2024 Pub. 3 Issue 6

HOW TO USE AI FOR CYBERSECURITY Despite the above risks, AI’s positive effects on cybersecurity cannot be denied. AI is accelerating the advancement of tools like automated security operations, malware protection and authentication. Many organizations are automating security operations to increase efficiencies, with 51% expanding automation or AI into their cybersecurity strategy over the last two years. Below are several advantages AI brings to security: • Enhance Vulnerability Management: Institutions can use AI to determine which vulnerabilities within their systems are most likely to be exploited, allowing them to prioritize remediation and reduce expenses for incident response. • Analyze Data Efficiently: AI/ML can strengthen threat detection by analyzing large amounts of data such as emails, website links and more to identify patterns and trends. For example, AI can evaluate email content to see if common phishing indicators, such as a sense of urgency, are present. • Automate Manual Tasks: Some routine tasks — such as security log monitoring — can be tedious or time-consuming. Automating these tasks using AI allows employees to work on more rewarding activities. AI also helps close out investigations and support tickets faster, as in the case of spam or phishing emails. • Increase Accuracy in Detecting Unusual Activity: AI can more accurately and quickly detect abnormal behavior in some instances than humans, especially with high volumes of cases to evaluate. AI can transform an institution’s approach to log reviews, spam emails or anything else that requires quick analysis of a large amount of data. • Improve Security against Evolving Threats: Traditional cybersecurity methods may be slow to adapt to new or evolving threats, but AI quickly adapts to identify new threats and elevates threat intelligence. AI can also automate incident response by containing a breach within seconds and improves network security by locating and securing weak spots. Additionally, AI is strengthening attack prediction with behavioral and predictive analytics, which will likely only grow more accurate. • Alert on Anomalous Behavior: Since AI can analyze enormous amounts of data, it can identify patterns and detect anomalies by distinguishing between normal and unusual behavior without involving a human to spend time investigating all cases. If unusual activity occurs on a network, AI sends real-time alerts. Enhanced threat detection and response are already highly accurate, but AI drives enhanced investigations and forensics of attacks. EVALUATING CYBERSECURITY AND AI Before implementing AI in your cybersecurity strategy, there are various considerations to keep in mind. One of the top considerations for your institution should be network security. Your configurations should be addressed to ensure no vulnerabilities exist. Securing your data is critical to ensure your AI engine is not training on confidential information. Are your files and confidential information protected? If you have a strategic plan or other proprietary documents saved in an area used for training your AI model, then your confidential data could be generated in search results. Banks should understand their controls around data security before moving forward with an AI engine. If your institution uses publicly available tools like ChatGPT, ensure employees understand the risks of uploading sensitive documents or information. Refer to available AI guidance from regulators before encouraging or allowing employees to leverage these tools. HOW SHOULD COMMUNITY BANKS APPROACH AI AND CYBERSECURITY? Given AI’s prevalence in the industry, it seems this technology is here for the long haul. Community banks should seize the opportunity to educate and train their employees, customers and communities about AI and cybersecurity best practices. Community banks can directly contribute to a stronger, safer community and customer base by providing education on AI’s perils and pitfalls. Training topics should include educating customers on identifying AI-generated schemes, how to report them and best practices for navigating this new AI landscape. Community banks should take this opportunity to educate their customers and communities about AI and other cybersecurity best practices. For instance, as social engineering schemes evolve, banks should ensure that customers know what questions their institution will and won’t ask them via phone, text or email. MOVING FORWARD WITH YOUR AI STRATEGY AI stands to revolutionize cyber defense for organizations in various industries, including community banks. And as cybercriminals continue leveraging AI to improve their attacks, institutions must figure out how to effectively use it to beat them in their own game. This means adapting and implementing new tools — all while ensuring proper controls remain in place to mitigate risk. As institutions develop strategies to supplement existing cybersecurity measures with AI, it’s important to consider the risks and rewards. But one thing is clear: This technology is set to continue shaping the technology landscape. INDEPENDENT REPORT | 23

RkJQdWJsaXNoZXIy MTg3NDExNQ==