Cybersecurity technology is rapidly evolving and adapting to changing threats thanks to machine learning. However, AI is just one part of handling cyber threats, and financial institutions should be cautious about placing full reliance on it.
Copyright by www.finextra.com
Finextra Research recently collaborated with experts in the field to produce a report on the future of cybersecurity and predictions for the industry in 2020 and beyond.
Artificial intelligence receives a huge amount of attention for its impact on financial services. The use of AI is already in evidence across numerous areas of the industry, and experts predict that use cases in cybersecurity will accelerate in 2020.
“I think there is an interesting shift, with organisations trying to benefit from using robotics to automate processes and leveraging AI to help problem solve or improve or enhance customer experience and building out their capabilities internally in that space,” says Steve Holt, partner at EY.
Holt explains how organisations have historically used behavioural analytics as an early warning system, to spot when they have suffered a hack, and predicts new technology will be harnessed to enhance these mechanisms.
EY also witnesses its clients using machine learning systems that can build a profile of courses of action for when a threat is detected. This enables them to generate playbooks and speed up the response time from tens of minutes down to single-digit minutes.
“This is real efficiency gain for financial institutions,” says Bence Horvath, a director in EY’s EMEIA Cyber Centre of Excellence. “I think this is one of the biggest areas that we’re going to see a jump in the next year.”
“Also, data has been called the “new oil”, and using threat intelligence, open source information, and other tools will help enterprises gain better access and understanding of their data – and use that understanding to enhance their security posture.”
The ever-moving target
Financial institutions must be prepared however for cybercriminals’ methods countering new defences with continuing evolving means of their own.
Instead of executing cyberattacks with the intention of stealing money or making fraudulent payments, cyber criminals may target the machine learning processes, embedding fraudulent mechanics into the way the AI engines work.
“One of the big concerns, especially at the regulatory level for the future, is ultimately the underlying data integrity,” Holt says.
“So, if the attackers don’t do big enormous payouts immediately but attempt to alter the underlying data, how would that be spotted?”
Therein lies the danger for financial services companies which are overly optimistic about the potentials for AI in cybersecurity. Dries Watteyne, head of SWIFT’s cyber fusion centre, urges caution in this area.
“When talking about the potential of machine learning, I think we shouldn’t forget everything we achieved to date without it.” […]