Siri. Alexa. Google Assistant. This AI cast of characters - otherwise known as chatbots – is the fastest growing online sales generation tool.

Chatbots, or software programmed to answer specific pre-formulated questions in real time, are already implemented by 36% of businesses. A recent study by Oracle says 80% of businesses will onboard them for customer interaction by next year. Think: The pop-up box on a website that says, “Hi! How can I help you?”

Chatbots allow customers to move themselves down a sales funnel independently, obtain more information about products/services – all without draining a business’ resources, or having a single live staff interaction.

But, how secure are chatbots?

3 Types of Chatbot Attacks

There are three potential types of chatbot attacks that businesses should be aware of before implementing the software.

LEVEL I: Network hack. Chatbots provide yet another avenue into your business’ network. Like other ways your business interfaces with the public, hackers will look to chatbots for potential vulnerabilities, and infiltrate using them.

LEVEL II: Social engineering of chatbots. Should hackers already have access to a customer’s name and password from your website, they can use it to engage in a social engineering scheme via chatbot.

LEVEL III: Chatbot takeover in real time. In this scenario, hackers have already infiltrated the business’ website and are now intercepting customer communications via chatbot. Like a business email compromise, they’ll ask customers for their Social Security number, or to send payment for services, all via live chatbot.

What can your business do?

There’s a good chance your business will gain customers and operational efficiencies from the chatbot phenomenon too. Consider instituting the following best practices in advance of an AI deployment.

  1. Update software for known vulnerabilities. Have the latest in firewalls and anti-virus software protecting your network. Repair network vulnerabilities immediately once identified. Keep each computer on the network up-to-date by installing the latest operating system as soon as it becomes available. Hackers know when these are deployed and will be looking for those that are lagging behind.
  2. Hire an experienced developer. In the race to get chatbots developed and deployed, your developer may not know as much about chatbot security, or care to make it a focus in design. Inquire about how the developer plans to secure your chatbots.
  3. Engage in penetration testing. Hire a “pen testing” company to hack into your system. They’ll spell out exactly how they did it, and what you need to do to prevent it in the future.
  4. Consider a bug bounty. One organization recently put out a known bounty, promising anyone who successfully hacked into their system a large sum of money. While this practice is certainly risky, and can mean losing control of who is accessing your system, it can be equally as successful.

Contact your HUB Cybersecurity Specialist for more information on how you can institute these best practices and transfer your risk appropriately to insurance.