The U.S. Department of Treasury on March 27th released a report titled "Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector." The report highlights the growing concern around artificial intelligence (AI) and its potential to introduce new cybersecurity threats to the financial industry.
Why is AI a cybersecurity threat?
While AI offers tremendous opportunities for financial institutions, it also presents unique security challenges. Here's how:
-
Evolving Attack Landscape: AI-powered tools can be used by attackers to automate tasks, launch sophisticated attacks, and bypass traditional security measures.
-
Vulnerable Systems: AI models themselves can be vulnerable to manipulation or poisoning, potentially leading to inaccurate results or even fraudulent activities.
-
Data Security Concerns: AI systems rely heavily on data. Breaches or manipulation of this data can compromise the integrity of AI models and lead to unintended consequences.
What is the Treasury Department doing?
The Treasury Department recognizes the importance of proactively addressing these risks. Its report outlines steps financial institutions and the government can take to mitigate them:
- Financial Sector: Institutions are encouraged to develop robust AI security frameworks, conduct regular risk assessments, and implement best practices for data security and model development.
- Government: The Treasury Department is committed to working with the financial sector to develop and implement effective AI security standards and regulations.
"The Treasury Department is following the trends of other regulators, recognizing the unique challenges posed by AI in the financial industry, and trying to encourage a proactive response to AI," said
Jordan Fischer, Cyber Attorney and Partner at Constangy. "Banks, and any financial company, are especially vulnerable to threats using AI because of the human nature of many financial transactions. Using AI, or deep fake technology, to trick individuals is ripe for vulnerabilities, making AI even more impactful for cyber threats and attacks."
What this means
Not that it's needed, but the report is a wake-up call for the financial services sector. AI is revolutionizing many industries, and finance is no exception. With advancements come new risks. By taking proactive steps, institutions and the government can work together to ensure AI is harnessed for good, not exploited for financial gain.
Here is the U.S. Department of Treasury press release.
Here's some perspective from vendors working in the AI cybersecurity space.
Marcus Fowler, CEO of Darktrace Federal:
"As outlined in the U.S. Department of the Treasury's latest report, the increasing adoption of AI poses both increasing opportunities and increasing risk for organizations. The tools used by attackers and defenders—and the digital environments that need to be defended—are constantly changing and increasingly complex," said Fowler, who worked with the team who prepared the report. Darktrace Federal is listed within the report as an external participant.
"Specifically, the use of AI among attackers is still in its infancy, and while we don't know exactly how it will evolve, we know it is already lowering the barrier to entry for attackers to deploy sophisticated techniques, faster and at scale. It will take a growing arsenal of defensive AI to effectively protect organizations in the age of offensive AI. Luckily, defensive AI has been protecting against sophisticated threat actors and tools for years.
Financial services organizations have historically been a top target for threat actors, given the very nature of their operations. In response, these organizations often have the most advanced and sophisticated cybersecurity programs, with many starting to leverage AI for cybersecurity years ago, according to the report. AI represents the greatest advancement in truly augmenting our cyber workforce, and these organizations serve as an excellent example of how AI can be effectively applied to security operations to increase agility and harden defenses against novel threats. We encourage these organizations to facilitate open conversations around their successes and failures deploying AI to help other organizations across sectors accelerate their adoption of AI for cybersecurity."
Narayana Pappu, CEO at Zendata:
"The largest barrier for smaller financial institutions in utilizing AI for fraud detection is not model creation but with quality and consistent (standardized) fraud data. Entities like financial institutions can act as a node to aggregate the data. Data standardization and quality assessment would be a ripe opportunity for a startup to offer as a service. Techniques, such as differential privacy, can be used to facilitate information between financial institutions without exposing individual customer data, which might be a concern preventing smaller financial institutions from sharing information with other financial institutions."
More from Fowler: "Public and private sector cooperation and partnership will be crucial to achieving AI safety globally. Initiatives like the U.S. Department of the Treasury's report are instrumental in helping organizations move even faster to realize the positive opportunities and benefits of AI. This report serves as a conversation starter for all organizations—not just financial services—to think about their own adoption and approach to AI and how they can align AI efforts with broader cybersecurity goals and business initiatives."
The SecureWorld Financial Services virtual conference held on Feb. 28, 2024, is available to watch on-demand and offers great information on AI, as well as cyber insurance, threat intelligence, cloud automation, BEC, continuous compliance, ransomware, and more.
