PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Bots Deployed With Access Privileges Might Come Back And Bite You

Tim Sloane by Tim Sloane
July 24, 2017
in Analysts Coverage
0

business documents on office table with smart phone and digital tablet and graph business diagram and man working in the background

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

 This blog in Finextra by Matt Middleton-Leal of CyberArk explains how helper Bots deployed in the enterprise to replace IT staff for some tasks, such as rebooting servers, can represent a significant threat to overall enterprise security:

“One of the ways in which the banks are streamlining processes is by adopting “bots”; applications which can perform pre-defined tasks faster, cheaper and more accurately than humans can. So, where an IT admin may be called on to regain operations, or resolve service, a bot could complete the same task automatically. It’s no surprise that IT tasks which were typically outsourced overseas – such as re-booting a server or allocating resources – are coming back to the UK in the form of bots to speed up response times and ensure resource goes towards higher value activities.

How bots could lead to breaches

Just like any human IT admin, however, the robots being used to complete these tasks need privileged accounts. These are valid credentials used to gain access to systems, providing elevated, non-restrictive access to the underlying platform that non-privileged user accounts don’t have access to.

Banks racing to introduce bots, without properly considering how to secure them, will open the institution up to new types of risks. If these privileged accounts were compromised, the attacker could move laterally through the bank’s infrastructure until they find the information (or funds!) they are looking for.”

Clearly credentials stored in Bots that are distributed across the enterprise would represent a growing security threat and a new attack vector for criminals. That said, as long as every Bot is implemented in a secure environment that risk can be managed. To lower the risk even further, perhaps Bot to Server communications can be further secured with cryptographic keys that are linked to specific IP addresses on the internal network, which would lower the chance that credentials are released into the wild or that commands sent from external locations would be obeyed.

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here 

Tags: BankingCustomerCustomer RetentionFraud Risk and Analytics
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    cashless payments

    Exploring The Future of Cashless Payments

    June 8, 2023
    debit cards, Gen Z

    Debit Builds Consumer Loyalty Among Gen Z and Other Top Demographics

    June 7, 2023
    check fraud

    Check Fraud: The Threat is Real

    June 6, 2023
    smart banking

    Smart(er) Banking Requires More Than Just Tech

    June 5, 2023
    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result