You know, in the last week or so, I have been pondering this question: How did we do it when Google, Smartphones, Digital Marketing, etc. were not around, or even for that matter even unheard of? When we were in school, how did we manage to write all of those research reports that our teachers required us to do? How and where did we find this information at?
Well, I guess naturally in the encyclopedias. We had our parents we could ask questions to, but most importantly, we were forced to use something that is completely outdated and perhaps even irrelevant these days – the public library. We were forced to use our brains and take the time to find the information that we needed in order to get our tasks done.
Heck, I even remember for master’s thesis, all that we had on campus was just the mainframe. I remember I had to go to our college library, and literally look and up and write down the data that I needed into a notebook, and from there, enter it manually into the Lotus spreadsheet. Nobody did this for me, I had to all of this, and even manually type my thesis on the word processor.
But now, fast forward about 25-30 years later. Students have everything at their disposal in just a matter of a few seconds, with a few clicks of the mouse. Class notes, information and data needed to write papers, and even old exams are available at an instant. A student can now even hire a freelance writer from another part of the world to write their papers for them.
But with all of this, there is still some human intervention that is required. After all, the student still has to use their laptop or wireless device in order to connect to the Internet in order to download stuff and engage with other people to do their work for them. But hold on to this last statement – even this maybe fading fast, as Artificial Intelligence, or AI is now making a grand appearance into our lives, especially into Cybersecurity.
One of the key tenets with AI is that of automation. In other words, what could take a human being hour to do can now be done within minutes. A perfect example of this is data mining. With this, a human trained analyst could take hours to analyze large data sets, and to try to uncover the hidden trends. Of course, Corporate America wants everything here and now, and by using AI, this can be done like within 5 minutes.
But one of the goals of AI is to have total, 100% automation in everything – this means including the use of robots. So yes, what we have seen in Star Trek and Star Wars generations ago will now probably become a reality. This means that you will even see replications of “Data” doing human tasks. There is a technical name for this area of AI, and it is called “Robotic Process Automation”.
It can be specifically defined as follows:
“Robotic Process Automation is the technology that allows anyone today to configure computer software, or a “robot” to emulate and integrate the actions of a human interacting within digital systems to execute a business process. RPA robots utilize the user interface to capture data and manipulate applications just like humans do. They interpret, trigger responses and communicate with other systems in order to perform on a vast variety of repetitive tasks. Only substantially better: an RPA software robot never sleeps and makes zero mistakes.”
So, in other words, the goal here is to replicate what a human being can do, but do it quicker, more efficiently, with zero mistakes being made. Although this does possess some huge advantages for a business, it does also possess a number of grave weaknesses as well, especially as it relates to Cybersecurity. This was underscored by a recent study that was conducted by CyberArk.
This project is entitled “The CISO View: Protecting Privileged Access in Robotic Process Automation”, and it can also be downloaded at this link:
In this project, some 1,000+ companies were surveyed to see what kind of security measures they have implemented for their robots. Some of these companies included the following:
*Asian Development Bank;
*GIC Private Limited;
*Lockheed Martin Corporation;
*Orange Business Services;
*Royal Bank of Canada.
Astonishingly enough, less than 50% of the businesses polled actually have any kind of security measures put into place. In order to remediate this, the following recommendations were provided:
*The overall access to robotic processes should be tightly controlled from both a physical and logical access standpoint. This simply means that access should only be granted to those in the IT Department or IT Security staff that have a direct control over the processes that do take place.
*Creating source code scripts that have been Penetration Tested first before they are implemented. Keep in mind that these robots still need input into the daily tasks that they need to accomplish – this is all done with the programming script. In other words, garbage in out, garbage out. If the code that is used to write these scripts is not secure, this is yet another backdoor for the Cyberattacker penetrate into.
*Implement the usage of creating long and complex passwords for those online portals that are used to access the robots. In other words, take the principles of a Password Manager and deploy those into the robotic mechanisms so that only the authorized personnel within the business can access them.
*Place limits onto the number of times that the number of times the robots have to be reprogrammed. For example, if the robot is to do one specific task, then just have it do that one specific task until no longer needed. Don’t keeping stopping and starting it in order to upload new scripts to do new tasks if it is not absolutely necessary. This downtime is just yet another backdoor from which the Cyberattacker can leverage into.
*Make use of Neural Networks. This is yet another subbranch of AI, but this can be used to create both high level mathematical and statistical algorithms in order to filter for and detect any unusual or anomalous behavior that is transpiring with the robotic processes.
My Thoughts On This
Honestly, when I first read this article, I simply could not believe how many businesses out there in Corporate America are actually making use of robots and robotic processes. But after thinking it through by writing this blog, I am not too surprised by it. Even though AI still has a long, long way to go before it is accepted by everybody, it has made enough advances where it is has at least started to become more widely implemented.
As I mentioned, using robots does have its share of advantages, especially when it comes to automating repetitive tasks that no human really wants to do. But in my view, there are some downsides to this, both from a Cybersecurity and economic point of view:
*Making use of robots and associated processes only increases the attack surface for the Cyberattacker penetrate into – because everything is so interconnected together. This is known as the Internet of Things, or IoT. Very often, these levels of connection are not secure by any means, and do not make use of Encryption in order to fortify the lines of network communications that are used.
*By using robots, this could potentially mean lost jobs here in America. Yes, they can do it faster, better and cheaper, but there is still some human element of all this that needs to be involved, especially when it comes to conducting Quality Assurance (QA) checks. Robots can only go so far in this regard. In this regard, we are seeing robots that are being used in factory and assembly line roles – where once humans held that position.
*As mentioned, with all of these degrees of interconnectedness, this just is yet another point of failure that is being introduced into the production processes of Corporate America. For example, it is quite possible that if one or more robots break down for whatever reason, this could have a negative, cascading across the entire supply chain. Then what do you at this point?
In closing, yes, making use of AI and robotic processes can be a good thing – but it cannot be relied upon 100%, there needs to be a balance with the human element as well. Just like in Cybersecurity.