It is Time for Boards to Deal with Their Risk - The Problem with Drift and How Foundational Oversight Will Help

Most people think of Robotic Process Automation (RPA) as a tool that does a single thing, automating what occurs between any two points within a process or supply chain. While this is mostly true, it is only half of the story. RPA automates an action, but it also automates, collects, and generates data that can be of even greater value than the automated action itself.  A fair working assumption is that the greater the complexity of a process or supply chain (and the greater number of RPA points) the greater the value of the data generated by the RPA effort. This is genuinely nerdy. Hold on though, it will make perfect sense and be more interesting than it might first seem.

Organizational Complexity and RPA

Consider a large manufacturing company’s supply chain, in which there are dozens of organizations delivering the products or materials created. There can be dozens of additional partner companies in the supply chain as well, not to mention associated third  party service companies (shipping, receiving, distribution). The entire process can be quite complex, particularly when one considers horizontal or vertical integration points, or even both. That last level of complexity will give you gray hair almost immediately.

If you automate the handoffs within and between various companies and business units, you can create a map of real-time movement within the supply chain. This resembles the Digital Twinning being discussed in technology circles today, though RPA can generate real-time observability of what you did not know could be seen between systems. In other words, RPA creates an opportunity to learn what you could otherwise never know and help you identify opportunities for continuous improvement.

Using RPA Data to Uncover Business Opportunities

For example, you may see that a dozen grouped RPA robots regularly go idle from 8:00 pm Wednesday to 8am Thursday. The managed RPA data shows exactly where the inputs were missing; upon investigation you discover that one supply chain provider stopped its output at that time for retooling, upgrades, or factory line switching – despite contractual arrangements otherwise. Short of a wildly expensive and years-long multi-company ERP implementation (don’t get me started) there is no other way to gather and act on these occurrences until long after they happen.

An experienced business executive knows these sorts of things can happen every single day, requiring fast resolution. Managed RPA data can help you find these outliers faster and in real time. While I used a manufacturing example, RPA data can be just as impactful for generating actionable data across such industries and functions as services, logistics, retail, healthcare, finance, or advanced technology.

These are not small discoveries, 20% of your output being impacted in one day can be the difference between hitting a delivery date or missing it, between getting repeat business or not, or winning or losing a client. In our hyper-competitive areas, these lapses can have serious consequences.

RPA Data Is an Added Bonus

Remember, RPA can pay for itself in savings and efficiency gains through automating actions alone, so these real-time data outputs are icing on the cake – they are bonus value-adds generated by RPA teams that have a deep understanding of business. A smart company takes advantage of that data and genuinely appreciates the heads-up.

One client I worked with so appreciated the data generated that they named the collected RPA points as “Robby the robot,” and would send out emails that said, “Robby sent a note, somethings going on at X.” usually followed by someone saying, “Thanks Robby!” or “Robby Rocks!” It is why so many companies create cute robot icons for their RPA integrations in genuine appreciation for the unexpected value they can add if effectively managed, monitored, and observed.

At this point, I am seriously considering creating and selling T shirts with a cute RPA robot that says, “Danger Will Robinson!” directed at value-added RPA data. However, I am a bit concerned that will get me sued, or even worse it might give away my age.

The holiday season is upon us. Soon we will all be making those dreadful resolutions to exercise more, curse less, pet more puppies, and not scowl at happy people. You turn your head toward your work resolutions and realize you’ve been through 2 CISOs in 3 years. Is there a resolution for that?

STOP. I'm not here to make excuses for poor CISO performance, ignorance of protect surfaces and attack vectors, or lack of a DR strategy. Those are no-nos. But consider what department in your org is actively under attack while also trying to connect your teams to growing data, tooling, and automation needs, while dealing with everyday advances and changes in vendors and technologies?

What do I mean by actively under attack? If you are a company of more than $10M in revenue or are a vendor or sub-vendor for these types of companies, then YOU ARE A PRIME TARGET for nation-state players that strategize attacks against you, ‘hire’ hundreds of people with one mission, and orchestrate your demise complete with high-tech war rooms. You will be attacked; your defenses will be tested.

What your CISO is up against is no joke. CISOs are fighting a multi-front war: On one front, attackers who only have to find and exploit ONE vulnerability to win; on another front, needs of internal customers; and on another, scarce resources and thinning budgets.

