Software bots: The good, the bad and the ugly

rock em sock em robots fight battle ai csa images getty
CSA Images / Getty

Software bots are a double-edged sword for IT professionals. On one side, they play a helpful role in organisations by automating tasks and saving the human workforce time. On the other, bots without proper supervision run the risk of running rampant across an organisation’s network and morphing into ‘bad’ bots.

The good

Consider you are an IT leader in an enterprise organisation. Most IT departments aim to be centres of innovation; however the reality is many have become bogged down in the day-to-day realities of running IT for a large organisation. From teaching employees how to identify a phishing attack, to managing each employee’s identity, there are often simply not enough hours in a day to manage IT, let alone focus on the big stuff such as IT transformation and workforce automation.

It is no surprise then that IT teams have taken to the idea of bots. According to our study of 550 IT leaders, two out of three use software bots in their organisation. Bots are critical to helping save the workforce's time as they can automatically complete high-volume jobs and handle a variety of different tasks, like being on the front lines for customer service queries and admin tasks. Time is incredibly value to IT teams and bots free up more of it so humans can focus on interesting, challenging and highly impactful work.

The bad

Then, there are the cybersecurity implications of using bots. While two out of three IT leaders use software bots in their organisation, only five per cent account for all of their bots’ access in their identity programs.

This lack of bot accountability is leaving huge holes in organisations. IT professionals need to consider that software bots are not only connected to a network, but they also have access to sensitive data. Bots are accessing data, making decisions on that data and then performing actions. When we give such access to people, we scrutinise their access; organisations should be doing the same with bots.

What’s more, two out of three of our survey respondents discovered employees are using bots without IT’s knowledge. These ‘shadow’ bots are being leveraged by teams to automate repetitive processes across the business. While this idea may sound productive in theory, it creates a whole new world of security-related headaches for IT teams to manage. 

The ugly

Having unknown bots on an organisation’s network, or treating a bot's identity different from human users can have a devastating impact on the overall cyber hygiene of an organisation. If a bot’s user credentials fell into the wrong hands or any of these bots were to be spotted by a looming hacker and turned into a ‘bad bot,’ a whole slew of new security incidents can occur.

No doubt, bots are only going to become more prolific in modern workplaces, which calls for IT teams to treat bots like their human counterparts. At the end of the day, a ‘good’ bot and a ‘bad’ bot are only separated by how well their access is governed.


Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies