CYFOR Blog

This blog will discuss some of the issues faced and key steps to take to keep your website secure when utilising chatbot technology.

More than 1.4 billion people are using chatbots globally. The rise in chatbots on websites brings not only a change in user experience but also a need for additional cyber security measures.

What is a chatbot?

A chatbot, short for chatterbot, is a software application that simulates human conversation through text only and/or text-to-speech communication. It is an Artificial Intelligence (AI) feature that can be implemented into any major messaging application. The purpose of a chatbot is to automate customer interaction – for example, answering a frequently asked question – like a human would, whilst saving on human resources and allowing the customer a quick and standardised response. Chatbots are utilised in many industries and can be encountered online when booking a flight, ordering food, dealing with a broadband issue, and many other common scenarios.

Chatbot examples

eBay’s chatbot is considered one of the most advanced. Through integration with Google Assistant, it enables the customer to use it through mediums such as a smartphone or even Google Home. It is an extremely high-volume chatbot and can assist in buying a variety of items around the world.

Lyft also has an advanced chatbot, which allows the customer to request a car ride (“Lyft”) through mediums such as Slack, Messenger, and even Alexa. Lyft’s chatbot shows how an existing service can leverage the chatbot experience as a channel. This chatbot helps reduce your time in booking a car ride and is also highly useful for individuals with social anxiety, as it negates the need to speak with a stranger over the phone.

Security threats & concerns

Chatbots are a function offered on many high-traffic, popular websites. Both their implementation and customer utilisation have surged throughout the global pandemic as businesses find new ways to interact with their customers. Whilst they present a very cost-effective and user-friendly service, there are also additional security threats that must be addressed to avoid the exploitation of your website and potential customer data. Current chatbot solutions are subject to several unique vulnerabilities which can allow cybercriminals direct access to personal and financial data, and even internal company systems.

To combat inherent vulnerabilities, businesses must enhance the security of the chatbot application at the foundation level. Maintaining a high level of security will stand organisations in good stead, as these applications continue to progress and mature, learning to interact more smartly and collect sensitive customer data. Before implementing the use of such AI, it is crucial for businesses to understand how any collected data is stored, utilised, accessed, and associated risks.

How can chatbots be exploited? 

Whilst there is no clearly defined, standardised security measures for chatbot technology, the risk of threat actors using them maliciously is high. These individuals can use the information provided by customers for fraudulent and financial gain. Chatbots can also be commandeered and utilised to scan other bots within a network for additional vulnerabilities that could be later exploited.

How can you ensure your chatbot is secure? 

The technology used to address security issues such as authentication and encryption include Biometrics and Two Factor Authentication (2FA), which add a level of security for any retained data. A secure code review and penetration test of the Chatbot application before implementing on your live website will identify any vulnerabilities and ensure you can be confident in the use of such technology. Supplementary, periodic testing once live will ensure any new issues can be detected and dealt with. Utilising a suitable data retention policy can be an effective way of managing both data governance and data security. Sensitive data can be programmed to be deleted from the system after a specific period, providing additional reassurance for your clients.

CYFOR are industry-leading experts in Information Security and Data Protection Consultancy, and regularly assist organisations with secure code review, pen testing, and policy creation and implementation.