14 minute read
WHY INTELLIGENT AUTOMATION IS IMPORTANT
DIGITAL TRANSFORMATION AND POST-PANDEMIC CHALLENGES ARE MOVING AUTOMATION INTO THE CORE OF THE ENTERPRISE, PAVING THE ARRIVAL OF INTELLIGENT AUTOMATION AND HIGHLIGHTING ENDLESS TECHNOLOGICAL POSSIBILITIES, DETAILS VISHAL MANCHANDA, REGIONAL MANAGER, PROVEN CONSULT.
Traditional software development builds code to capture best practices and embodies them into the back office of enterprise applications. Robotic process automation captures the keystrokes of the workforce on the front end of applications, as they work and deliver, and in that sense automates them into software robots or bots.
Advertisement
As building a software robot using RPA tools is relatively quick, adoption of RPA and delivering the first set of robots for any organisation has been relatively easy. RPA as a technology is robust enough to handle complex process automations and scaleup quickly, but it is when we need to solve complex problems that requires mimicking human brain is where we hit a roadblock with RPA.
Arrival of intelligent automation
Till now, RPA has unleashed a digital workforce of software robots that has worked and delivered on the periphery of much wider enterprise initiatives such as digital transformation. But in order to move forward, RPA will now need much deeper and better integration with subjects such as machine learning and computer vision.
This is leading to an evolved form of automation, with RPA at its core, termed as intelligent automation.
The rapid post pandemic acceleration of digital transformation initiatives has also highlighted the need to bring intelligent automation into the folds of the enterprise-wide transformation, versus its previous peripheral and sideline approach. The post pandemic pressure on organisational performance and efficiency has meant that automation is now increasingly moving into the core of post pandemic digital transformation.
Learning points
Some of the learning points from the usage of intelligent automation: Process According to Forester in its report Ten Golden Rules for RPA Success, May 2020, more than half of all global RPA programs use less than 10 bots. According to Forester, less than 19% of RPA installations have reached an advanced stage of maturity. Some of the setbacks that have stalled programs include fragmented initiatives, multiple vendors and incomplete governance.
Technology Using RPA, business users can introduce automation across workflows and automations. But often this includes scripting and the more complex the process the more scripting that is required. Bots or automated processes breakdown when scripts fail and these are affected by infrastructure, software, data, and so on.
Culture Intelligent automation is an enterprisewide solution and also need to be managed by change management, use cases, security practices. While intelligent automation is an initiative, building an automation culture is important in the longer term. Since automation impacts people, they can either resist or become a strength.
Next level of automation
For any type of automation, it may be necessary to look at the entire process to plan for straight through automation. Process mining can help to streamline and automate the process faster. While digital work assistants can be used for simple processes, for more complex processes it may be required to use task analytics, design thinking, journey visioning. This helps to map user behavior, motivations, dependencies. Once completed, the organisation can have a much better view of short- and long-term automation opportunities.
Future success
As an organisation blends humans, bots and machine learning into processes, the benefits and gains and further opportunities will keep growing, However, in order to be successful, it is also important to build a culture that recognises and prioritises automation.
For example, intelligent automation could automate that uses machine language to handle exceptions needs humans to train the algorithms, validate results, and manage process exceptions. Automating processes gives an organisation to rethink the legacy of its processes and refocus on customers and employees.
Prioritising automation does not mean that employees and humans are not centerpiece for the organisation. There are huge benefits that humans can gain by skillfully blending automation into the digital enterprises and training data and blending machine learning into processes.
MODERN BANK HEISTS
TOM KELLERMANN, HEAD OF CYBERSECURITY STRATEGY, VMWARE SECURITY BUSINESS UNIT, DELVES INTO THE FINDINGS OF THE MODERN BANK HEISTS REPORT COMMISSIONED BY VMWARE.
The modern bank heist has escalated to a hostage situation over the past year. The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.
In the fourth annual Modern Bank Heists report, we interviewed 126 CISOs, representing some of the world’s largest financial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organised nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defense. Here’s an overview of some key findings: • From heist to hostage: 38% of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation.
Cybercrime cartels understand the interdependencies of the sector and recognise that they can hijack the digital transformation of the financial institution to attack their customers.
