Robotic Vs. Business Process Automation

The hype around robotic process automation (RPA) seems to be at an all-time high, and RPA is a crucial component of digital transformation initiatives everywhere. After all, who doesn’t want robots? But how exactly does it work, and when should you use it in your organization?

What Is Robotic Process Automation?

RPA uses software robots (bots) to automate individual tasks performed by human beings by mimicking their interactions with software systems. Think about the familiar Excel macro recorder except that it works with legacy screens and browsers, not just Excel.

RPA bots simply use the existing user interface to log into systems, copy and paste data, move files and perform other mechanical tasks that don’t add much value but take humans a significant amount of time.

What Is Business Process Automation?

In contrast, process automation (often called business process management or BPM) concerns itself with not just individual tasks but with the overall end-to-end process. It’s much more about enabling faster and more accurate decision making rather than faster data entry.

In today’s world, customer expectations are sky high. Customer responsiveness and collaboration are critical and are only possible by bringing together technology and human beings rather than isolating them into their own corners. That’s where BPM plays a key role by allowing customers direct access to back-office functions.

The Promise Of RPA

RPA’s biggest promise is that it can cut costs without the need to update expensive underlying infrastructure and systems since it emulates and replaces actions taken by humans using the existing user interface.

For insurance companies, utilities, banks and others with large back-office operations where humans perform simple, repetitive tasks in front of computers, RPA promises significant benefits. Forrester describes an insurance company case study (paywall) where the company was able to reduce the time to review claims to just a few seconds instead of one hour. Unfortunately, that’s a rare success story as many RPA implementations fail.

Limitations Of RPA

The macro-recorder nature of RPA is also its biggest con:

• If there’s a minor change to the UI or data, the RPA stops working. The bots can’t simply adjust their behavior like humans can.

• An even bigger problem is that the dependency on the legacy UI makes it much harder to change and modernize the underlying system. Introducing RPA may temporarily breathe new life into your legacy system, but it can divert attention from far more significant strategic initiatives that may be truly disruptive.

• RPA requires significant IT support. The bots need to be maintained and updated, security has to be addressed, and you need to be careful not to create an overly complex infrastructure.

• RPA is simply not resilient — it’s very hard to deal with issues that are largely unexpected.

When To Use RPA

Many businesses still run on critical systems that are extremely expensive to replace and can only be accessed via their user interface. There is no option to integrate with them using far more robust APIs. RPA is a great tool to temporarily automate these without major disruption provided the underlying business process is sound.

A good example is the aforementioned insurance use case where the backend system is probably an IBM mainframe or AS/400 that’s been in use for decades. These systems are often decades old, implemented in COBOL and have no APIs. The only access is through terminals (green screens). Millions of applications developed using client-server technology on Windows are still in production use in organizations everywhere, from scheduling workers and deliveries to managing expenses for employees to processing credit applications. RPA bots perform exactly the same actions as humans — they move the cursor to the right field, click in it, enter data, move to the next field and so on — using the same user interface.

When To Use BPM

Internal business processes are the lifeblood of every organization. You simply cannot afford to let these processes be manual and rigid. The pace of business is too fast, world-class customer support is the No. 1 priority, and you must be agile enough to adapt and take advantage of new opportunities.

As tempting (and easy) as RPA is for individual tasks, ignore process automation at your own peril. One is a Band-Aid; the other a strategic initiative at the foundation of digitally transforming your business. Automating day-to-day operations cuts across your business:

• Do you want your talent chasing down supervisors for PO approval or focusing on what they’re skilled at?

• Digitizing operations such as sales orders or appointments lets customers interact with you any time.

• Accelerate time to market when delivering solutions to take advantage of new opportunities.

Limitations of BPM

BPM isn’t a panacea. It’s important to ensure that the underlying process is sound — otherwise, you’ll simply end up with a bad automated process. Ensure that you don’t get bogged down trying to automate everything with expensive consultants. Start small, get a quick success and then use BPM’s flexibility to adapt your processes as your business evolves.

Dōmo Arigatō, Mr. Roboto

RPA and bots aren’t going anywhere. They add tremendous value to the enterprise and will only get smarter. Like any technology, RPA has limitations. It’s a tactical solution with a narrow set of use cases where it truly delivers business value, and you should deploy it accordingly.

In contrast, BPM is a long-term, strategic business initiative. Automated processes may even include an RPA component. Manual processes waste time, slow your business down and put you at a competitive disadvantage. After all, you want your business to grow, and you never know what’s just around the (digital) corner. BPM, possibly incorporating RPA where appropriate, greatly increases business agility and responsiveness while focusing your employees’ time on their core talents.

