On the occasion of Data Privacy Day, Sumit Srivastava, Solutions Engineering Manager – India, CyberArk, shares his views:
It’s not just humans that are susceptible to clicking on the wrong link or are perhaps a little too cavalier about what they share about themselves. Software bots have sharing issues too, and this Data Privacy Day we highlight how we can better protect the data that they access from being exposed.
Software bots – little pieces of code that do repetitive tasks – exist in huge numbers in organizations around the world, in banking, government and all other major verticals. The idea behind them is they free up human staff to work on business-critical, cognitive, and creative work, but also helping improve efficiency, accuracy, agility, and scalability. They are a major component of digital business.
The privacy problem arises when you start to think about what these bots need so they can do what they do. Much of the time it’s access: If they gather together sensitive and personal medical data to help doctors make informed clinical predictions, they need access to it. If they need to process customer data stored on a public cloud server or a web portal, they need to get to it. We’ve seen the problems that can arise when humans get compromised and the same can happen to bots – and at scale. If bots are configured and coded badly, so they can access more data than they need to, the output might be leaking that data to places where it shouldn’t be. Likewise, we hear about insider attacks and humans being compromised to get to sensitive data virtually every day. Machines have the exact same security issues; if they can access sensitive data and they aren’t being secured properly, that’s an open door for attackers – one that can put individuals’ privacy at risk. Attackers don’t target humans to get to data, they just target the data. If machines, especially those in charge of automated processes (think repeatable tasks like bank transfers, scraping web data and moving customer data files) provide the best path to get to the sensitive data, that’s the one the attackers will choose.”