How do you protect the robots from cyber attack?

An increase in cyber attacks, combined with the shift toward automating business processes using robotic process automation (RPA), introduces new risks that must be addressed to secure sensitive data and instill trust in your robotics platforms.

Additionally, the cybersecurity talent gap along with pressures to manage costs makes orchestration and cognitive learning an attractive option for many organizations to improve their security posture more efficiently.

As RPA is applied across enterprises, a robotics program should both address cyber risk by securing RPA platforms as well as leveraging robotics to execute more effective and efficient cyber operations.

What do we mean when we say robotics?

Business users are employing RPA to quickly and easily automate repetitive and time-intensive processes. IT and cybersecurity groups are leveraging the ability of robotics platforms to orchestrate workflows and perform cognitive learning functions.

At EY, we generally see the following three forms of robotics:

  1. Robotic process automation (RPA): RPA leverages user-friendly applications to configure software robots that can be quickly trained and deployed to automate manual tasks across various business processes spanning multiple systems. These software robots are trained to interact directly with a user interface with no need to develop code to automate individual tasks that assist human staff.
  2. Orchestration (OR): OR is often used in IT service management and cybersecurity operations for activities like provisioning and de-provisioning users, ticket management and cybersecurity incident triage. This form of robotics focuses on coding automation actions and actor modules that can be applied to many systems with the goal of streamlining complex workflows and automating time-intensive tasks.
  3. Cognitive learning (CL): This form of robotics moves beyond rule-based decision-making for processing both structured and unstructured data to incorporate machine learning and artificial intelligence through the application of advanced algorithms and analytics. Cognitive learning aims to think and act the same way as humans do in order to perform complex tasks without human interaction.

The cybersecurity robotic landscape

In the current business environment with a pressing need to digitize, robotics is a critical component of an enterprise’s digital strategy.

RPA introduces a new attack surface that can be leveraged to disclose, steal, destroy or modify sensitive data and high-value information, access unauthorized applications and systems, and exploit vulnerabilities to gain further access to an organization. Organizations must build trust in their RPA platforms to address many forms of risk, including cyber risk.

When it comes to securing RPA implementations, an organization must consider the technical, process and human elements of the entire robotics ecosystem. A secure design should include the entire product life cycle from requirements, selection, architecture, implementation and ongoing operations.

Leveraging robotics for cybersecurity

Many chief information officers, chief information security officers and chief digital officers are challenged by tens and often hundreds of legacy technologies and applications that do not work well with one another. This leaves their people manually gathering data from multiple systems, copying information from one system to another and switching between far too many applications to complete a single task.

To combat this, a new category of capabilities is becoming more popular in the cybersecurity domain. Organizations are using these forms of robotics to:

  • Reduce time to detect and respond to incidents, helping minimize risk exposure to an attack.
  • Close the talent gap by automating resource-intensive tasks, helping organizations to manage operating expenses.
  • Minimize employee turnover due to lack of challenge or career progression by allowing employees to focus on higher value tasks.
  • Automatically deploy security controls when vulnerabilities or compliance exceptions are discovered resulting in a reduced attack surface.
  • Make intelligent decisions quickly, resulting in high-quality and consistent outcomes.

Full articles originally published here and here.

EY Legal Services Contacts:

Peter Katko –  Global Digital Law Leader





Fabrice Naftalski  – Global Data Privacy Law Leader