Home Security Could your chatbot spill the beans?

Could your chatbot spill the beans?

Organisations planning to deploy chatbots should consider the security implications.

Chatbots are the UI flavour of the month, perhaps reflecting the shift from consuming cloud-based services via a browser to a more app-centric model. If you don't keep a browser open because most of your work is done in apps, it makes more sense to be able to communicate with non-app services via the chat app that you keep open for collaborating with your extended team.

Rather than opening a browser and connecting to (say) your company's HR system to find out how many day's leave you have available, it becomes more convenient to simply direct the question to your corporate chatbot.

It's not just for internal use, as organisations are always looking for more ways to interact with their customers, according to CyberArk APAC senior director of pre-sales Jeffrey Kok. For example, banks successively offered ATMs, Internet banking and mobile banking. They are "always adapting to the latest technology", he said.

Advances in AI make it possible to automate many responses, so a growing number of organisations are starting to use chatbots. Being able to ask questions such as "what is my credit card balance?" is particularly good for non-technical users as it is "a more intuitive mechanism", Kok told iTWire.

The growing use of voice-based services such as Siri and Alexa are adding to the expectation that systems can respond to natural language, as well as resetting people's expectations so they don't expect a computer to understand what they mean first time, every time.

But new channels mean new exploits, he warned.

To help avoid such issues, he recommends that organisations quickly establish their official chat channels on services such as Facebook Messenger rather than leaving a void that can be easily filled by impersonators, and then tell customers exactly where they can find the organisation. Other types of social media such as YouTube can also be used to help educate customers about best practices, he suggested.

Where organisations use Messenger, Facebook can help detect malicious activities, Kok said.

The growing use of mobile devices rather than desktop and notebook computers also improves security, he suggested. While criminal groups have proved adept at creating Windows malware that can intercept online banking communications to steal credentials or alter transactions, mobile platforms — especially iOS — are more secure, he said.

Mobile platforms also provide opportunities for better behavioural analytics (including location), as well as various mechanisms for two-factor authentication.

Kok suggests setting up multiple service tiers according to the level of trust and authentication associated with a particular session. For example, a bank chatbot wouldn't care who asked for the location of the nearest ATM, but would only carry out a transaction such as transferring money for a fully-authenticated user.

This also applies to internal systems, and the more sensitive the request, the more rigorous the authentication should be.

By putting the right security mechanisms in place today, organisations are better able to deal with new channels, he said, and CyberArk could help them with that task.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.