Cybersecurity and AI What Community Banks Should Know By Steve Sanders, Chief Risk Officer, Chief Information Security Officer, CSI Artificial intelligence (AI) has dominated headlines and conversations over the last year, with various industries exploring what this technology means for automation, collaboration, communication and more. However, new challenges come with those opportunities to streamline processes, particularly in cybersecurity. Banks should know the following perils and tips to minimize risk when incorporating this technology into their strategies. What Cybersecurity Risks Does AI Pose? One of AI’s chief dangers is how bad actors can use it to streamline cyberattacks. According to Darktrace, there was a 135% spike in novel social engineering attacks from January to February 2023, aligning with the adoption of ChatGPT. Other reports reveal that 75% of cybersecurity professionals have seen an increase in AI-powered cyberattacks since 2023. Here are some ways cybercriminals use AI, all representing cybersecurity risk to your institution: • Increased Speed and Scalability of Attacks: Instead of writing their own phishing emails or scripts, cybercriminals prompt AI to create them in seconds. It’s also easier for them to launch personalized phishing attacks, as automation leads to increased speed and scalability. With targeted ransomware, they can use AI and ML to create accurate profiles of their targets. • Deepfake Attacks: Cybercriminals also use deepfakes — which are AI-generated photos, videos or audio — to carry out identity theft and other social engineering schemes. This includes using fake audio on phone calls to execute account takeover or requesting wire transfers. Since deepfakes come in varying levels of sophistication, vigilance is critical. • Circumventing Security Protections: Fraudsters leverage AI to navigate around institutions’ security protections. Using AI, malware can adapt and evade detection by identifying patterns in detection systems and bypassing them. AI can also rewrite vulnerabilities to make them more difficult to detect. • Talent Shortage and Skills Gap: Since cybercriminals are often on the cutting edge of technology and tactics, having employees who share that mindset helps institutions elevate defenses. However, talent is expensive, and the market for highly skilled cybersecurity professionals is highly competitive. Many institutions turn to trusted managed cybersecurity providers to help bridge this gap. How to Use AI for Cybersecurity Despite these risks, AI’s positive effects on cybersecurity cannot be denied. AI is accelerating the advancement of tools like automated security operations, malware protection and authentication. Many organizations are automating security operations to increase efficiencies, with 51% expanding automation or AI into their cybersecurity strategy over the last two years. The following are several advantages AI brings to security: 1. Enhance Vulnerability Management: Institutions can use AI to determine which vulnerabilities within their systems are most likely to be exploited, allowing them to prioritize remediation and reduce expenses for incident response. 2. Analyze Data Efficiently: AI/ML can strengthen threat detection by analyzing large amounts of data such as emails, website links and more to identify patterns and trends. For example, AI can evaluate email content to see if common phishing indicators, such as a sense of urgency, are present. 3. Automate Manual Tasks: Some routine tasks — such as security log monitoring — can be tedious or time‑consuming. Automating these tasks using AI allows employees to work on more rewarding activities. AI also helps close out investigations and support tickets faster, as in the case of spam or phishing emails. 4. Increase Accuracy in Detecting Unusual Activity: AI can more accurately and quickly detect abnormal behavior in some instances than humans, especially with high volumes of cases to evaluate. AI can transform an institution’s approach to log reviews, spam emails 24 West Virginia Banker
RkJQdWJsaXNoZXIy MTg3NDExNQ==