The Promise Of RPA

RPA’s biggest promise is that it can cut costs without the need to update expensive underlying infrastructure and systems since it emulates and replaces actions taken by humans using the existing user interface.

For insurance companies, utilities, banks and others with large back-office operations where humans perform simple, repetitive tasks in front of computers, RPA promises significant benefits. Forrester describes an insurance company case study (paywall) where the company was able to reduce the time to review claims to just a few seconds instead of one hour. Unfortunately, that’s a rare success story as many RPA implementations fail.

Limitations Of RPA

The macro-recorder nature of RPA is also its biggest con:

• If there’s a minor change to the UI or data, the RPA stops working. The bots can’t simply adjust their behavior like humans can.

• An even bigger problem is that the dependency on the legacy UI makes it much harder to change and modernize the underlying system. Introducing RPA may temporarily breathe new life into your legacy system, but it can divert attention from far more significant strategic initiatives that may be truly disruptive.

• RPA requires significant IT support. The bots need to be maintained and updated, security has to be addressed, and you need to be careful not to create an overly complex infrastructure.

• RPA is simply not resilient — it’s very hard to deal with issues that are largely unexpected.

When To Use RPA

Many businesses still run on critical systems that are extremely expensive to replace and can only be accessed via their user interface. There is no option to integrate with them using far more robust APIs. RPA is a great tool to temporarily automate these without major disruption provided the underlying business process is sound.

A good example is the aforementioned insurance use case where the backend system is probably an IBM mainframe or AS/400 that’s been in use for decades. These systems are often decades old, implemented in COBOL and have no APIs. The only access is through terminals (green screens). Millions of applications developed using client-server technology on Windows are still in production use in organizations everywhere, from scheduling workers and deliveries to managing expenses for employees to processing credit applications. RPA bots perform exactly the same actions as humans — they move the cursor to the right field, click in it, enter data, move to the next field and so on — using the same user interface.

When To Use BPM

Internal business processes are the lifeblood of every organization. You simply cannot afford to let these processes be manual and rigid. The pace of business is too fast, world-class customer support is the No. 1 priority, and you must be agile enough to adapt and take advantage of new opportunities.

As tempting (and easy) as RPA is for individual tasks, ignore process automation at your own peril. One is a Band-Aid; the other a strategic initiative at the foundation of digitally transforming your business. Automating day-to-day operations cuts across your business:

• Do you want your talent chasing down supervisors for PO approval or focusing on what they’re skilled at?

• Digitizing operations such as sales orders or appointments lets customers interact with you any time.

• Accelerate time to market when delivering solutions to take advantage of new opportunities.

Limitations of BPM

BPM isn’t a panacea. It’s important to ensure that the underlying process is sound — otherwise, you’ll simply end up with a bad automated process. Ensure that you don’t get bogged down trying to automate everything with expensive consultants. Start small, get a quick success and then use BPM’s flexibility to adapt your processes as your business evolves.

Dōmo Arigatō, Mr. Roboto

RPA and bots aren’t going anywhere. They add tremendous value to the enterprise and will only get smarter. Like any technology, RPA has limitations. It’s a tactical solution with a narrow set of use cases where it truly delivers business value, and you should deploy it accordingly.

In contrast, BPM is a long-term, strategic business initiative. Automated processes may even include an RPA component. Manual processes waste time, slow your business down and put you at a competitive disadvantage. After all, you want your business to grow, and you never know what’s just around the (digital) corner. BPM, possibly incorporating RPA where appropriate, greatly increases business agility and responsiveness while focusing your employees’ time on their core talents.

Reference full article at:

https://www.forbes.com/sites/forbestechcouncil/2019/01/22/robotic-vs-business-process-automation-which-one-should-you-use/#703c40c81cef

Ransomware Attack Cripples Company

One of the world’s biggest producers of aluminum has been hit by a serious ransomware attack that shut down its worldwide network, stopped or disrupted plants, and sent IT workers scrambling to return operations to normal.

Norsk Hydro of Norway said the malware first hit computers in the United States on Monday night. By Tuesday morning, the infection had spread to other parts of the company, which operates in 40 countries. Company officials responded by isolating plants to prevent further spreading. Some plants were temporarily stopped, while others, which had to be kept running continuously, were switched to manual mode when possible. The company’s 35,000 employees were instructed to keep computers turned off but were allowed to use phones and tablets to check email.

