August 22, 2023
In early August, Axios wrote about how “North American banks are winning a global race to transform banking into an AI-first industry.” That revelation was based on a recent study by Evident Insights in which, according to a synopsis, “The top five (predominantly North American) banks have published 67 percent of the AI research, filed 94 percent of the AI patents and made 51 percent of the AI investments that we have tracked across the banking sector.” Giants JP Morgan, Capital One and Wells Fargo are, not surprisingly, leading the way.
“Top banks are using AI to be more competitive in markets such as high-frequency trading and payments, and to improve performance in fields from fraud detection to marketing,” Axios wrote. Additionally, while “many banks have developed AI labs,” only six of them “are pursuing patent registration strategically, including in unexpected areas such as marketing.”
It’s no secret, though, that AI requires considerable resources — which smaller banks and financial organizations don’t have. As a result, they’re lagging behind. But they really need to catch up — or at least make more of an effort to become more AI-centric, experts say. “While AI innovation comes at a cost, it is cheap if measured as the cost for survival,” Annabel Ayles, co-founder and COO of Evident, told Axios.
Here’s the thing: Despite AI’s numerous benefits (in banking/fintech sector and far beyond), it’s not only a boon to businesses; criminals love it, too.
In a recent webinar titled “AI-Driven Deception: Rising Threat of Phishing and Vishing on Financial Institutions,” Mindsight’s cybersecurity lead, Mishaal Khan, explained how bad actors use AI to bypass safeguards and gain remote access to sensitive data via AI-enhanced phone calls and emails.
Here’s the nutshell version of how they do it:
- No more spelling or grammatical mistakes thanks to ChatGPT, Grammarly and a host of other generative AI platforms.
- Personalization of social engineering by using generative AI (like ChatGPT) to: Sift through a mountain of written material (profile pages, documents, articles) and pinpoint a target’s interests; mimic word choices based on social media posts and; write the perfect “lure” for use in voice cloning or emails.
“Personalized attacks can evoke emotional responses and increase the likelihood of victims falling for the scam,” Khan warned.
There are, however, several effective proactive steps financial institutions can take to protect themselves and their clients. One of them is strengthening their security posture by, in part, implementing continuous monitoring, using better multifactor authentication, and doing regular pentests. Threat intelligence sharing is crucial, too, as are Zero Trust architecture and security awareness training programs that are comprehensive, frequent and tested often for efficacy.
Organizations should also deploy AI to fight AI, Khan noted. More and more of them, in and out of the financial realm, are doing just that both to protect data and to prevent fraudulent transactions that escape human detection. In late 2022, CNBC reported that “the global market for AI-based cybersecurity products is estimated to reach $133.8 billion by 2030.”
This is done, Khan explained, through AI-powered detection and mitigation strategies that might include: the use of machine learning algorithms and natural language; real-time monitoring, behavioral analysis and integration of threat intelligence; and predictive and anomaly-based models that detect insider threats and attacker behavior. And Khan is far from alone in his thinking.
“As we continue to operate businesses with more advanced technology, financial institutions are finding themselves in a war against malicious acts,” Ankush Singla, senior product manager for the banking-focused cybersecurity firm DefenseStorm, wrote in an essay on Spiceworks.com. “The future for FI is to utilize this new technology not just to ease daily operations but to provide an elevated level of protection.”
It’s important to remember, of course, that no one approach is effective on its own; the best cybersecurity systems are multi-faceted and constantly rejiggered to combat ever-evolving threats.
“If the 2020s were the decade of ‘hybrid everything,’ the 2030s will be the decade of ‘augmented everything,’” Andrew Walls, distinguished VP analyst at Gartner, said at the company’s Security & Risk Management Summit last June. “Attackers are weaponizing AI just as fast as organizations augment their defenses with it, meaning that it’s not enough for cybersecurity technologies to evolve – strategy and leadership approaches must change, too.”
About Mindsight
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure, cybersecurity, and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving medium-sized to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com
About The Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.
