Chatbots are the UI flavour of the month, perhaps reflecting the shift from consuming cloud-based services via a browser to a more app-centric model. If you don't keep a browser open because most of your work is done in apps, it makes more sense to be able to communicate with non-app services via the chat app that you keep open for collaborating with your extended team.
Rather than opening a browser and connecting to (say) your company's HR system to find out how many day's leave you have available, it becomes more convenient to simply direct the question to your corporate chatbot.
It's not just for internal use, as organisations are always looking for more ways to interact with their customers, according to CyberArk APAC senior director of pre-sales Jeffrey Kok. For example, banks successively offered ATMs, Internet banking and mobile banking. They are "always adapting to the latest technology", he said.
The growing use of voice-based services such as Siri and Alexa are adding to the expectation that systems can respond to natural language, as well as resetting people's expectations so they don't expect a computer to understand what they mean first time, every time.
But new channels mean new exploits, he warned.
To help avoid such issues, he recommends that organisations quickly establish their official chat channels on services such as Facebook Messenger rather than leaving a void that can be easily filled by impersonators, and then tell customers exactly where they can find the organisation. Other types of social media such as YouTube can also be used to help educate customers about best practices, he suggested.
Where organisations use Messenger, Facebook can help detect malicious activities, Kok said.
The growing use of mobile devices rather than desktop and notebook computers also improves security, he suggested. While criminal groups have proved adept at creating Windows malware that can intercept online banking communications to steal credentials or alter transactions, mobile platforms — especially iOS — are more secure, he said.
Mobile platforms also provide opportunities for better behavioural analytics (including location), as well as various mechanisms for two-factor authentication.
Kok suggests setting up multiple service tiers according to the level of trust and authentication associated with a particular session. For example, a bank chatbot wouldn't care who asked for the location of the nearest ATM, but would only carry out a transaction such as transferring money for a fully-authenticated user.
This also applies to internal systems, and the more sensitive the request, the more rigorous the authentication should be.
By putting the right security mechanisms in place today, organisations are better able to deal with new channels, he said, and CyberArk could help them with that task.