2024 Pub. 3 Issue 6

Artificial intelligence (AI) has dominated headlines and conversations over the last year, with various industries exploring what this technology means for automation, collaboration, communication and more. However, new challenges come with those opportunities to streamline processes, particularly in cybersecurity. Banks should know the following perils and tips to minimize risk when incorporating this technology into their strategies. WHAT CYBERSECURITY RISKS DOES AI POSE? One of AI’s chief dangers is how bad actors can use it to streamline cyberattacks. According to Darktrace, there was a 135% spike in novel social engineering attacks from January to February 2023, aligning with the adoption of ChatGPT. Other reports reveal that 75% of cybersecurity professionals have seen an increase in AI-powered cyberattacks since 2023. Here are some ways cybercriminals use AI, all representing cybersecurity risk to your institution: • Increased Speed and Scalability of Attacks: Instead of writing their own phishing emails or scripts, cybercriminals prompt AI to create them in seconds. It’s also easier for them to launch personalized phishing attacks, as automation leads to increased speed and scalability. With targeted ransomware, they can use AI and ML to create accurate profiles of their targets. • Deepfake Attacks: Cybercriminals also use deepfakes — which are AI-generated photos, videos or audio — to carry out identity theft and other social engineering schemes. This includes using fake audio on phone calls to execute account takeover or requesting wire transfers. Since deepfakes come in varying levels of sophistication, vigilance is critical. • Circumventing Security Protections: Fraudsters leverage AI to navigate around institutions’ security protections. Using AI, malware can adapt and evade detection by identifying patterns in detection systems and bypassing them. AI can also rewrite vulnerabilities to make them more difficult to detect. • Talent Shortage and Skills Gap: Since cybercriminals are often on the cutting edge of technology and tactics, having employees who share that mindset helps institutions elevate defenses. However, talent is expensive, and the market for highly skilled cybersecurity professionals is highly competitive. Many institutions turn to trusted managed cybersecurity providers to help bridge this gap. CYBERSECURITY AND AI What Community Banks Should Know By Steve Sanders, Chief Risk Officer and Chief Information Security Officer, CSI ICBC Associate Member 22 | INDEPENDENT REPORT

RkJQdWJsaXNoZXIy MTg3NDExNQ==