitive learning to be covered at another time.
1.1 Cyber risk Scenario
Abuse of privileged access
An attacker compromises a highly privileged robotic user account used by some bots to gain access to sensitive data and move laterally within a network.
An insider manipulate bot to destroy data, interrupting business processes.
Disclosure of sensitive data
Mistakenly disclosure and upload of credit card information to a database accessible via the web by application creator
An attacker using bot to leverages a generic account to steal sensitive data like intellectual property, leaving it difficult to identify true source of the leak
Security vulnerabilities
An unknown vulnerability in robotics software allowing attackers remote access to an organization’s network.
A bot creator upskills a bot to handle sensitive user data but does not secure the transmission of that data to/from the cloud.
Denial of service
A bot is scheduled to execute in rapid sequence resulting in exhausting all available system resources and halting all bot activities.
Bot controller is disrupted due to unplanned network, service or system outage resulting in loss of productivity, not easily replaced with human labour.
1.2 Securing RPA ecosystem:
While securing RPA implementations, an organization should consider the technical, process and human elements of the entire robotics system. A secure design should include the monitor product life cyc ..
Support the originator by clicking the read the rest link below.
