Automated systems and security: Threats and advantages
Automation is the biggest driving factor for change in most modern industries. By 2030, it’s estimated that automation could fully replace more than 800 million jobs, and in the meantime, automation is changing how we work, how we plan our businesses and how we engage with others.
The main appeal of automation is cost reduction; if you can pay $500 a month to have a machine do what a salaried individual making $3,000 a month was doing, you can easily save $2,500 a month ($30,000 a year). And thanks to general advancements in technology, apps like automated payment platforms, automated marketing software, and even automated trading software are becoming more available and more affordable for small- to mid-sized businesses.
But with the rise in automation, there will be new security threats, and conversely, some security advantages, to watch for.
First, let’s talk about some of the biggest advantages you’ll see when adopting more automation:
- Predictability. Automated systems are designed to work the same way in all circumstances (with some exceptions for platforms driven by machine learning). This means the actions they take are almost entirely predictable; any actions they take that are “safe,” will remain safe indefinitely, and any security vulnerabilities can be identified and fixed, because they’ll repeat themselves. This makes it easier to control individual engagements with the system, like monetary transactions or content publications.
- Reduction of human error. It’s estimated that about 90 percent of cybersecurity breaches are at least partially attributable to human error. Using automated systems instantly and significantly reduces that risk of error. Humans will be responsible for logging into and managing things on the platform, but they won’t be participating in every transaction or action item. That means fewer vulnerabilities overall, and fewer worries about an unfamiliar or undereducated employee making a foolish mistake that compromises your system.
- Scalability. Most automated platforms are designed to scale as well; because they function just as efficiently with a few tasks as they do with several thousand (provided there is enough computing power, storage, etc.), they can easily adapt to almost any company’s needs—even as they grow. This means you won’t have to worry as much about hiring new people, training new people on security standards, or investing in bigger and better solutions every time you go through a growth spurt.
But what vulnerabilities could automation hold for your enterprise?
- Provider vulnerabilities. Security breaches are becoming insanely common, and 74 percent of companies that suffer onedon’t even know what’s happened. If you purchase an automated system through an external provider, and they have a glaring security vulnerability they weren’t able to catch, it could render your entire system vulnerable. Working with a third-party automation platform means you’ll be susceptible to whatever vulnerabilities that third party brings to the table.
- Integration loopholes. Because most automated systems need to integrate with other systems to serve your company (whether it’s drawing data from another platform or exchanging information with another system), you’ll need at least a handful of API connections to make things work. Unfortunately, each of those connections is another potential vulnerability. If you aren’t communicating using encrypted exchanges and secured channels, your data could become vulnerable—especially if it’s all happening in the background.
- Lack of oversight. Unfortunately, many IT officers and employees start to develop a sense of complacency when automated systems are handling the bulk of their original responsibilities. In some cases, entire roles are outright replaced. In any case, there’s a significant drop in the oversight for individual actions, and often lackluster alert systems in place to notify IT when there’s a breach or an abnormality in the system.
Automation won’t ruin your plans for system security, nor is it a catch-all solution to improve your security standards. If you want to be an effective cybersecurity or IT professional, you need to learn the key strengths and weaknesses that automation brings to the table and learn how to adapt your strategies accordingly.
Only through understanding and integration will you be able to make the most of your new systems and compensate for their flaws.
(This post originally appeared on the ISACA blog, which can be viewed here).