How has cybersecurity strategies within banking been transformed by AI?
Cyberattacks have evolved to become more pernicious and strategies need to evolve in a more sophisticated manner to cope with these attacks. This is particularly important within the financial sector where the stakes are higher with frauds, money laundering, and ransomware.
In light of this, banks are adopting high-end technologies to thicken its wall of defense against cyber attackers. However, as more of these hackers continue to override security measures, one enticing solution is the use of Artificial Intelligence (AI).
How then can the integration of AI help in the area of cybersecurity? And how can it be part of banks’ strategies in developing a more sophisticated defense?
1. Faster and more efficient in detection of cyber threats
AI can automatically identify potentially malicious software behaviour and deal with anomalies in real-time. As a result, the technology’s adaptive defense mechanism can identify and shut down intrusions much faster and easier than before.
This means that banks and financial institutions can significantly reduce the number of cybersecurity breaches. AI can also empower data analysts and security professionals in reducing the time needed to identify breaches from hundreds of days to mere hours, further bolstering their job performance.
Currently, HSBC is using AI to detect money laundering, fraud and terrorist funding. They are working with Quantexa, an IT firm to deploy its technology across the bank's global operations in a bid to 'better detect potentially illegal activity in its broader context'. The software harvests internal, publicly-available and transactional data from a customer's wider network in an attempt to identify signs of money laundering.
2. Easing the means of adhering to regulations that strengthen cybersecurity
The newly sanctioned Singapore Cybersecurity Bill is Singapore’s attempt in securing critical information while minimising threats from malicious cyber attackers. Similarly, General Data Protection Regulation (GDPR) which is an EU legislation, further reinforce the need to strengthen cybersecurity. With GDPR, organisations are accountable for the protection of personal data from any unauthorised disclosure, dissemination, access, or alteration. Hence, companies need to implement additional measures around the collection and processing of personal data to meet compliance requirements. As a result, organisations have also started to adopt AI technologies that can help detect and tackle software vulnerabilities, configuration errors and high-risk security threats at a faster pace with predictive capabilities.
Now that the bill has been signed into law, and with GDPR launching in May, analysts and practitioners alike are raising concerns about the high costs and logistic challenges to comply with new rules. Although the integration of AI potentially comes at a relatively high cost as well, the benefits would outweigh costs that companies would initially face. In the long run, it would also be more cost effective to organisations with the challenges it can curb. Some of the ways AI can help include the adhering of requirements to the bill such as:
Reporting cyber security incidents related to critical infrastructure systems
Adhering to best practices and exercises at the government’s request
Conducting risk assessments and audits
Better management of complex data sets
The amount of data that cybersecurity professionals have to process have increased dramatically, to the point where it is almost impossible to process it manually.
Banks are currently consolidating their cybersecurity and data teams to adopt AI technologies to ease the process.
OCBC is currently the first bank to build a Regional Data Centre to defend itself from the bane of cyberattacks and security breaches. The S$240-million state-of-the-art facility was built with key features that are of top security, high resiliency and energy efficiency.
To efficiently manage data, smart voice-controlled assistants such as Google Home and Alexa are also used within the technology command centre to retrieve information. These AI technologies are also expected to perform tasks such as call activation during crises. By automating these time-consuming tasks, it speeds up processes and frees up manpower for more effective uses, such as key decision-making during incidents or strategy planning.
3. Continuous learning, adapting and innovating within the banking sector
AI comprises of machine learning and is done through the use of learned knowledge from shared characteristics of threats, to pre-empt attacks including those that were previously unseen.
In line with this, cybersecurity experts are also constantly engaging in a learning process to equip themselves with greater knowledge. This is encouraged through the building of ‘innovation labs’ by banks located in Singapore, which spurs a possibility for the nation to emerge as a cybersecuity hub.
One example is Standard Chartered Bank’s ‘eXellerator innovation lab’. First launched in Singapore, the bank is expanding its footprint to Hong Kong to tap on emerging fintechs and data scientists in the region. This innovation lab is a space where startups and other tech firms can work more closely together to focus on new technologies and solutions to assist in areas such as cybersecurity.
What are the limitations to be aware of?
Is the use of AI a double-edged sword?
While banks are able to leverage on AI in protecting themselves against cybercrime, cybercriminals on the other hand would also soon tap onto AI to automate their attacks.
Thus, it is essential that while AI and various deep learning technologies are used for detection, there is a need to highlight the cause of attacks. This is to enhance the predictive capabilities of AI technologies and the ability to prepare for future attacks. Bearing in mind that attackers tend to exploit vulnerabilities within AI systems used by defenders. It is not an easy journey that banks would find themselves constantly keeping up with.
Is there a shortage of cybersecurity professionals?
A shortage of cybersecurity professions will likely to persist. Many organisations have been surveyed and reported the difficulty in accessing qualified tech talent, especially for those with necessary experience or specialised skill-sets. This shortage of talent will also lead to an upward pressure on salaries, which organisations would need to comply to in order to secure the best talent in the market. As cybersecurity continues to take center stage and the need to create high cyber-resiliency for a safer cyberspace, professionals with the right knowledge and experience will continue to be in great demand.
Organisations would need to start developing their talent, as well as provide trainings that can equip themselves with the right knowledge. This would likely curb the challenges of sourcing from a small pool of cybersecurity talent in the next three to five years.
Is your organisation taking preventive steps to ensure that your data is secure? How do you think AI will transform security efforts in the near future?
If you would like to find out more about the landscape of cybersecurity within the financial sector or how it is likely to evolve in the next one to two years, contact us via the form below or follow us on our LinkedIn page for more industry-related information.