Matt Middleton-Leal, regional VP for the UK, Ireland and Northern Europe at CyberArk
In recent months, we’ve seen a rapid shift towards a new breed of digital-only banks such as Monzo and Tandem, which are meeting expectations for real-time payments, detailed insights on spending and fast customer service. They are forcing traditional banking providers to rapidly pick up the pace of digital transformation and overhaul their customer offers.
Here we’ll take a look at why the big banks are turning to back-office automation to take on digital challengers, and how they can make sure new-age banking bots don’t lead to breaches.
Automating the back-office
The likes of Barclays, Nationwide, Natwest and RBS are making huge investments in their front-end operations to keep up with the new competition, but they know that speeding up services will be near impossible if their back-office functions are not made more efficient. How can a customer-facing employee provide a swift response if they are waiting for overseas or overstretched IT support to fix an issue? And where is investment in new products going to come from if funds are wasted on time-consuming manual processing?
One of the ways in which the banks are streamlining processes is by adopting “bots”; applications which can perform pre-defined tasks faster, cheaper and more accurately than humans can. So, where an IT admin may be called on to regain operations, or resolve service, a bot could complete the same task automatically. It’s no surprise that IT tasks which were typically outsourced overseas – such as re-booting a server or allocating resources – are coming back to the UK in the form of bots to speed up response times and ensure resource goes towards higher value activities.
How bots could lead to breaches
Just like any human IT admin, however, the robots being used to complete these tasks need privileged accounts. These are valid credentials used to gain access to systems, providing elevated, non-restrictive access to the underlying platform that non-privileged user accounts don’t have access to.
Banks racing to introduce bots, without properly considering how to secure them, will open the institution up to new types of risks. If these privileged accounts were compromised, the attacker could move laterally through the bank’s infrastructure until they find the information (or funds!) they are looking for.
With high value monetary rewards for cyber-attackers, banks are inescapably highly targeted. Indeed, a new report by Accenture revealed that banking respondents faced 85 “serious” attempted cyber breaches each year, with more than one-third of those being successful. Financial institutions simply cannot afford to let unavoidable cybersecurity gaps emerge.
Banks automating tasks are naturally focused on the business value bots can deliver; streamlining processes will save IT costs, speed up services and put them ahead of the competition. However, being aware of the risk that comes with this is critical to ensure banking bots don’t lead to breaches. Just as with regular user accounts as well as those for apps and other essential process, it is critical to ensure that privileged account credentials associated with bots are properly rotated and protected.