Home Security Could your chatbot spill the beans?

Could your chatbot spill the beans?

Organisations planning to deploy chatbots should consider the security implications.

Chatbots are the UI flavour of the month, perhaps reflecting the shift from consuming cloud-based services via a browser to a more app-centric model. If you don't keep a browser open because most of your work is done in apps, it makes more sense to be able to communicate with non-app services via the chat app that you keep open for collaborating with your extended team.

Rather than opening a browser and connecting to (say) your company's HR system to find out how many day's leave you have available, it becomes more convenient to simply direct the question to your corporate chatbot.

It's not just for internal use, as organisations are always looking for more ways to interact with their customers, according to CyberArk APAC senior director of pre-sales Jeffrey Kok. For example, banks successively offered ATMs, Internet banking and mobile banking. They are "always adapting to the latest technology", he said.

Advances in AI make it possible to automate many responses, so a growing number of organisations are starting to use chatbots. Being able to ask questions such as "what is my credit card balance?" is particularly good for non-technical users as it is "a more intuitive mechanism", Kok told iTWire.

The growing use of voice-based services such as Siri and Alexa are adding to the expectation that systems can respond to natural language, as well as resetting people's expectations so they don't expect a computer to understand what they mean first time, every time.

But new channels mean new exploits, he warned.

To help avoid such issues, he recommends that organisations quickly establish their official chat channels on services such as Facebook Messenger rather than leaving a void that can be easily filled by impersonators, and then tell customers exactly where they can find the organisation. Other types of social media such as YouTube can also be used to help educate customers about best practices, he suggested.

Where organisations use Messenger, Facebook can help detect malicious activities, Kok said.

The growing use of mobile devices rather than desktop and notebook computers also improves security, he suggested. While criminal groups have proved adept at creating Windows malware that can intercept online banking communications to steal credentials or alter transactions, mobile platforms — especially iOS — are more secure, he said.

Mobile platforms also provide opportunities for better behavioural analytics (including location), as well as various mechanisms for two-factor authentication.

Kok suggests setting up multiple service tiers according to the level of trust and authentication associated with a particular session. For example, a bank chatbot wouldn't care who asked for the location of the nearest ATM, but would only carry out a transaction such as transferring money for a fully-authenticated user.

This also applies to internal systems, and the more sensitive the request, the more rigorous the authentication should be.

By putting the right security mechanisms in place today, organisations are better able to deal with new channels, he said, and CyberArk could help them with that task.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.


Popular News