They use brand trust (often times trust that’s been built up over hundreds of years) against the bank’s constituents by commandeering its assets. • Increased geopolitical tension and counter IR triggering destructive attacks: There’s been a 118% increase in destructive attacks as we see geopolitical tension play out in cyberspace. Russia, China and the
U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response. • The digitisation of insider trading: 51% of financial institutions experienced attacks targeting market strategies.
This allows for the digitisation of insider trading and ability to frontrun the market, which aligns with the strategies of economic espionage. • Cybercriminals launch Chronos attacks: 41% of financial institutions observed the manipulation of time stamps. This is occurring within a sector that’s incredibly dependent on time given the nature of its business.
Because there’s no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.
As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.
These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitise over the past year as the pandemic hampered them from conducting business as usual. This has popularised the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organised crime counterparts.
So, how should the financial industry respond? To start, here are a few strategies for security teams: • Conduct weekly threat hunting and normalise it as a best practice to fuel threat intelligence. We were happy to hear from the CISOs we spoke with that 48% already conduct weekly threat hunts. • Integrate your network detection and response with your end-point protection platforms. • Apply “Just in time” administration. • Deploy workload security.
The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.
Bob Parisi, Head of Cyber Solutions – North America, Munich Re, echoed the importance of up leveling the role of the CISO as cyberattacks surge: “The report’s findings around an increased level of destructive attacks and island hopping makes it clear that financial institutions remain in the crosshairs. VMware’s recommendation that CISOs should be elevated to C-level aligns with the fact that cyber risk is an operational risk that needs to be managed across a spectrum of technology, process and people, including the use of financial instruments like cyber insurance.”
It’s no longer a matter of if, but when “the next SolarWinds” will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.
A HOLISTIC APPROACH
SOPHOS HAS CREATED AN ADAPTIVE CYBERSECURITY ECOSYSTEM – AN OPEN PLATFORM WITH FLEXIBLE APIS – TO TACKLE THE NEW REALITY OF HUMANLED HACKING. DAN SCHIAPPA, CHIEF PRODUCT OFFICER AT SOPHOS, TALKS ABOUT WHY ENTERPRISES NEED TO MOVE FROM SECURITY MANAGEMENT TO SECURITY OPERATIONS TO BEAT HACKERS AT THEIR OWN GAME.
We have seen a huge surge in cyberattacks last year. Is it going to get worse this year?
What we see is much of the same pattern continuing this year. We still see ransomware, and we’ve just released our annual ransomware report, which provides fresh insights into the frequency and impact of these attacks. There is no slowdown in ransomware attacks because it is really, really successful.
The ransomware groups are spread across different avenues. You have groups like Maze, which employ sophisticated nation-state operations and go after very large customers in the critical infrastructure sectors. On the other hand, you have a ransomware family such as Dharma that provides tools to less technical cybercriminals, who propagate large-scale attacks against small businesses. There are many reasons why these criminal gangs are successful – they are finding soft targets, and people are still paying the ransom. One of the things we discovered in our report is that even if you pay the ransom, the likelihood of getting all your data back is very slim. For a large enterprise, the cost of full recovery could be millions of dollars. So, until we improve our cybersecurity ecosystem and stop paying those ransoms, the bad guys are going to keep coming.
Is ransomware the most significant threat today? How about DDoS and other malware?
They are all still popular. When it comes to DDoS, the industry has done a lot better at protecting against it, but you will continue to see them being used for disruptions. There is also an uptick in nation-state activity where they exploit supply chain vulnerabilities to gain access to final targets. Those things have been going on for some time, but it reached a fever pitch last year. I don’t think there would be any new area of focus for cybercriminals simply because they have been having a lot of success in what they are doing so far.
What percentage of digital transformation budgets should be earmarked for cybersecurity?
It is hard to put a number on it because it varies by industry, but I think it should be significant. In the last five years, there is a big focus on cyber because of ransomware attacks like WannaCry, which did a lot of damage. Now, security has become a boardroom discussion, and CISOs are getting a seat at the table. Cybersecurity has become mainstream in companies of all sizes, but there is still some catching up to do.
