Securing the Edge of Enterprises

Exploring the use of digital workers to help safeguard organisations from vulnerabilities posed by the human factor.

Technology has always been centred around supporting human-centric outcomes. The exponential advancement of technology in the last century has given rise to a myriad of products and services aimed at improving our quality of life. This has also led to a corresponding increase in threat vectors for businesses and the individuals that compose them. It makes sense to consider how to best utilise and innovate available toolsets to combat contemporary threats. Where your regular employees are targets, digital workers can step in to nullify the opportunities for cyber intrusions to advance into the organisation.

Intelligent automation provides a digital workforce that augments the human capabilities of your business. The ability to handle various tasks from structured rules-based decision making to more unstructured cognitive judgements extends the applicability of automation in performing and supplementing the work performed by people today. When understanding that 95% of cyber intrusions are due to deliberate human action or human error[1], there is a compelling case to investigate how the human factor can be manipulated using automation. Whereas the intrinsic behavioural traits of people can be exploited or stressed to compromise an organisation’s security, the controlled, procedural and compartmentalised nature of digital workers offers alternative means of completing activities without those vulnerabilities.

It is important to view the protection of your organisation in holistic terms of cyber safety and cyber security without presuming a false dichotomy. The use of intelligent automation has primarily been focused on replicating human interactions to drive process outcomes in businesses. However, it can be incorporated as part of practices to prevent attacks as well as part of applications to protect data. Achieving protection of users, networks and systems through proactively designing and planning for resilience avoids costly remedies in the future[2]. Working from the start to have intelligent automation proactively contribute supports an integrated approach to embedding security by design.

Consider the value of mitigating the uncertainty of human behaviour by leveraging technology. The rise of attack volume due to phishing and social engineering emphasises people’s inherent weakness in being enticed to actions that circumvent established security measures[3]. Even basic techniques, such as phishing, succeed through attempt volume and a segment of employees that easily fall prey to such methods. Organisational culture, individual mindsets and transient conditions all contribute to employees being tricked, negligent or malicious. Our use of heuristics, assumptions and compromises in day-to-day activities to manage stakeholders and reach desired outcomes is a sign of flexibility and adaptability that unfortunately can be influenced to compromise security.

Front-end activities and endpoints engaged with intelligent automation; digital workers, reduces the footprint and corresponding exposure of human workers to attacks. The collaboration of complementary technologies; chatbots, cognitive and process automation, extends the utility of technology in providing consistent and programmable performance to business services. Even hybrid or human-in-the-loop arrangements support more secure outcomes as they reduce the touchpoints employees have to external inputs. Furthermore, these digital workers are able to be setup and segregated in a way of least-privileged access that ensures their authorities are only sufficient to complete the immediate task at hand. The ability for precision in managing access controls and network credentials is much more palatable for digital workers versus employees who are responsible for a magnitude of tasks across disparate systems.

Managing the risks of employees requires understanding the success factors for implementing security. Whilst they could be restricted and handled similar to digital workers, the elements of psychology, economics of employee effort, and crime science plays a part in why there is a challenge in minimising the human factor in cyberattacks. Psychologically, we are resistant to practices that produce poor user experience. As employees, we’ve all felt the annoyance of multiple authentication requests for common use systems, using multiple machines and credentials, and restrictions around timing, location and duration. Following from that and looking at the employee effort, they should deal with the fewest number of mechanisms as possible to achieve adequate security without crippling the ability to perform and achieve business services. Lastly, with respect to the tasks employees do and the systems they have access to, the cost for attackers to overcome security should exceed the benefits of a successful intrusion.

Intelligent automation can address these factors by being the mechanism that protects through control of the business’ actions. Digital workers can be prescribed to tackle very specific tasks where it would otherwise be unfeasible a human to complete the same task at the same level of security, consistently, without adverse effect to cost, experience or performance. The digital workplace; where these digital workers reside and are configured in the technical landscape, can enforce security by design and limit the sphere of influence each worker has. Together they are able to form a hardened layer around activities that traditionally expose employees susceptible to phishing or social engineering attacks. Consider incorporating intelligent automation in an overall strategy, in conjunction with other endpoint security and countermeasures against advanced persistent threats, to fortify enterprise security posture.

The vulnerability of employees has been made more apparent in today’s environment with the shift in ways of working, making it more of an important issue for organisations. Decentralised workspaces have led to increased risks on data by attackers capitalising on the disruption caused by remote networks, reduced control on the human factor and use of unauthorised devices[4]. With people being the catalyst for threat vectors and increasing the porousness of organisations, we are forced to recognise that both workplace and human behaviour; security and safety, are key elements to fix our attention on. Digital workers and their digital workplaces can help defend organisations against attacks via employees through augmenting what kind of worker is exposed.

In attempting to solve problems brought about by technology and ways of working, it is rather apt to know that a method exists in which technology and ways of working provides an answer. The use of intelligent automation tools and understanding of how digital workers coexist with human employees presents a paradigm that mitigates the human factor in cyber intrusions. Adoption of intelligent automation results in an opportunity to reduce threats that capitalise on changes to human circumstances and behaviour. Here, technology drives better outcomes for business by removing the human from situations that invite attempts to exploit human weaknesses.

____________________

[1] Nobles, C., ‘Botching Human Factors in Cybersecurity in Business Organizations’, HOLISTICA. 9 (3) 71-88 (2018), doi: 10.2478/hjbpa-2018-0024

[2] Gaur, N. and Morris, C., ‘Why cyber resilience should be a priority for every business – and how to get there’, World Economic Forum [website], 6 March 2020, <https://www.weforum.org/agenda/2020/03/cyber-resilience-should-be-a-priority-for-every-business-heres-where-to-start/>, accessed 20 March 2021.

[3] McKinsey, ‘Perspective on transforming cybersecurity’, McKinsey [website], March 2019, <https://www.mckinsey.com/~/media/McKinsey/McKinsey%20Solutions/Cyber%20Solutions/Perspectives%20on%20transforming%20cybersecurity/Transforming%20cybersecurity_March2019.ashx>, accessed 18 March 2021.

[4] Gallagher, ‘Cyber Security Guidance For Home Workers’, Gallagher [website], 7 April 2020, <https://www.ajg.com/uk/news-and-insights/2020/april/cyber-security-guidance-for-home-workers/>, accessed 20 March 2021.