On the occasion of Data Privacy Day, Sumit Srivastava, Solutions Engineering Manager – India, CyberArk, shares his point of view:
It’s not just humans who are likely to click the wrong link or are perhaps a little too cavalier about what they share about themselves. Software bots also have sharing issues, and this Data Privacy Day, we’re highlighting how we can better protect the data they access from exposure.
Software robots – small pieces of code that perform repetitive tasks – exist in large numbers in organizations around the world, in banking, government and all other major verticals. The idea behind them is that they free up human staff to work on critical, cognitive, and creative tasks, but also help improve efficiency, accuracy, agility, and scalability. They are a major component of the digital business.
The privacy issue comes when you start thinking about what these bots need to do what they do. Most of the time, it’s access: if they’re gathering sensitive and personal medical data to help doctors make informed clinical predictions, they need to have access to it. If they need to process customer data stored on a public cloud server or web portal, they need to access it. We’ve seen the issues that can arise when humans are compromised and the same can happen to bots – and on a large scale. If bots are misconfigured and coded so that they can access more data than they need, the output can leak that data to places where it shouldn’t be. Likewise, we hear about insider attacks and humans being compromised to access sensitive data virtually every day. Machines have exactly the same security issues; if they can access sensitive data and it’s not properly secured, that’s an open door for attackers – a door that can put individuals’ privacy at risk. Attackers don’t target humans to access data, they just target data. If machines, especially those in charge of automated processes (think repeatable tasks like bank transfers, scraping web data, and moving customer data files) provide the best path to access sensitive data, this is the one. which the attackers will choose.
If you have an interesting article / experience / case study to share, please contact us at [email protected]