Some prime industries, such as financial services, are ahead of the game, but the rest is still lagging. In my opinion, security technologies such as SOC and threat hunting, typically used by sophisticated customers, should become mainstream for every company. And if you don’t have the skills or budget to build a SOC, find an outsourced capability.
Our managed threat response services are a case in point where we actually do threat hunting, detection, and response for you. No one can deploy a firewall or the cheapest endpoint software and think they are safe. Everyone is vulnerable, particularly if you are part of someone else’s supply chain.
Do you offer SOC as a service? We do various things – obviously, we have software that our customers use
to protect themselves. We have a very successful endpoint protection product called Intercept X. We have an endpoint detection and response product used by advanced threat hunters to do security operations. We also offer this as a service if you don’t have threat hunting capabilities, and our security practitioners will monitor your environment 24/7. We have an emergency incident response service called Rapid Response, aimed at customers hit with an attack to help them get through the incident and minimise damage. We have just released a new next-gen firewall dubbed XGS to inspect encrypted traffic on the network security side. Cybercriminals are using TLS encryption to hide their malware, and we have precise capabilities to inspect this traffic at wire speed, which is something most firewalls can’t do. So, we have plenty of opportunities to protect our customers with a broad portfolio of products and services.
How are you evolving your synchronised security strategy?
We have expanded synchronised security to our whole portfolio. We have just launched a new feature called ‘search and destroy’ that connects intelligence from endpoints to email security solutions. But where we have taken it to the next level is through what we call the Adaptive Cybersecurity Ecosystem (ACE). This is a full ecosystem of both Sophos and nonSophos products that feeds information into a data lake, which we leverage with the help of AI to detect suspicious behaviours and incidents faster and respond automatically. We also tunnel all that information through our XDR, which goes beyond the endpoint, allowing human intelligence to augment artificial intelligence across the whole spectrum.
What is adaptive security? Is it about continuously monitoring threats and responding automatically?
Part of the adaptive strategy is BUT WHERE WE HAVE TAKEN IT TO THE NEXT LEVEL IS THROUGH WHAT WE CALL THE ADAPTIVE CYBERSECURITY ECOSYSTEM (ACE). THIS IS A FULL ECOSYSTEM OF BOTH SOPHOS AND NON-SOPHOS PRODUCTS THAT FEEDS INFORMATION INTO A DATA LAKE, WHICH WE LEVERAGE WITH THE HELP OF AI TO DETECT SUSPICIOUS BEHAVIOURS AND INCIDENTS FASTER AND RESPOND AUTOMATICALLY.
automated response. We are trying to create a cybersecurity ecosystem that adapts to threats and risks. It doesn’t necessarily have to be an active threat; it could be just a risk that has not been exploited yet, but you still need to address it. Much of it is done through automation, and some of it will be done with human interaction. No matter how good we are as an industry, there is no way you can automate everything. This is why having a combination of AI with human intelligence is important.
What security processes can be automated?
It depends on the solutions that you have in your ecosystem and the API access they have. It’s hard to say how much of it can be automated, but it keeps getting better as we add more capable tools to automation. It is variable, and the plan is to automate as much as possible.
Can you stop most of the threats if you have a good XDR platform?
XDR will detect a lot of the threats, but it can’t prevent something from initiating. It should detect threats quickly and allow either AI or human intelligence to kick in and defend against those threats. There are always two elements to security – prevention and detection. We in the industry are always fighting about which one is more important, but both are equally important.
Can zero trust be extended to the endpoint?
It can and it should. There are a couple of elements that we can easily connect. For example, I work remotely, and I have a zero-trust PC that uses zero-trust networking access to get the resources I need for work. So, one of the steps before I get access is the health check of that device. Another step is making the endpoint truly similar to how a zero-trust cloud service would work where you don’t trust anything by default.
Is this where multi-factor authentication becomes very important?
I think MFA will be hugely important because there will be circumstances where some malicious actor would virtually get hold of the device and compromise it. We want to look at the activities and understand when we see something abnormal. Then you can invoke the second factor – you don’t have to do it all the time, but you may want to do it conditionally. What is nice about the second factor is that it’s typically something you already have combined with something you know such as passwords. So, having biometric as a strong form of authentication works only if it’s a second factor, and I think it will be a critical element as we advance.