“Let me be clear: the situation for Norsk Hydro through this is quite severe,” Chief Financial Officer Eivind Kallevik said during a press conference Tuesday. “The entire worldwide network is down, affecting our production as well as our office operations. We are working hard to contain and solve this situation and to ensure the safety and security of our employees. Our main priority now is to ensure safe operations and limit the operational and financial impact.”

According to Kevin Beaumont, tweeting in his capacity as an independent researcher and citing local media reports, the ransomware that infected Norsk Hydro is known as LockerGoga. He said LockerGoga doesn’t rely on the use of network traffic or on domain name system or command and control servers, traits that allow the ransomware to bypass many network defenses. An independent research group calling itself MalwareHunterTeam pointed to this LockerGoga sample uploaded to VirusTotal from Norway on Tuesday morning. At the time the malware was first scanned, it was detected by only 17 of the 67 biggest AV products, although detections increased once awareness of the Norsk Hydro infection grew. The malware had also once been digitally signed by security company Sectigo, but the certificate was revoked at an unknown time.

In a statement, Sectigo Senior Fellow Tim Callan wrote: “As a policy Sectigo revokes certificates used in malware attacks and does not issue certificates to known malware purveyors. We encourage security researchers to report instances of malware employing Sectigo certificates at signedmalwarealert@sectigo.com.”

A text file that attackers included with the malware included the following:

There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all your data by mistake or for fun.

Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore that data. Attempts to restore your data with third-party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data.

The note went on to offer the decryption of up to three files chosen by the reader to prove the authenticity of the claim. It also demanded a ransom of an unspecified amount payable in bitcoin.

During Tuesday’s press conference, an official with the Norwegian National Security Authority stopped short of confirming Norsk Hydro was infected by LockerGoga, saying only that it was a “one of the theories.” LockerGoga may have been used two months ago to infect the systems of French engineering consultancy Altran, Bleeping Computer reported.

Norsk Hydro shares traded down about 0.7 percent following the report of the infection. Aluminum futures on the London Metal Exchange rose in line with other metals, Bloomberg News reported

While Kallevik, the Norsk Hydro CFO, said the majority of the company’s plants were operating normally, he said the network shutdown prevented plants from receiving future orders from customers. He said the losses at the moment were “minimal,” but he conceded they would grow over time if automated systems aren’t restored. Kallevik was unable to provide any timetable for how long it would take to disinfect the network.

He said company IT teams are working to remove the ransomware from infected systems. Once that’s done, the teams plan to restore lost data using company backup systems, which Kallevik described as “good.” Asked by a reporter if the company would rule out paying the demanded ransom, the CFO said the “main strategy is to use backup.”

Reference full article at:

https://arstechnica.com/information-technology/2019/03/severe-ransomware-attack-cripples-big-aluminum-producer/

Why Phone Numbers Stink

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.

Nixon said much of her perspective on mobile identity is colored by the lens of her work, which has her identifying some of the biggest criminals involved in hijacking phone numbers via SIM swapping attacks. Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims.

Nixon said countless companies have essentially built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account. In this attack, the fraudster doesn’t need to know the victim’s password to hijack the account: He just needs to have access to the target’s mobile phone number.

“As a consumer, I’m forced to use my phone number as an identity document, because sometimes that’s the only way to do business with a site online,” Nixon said. “But from that site’s side, when they see a password reset come in via that phone number, they have no way to know if that’s me. And there’s nothing anyone can do to stop it except to stop using phone numbers as identity documents.”

Beyond SIM-swapping attacks, there are a number of ways that phone numbers can get transferred to new owners, Nixon said. The biggest reason is lack of payment for past phone bills. But maybe someone goes through a nasty divorce or separation, and can no longer access their phone or phone accounts. The account is sent to collections and closed, and the phone number gets released back into the general pool for reassignment after a period of time.

Many major providers still let people reset their passwords with just a text message. Last week I went to regain access to a Yahoo account I hadn’t used in almost five years. Yahoo’s forgot password feature let me enter a phone number, and after entering a code sent to my phone I was able to read my email.

So, if that Yahoo account is tied to a mobile number that you can receive text messages at, then you can assume control over the account. And every other account associated with that Yahoo account. Even if that phone number no longer belongs to the person who originally established the email account.

Reference full article at:

https://krebsonsecurity.com/2019/03/why-phone-numbers-stink-as-identity-proof/