If you are considering terminating your CISO, ask yourself whether you have given them the resources they need. Have you supported their policies for security training (the #1 vulnerability is the humans who work for you!)? Have you listened to their asks for tooling and external support?

One company we know had a CIO and CISO who repeatedly requested their board allow the purchase of a tool to assist with detection and recovery. Their CEO repeatedly denied the request. As Karma would have it, a few months later the company was hit by a nation-state actor. A series of fortunate accidents, intermingled with the team’s well-drilled paranoia and creativity helped them detect the attack. Then, in the heat of battle and with zero negotiating power they contracted with the vendor they had repeatedly requested. The total cost of the attack was >$10M in year-1 losses.

I have little room in my heart for people who don't work hard, aren’t accountable, or don't know their job. But, when you talk to your CISO, do you spend your time discussing your high-value assets and risks, or do you only focus on cost reduction strategies? What priorities do you set and measure each day? What budget is allocated to security? Is there board-level visibility for the security leaders and their issues? How are your IT and cybersecurity group viewed in your org – is it ‘the department of no’ or are they respected?

Your CISO is your company's security champion, and you are their arms dealer. They are fighting tanks, ninjas, and wizards. Whether they are perfect or not, you will be attacked. Plan on it. The questions to ask yourself are how will your CISO lead the recovery and how have you enabled them to limit the damage and recover successfully?

The landscape of cybersecurity is constantly evolving, presenting new challenges and risks. With advancements in technology, the emergence of artificial intelligence (AI) and automation has significantly transformed the cybersecurity landscape. This blog post featuring Altiam Digital CEO and cybersecurity expert Wayne White sheds light on the biggest cybersecurity risk of the moment and its implications.

Understanding the Biggest Cybersecurity Risk

“I have been asked the question: "What is the biggest cybersecurity risk at this moment?" I have to identify AI, machine learning (ML), and automation as the foremost risks. The integration of AI and automation has brought about revolutionary changes, but it has also introduced new vulnerabilities that cyber threat actors can exploit.”

Zero Day Exploits and AI-Enabled Automation

One very significant risk is posed by zero-day exploits. These exploits occur when cyber threat actors leverage newly discovered vulnerabilities in software or systems before the developers can patch them. The speed at which these exploits can be identified and exploited has been accelerated by AI-enabled automation. The race between security researchers, software developers, and cyber threat actors has been intensified due to the proliferation of advanced automation tools.

Hyper Automation and Its Implications

With the advent of hyper automation, tasks can be executed at an unprecedented speed and scale, surpassing what humans can achieve unaided. This has empowered cyber threat actors with the ability to leverage AI and automation to identify and exploit vulnerabilities at an alarming rate. The shift from manual testing to basic scripts and subsequently to AI-enabled automation has enabled cyber threat actors to perform their malicious activities at a scale and efficiency previously unattainable.

The Inevitability of Cyberattacks

White astutely emphasizes the inevitability of cyber attacks. He advocates for a proactive approach, urging organizations to prepare for potential cyber incidents and their aftermath. In the era of AI-enabled automation, this proactive stance becomes more critical than ever. Organizations must not only focus on preventing breaches but also be effectively mitigate and address the impacts of cyber incidents.

The Need for Enhanced Cybersecurity Strategies

In response to the escalating cybersecurity risks posed by AI-enabled automation, organizations must reevaluate and reinforce their cybersecurity strategies. This entails a multifaceted approach, encompassing the deployment of advanced threat detection technologies, robust incident response plans, and the cultivation of a cybersecurity-aware culture within the organization. Moreover, collaboration with cybersecurity experts and staying abreast of the latest developments in the cybersecurity landscape is imperative for fortifying defenses against emerging threats.

The integration of AI and automation in cybersecurity has undoubtedly introduced groundbreaking capabilities, but it has also unleashed unprecedented risks. As cyber threat actors harness the power of AI-enabled automation to expedite the identification of zero-day exploits, organizations must acknowledge the inevitability of cyberattacks and bolster their cybersecurity posture accordingly. By embracing advanced cybersecurity measures and a proactive mindset, organizations can navigate the evolving landscape of cybersecurity and mitigate the impacts of AI-enabled cyber threats. Ultimately, the collision of AI and automation with cybersecurity presents both opportunities and challenges, necessitating a comprehensive and adaptive approach to safeguarding digital assets and sensitive information in an era characterized by rapid technological advancement.

Learn more about strengthening your security stance in the face of growing cybersecurity risks.