At a gathering of security professionals in New Delhi last week, the results of a new report on cybercrime management included a warning that robotic process automation is not just a tool for legitimate businesses trying to increase efficiency and productivity. Criminals are beginning to leverage the technology as a point of vulnerability.
The Federation of Indian Chambers of Commerce and Industry and Ernst & Young presented the results of a report called Innovation-Led Cybercrime Management at the conference, which featured a section on new exploitations of technological advances, including RPA. The report said RPA bots have access to confidential information that cybercriminals can access illegally if proper security measures are not implemented.
“The usage of robotic process automation gives access to confidential information that can be leaked,” said Vidur Gupta, a partner in the cybersecurity practice at EY India. “This means that the leak can provide criminals the authority to hijack RPA to misuse the system or its data that may contain crucial information about the company. If a robot is compromised by a cyberattack, confidential information which the robot had access to also gets compromised.”
Gupta said a strong cybercrime management ecosystem with communication among various stakeholders—law enforcement, academia and industry—is the only thing that can attenuate cyber threats in India, including those to RPA.