Cybersecurity technology is rapidly evolving and adapting to changing threats thanks to machine learning. However, AI is just one part of handling cyber threats, and financial institutions should be cautious about placing full reliance on it.
Finextra Research recently collaborated with experts in the field to produce a report on the future of cybersecurity and predictions for the industry in 2020 and beyond.
Artificial intelligence receives a huge amount of attention for its impact on financial services. The use of AI is already in evidence across numerous areas of the industry, and experts predict that use cases in cybersecurity will accelerate in 2020.
“I think there is an interesting shift, with organisations trying to benefit from using robotics to automate processes and leveraging AI to help problem solve or improve or enhance customer experience and building out their capabilities internally in that space,” says Steve Holt, partner at EY.
Holt explains how organisations have historically used behavioural analytics as an early warning system, to spot when they have suffered a hack, and predicts new technology will be harnessed to enhance these mechanisms.
EY also witnesses its clients using machine learning systems that can build a profile of courses of action for when a threat is detected. This enables them to generate playbooks and speed up the response time from tens of minutes down to single-digit minutes.
“This is real efficiency gain for financial institutions,” says Bence Horvath, a director in EY’s EMEIA Cyber Centre of Excellence. “I think this is one of the biggest areas that we’re going to see a jump in the next year.”
“Also, data has been called the “new oil”, and using threat intelligence, open source information, and other tools will help enterprises gain better access and understanding of their data - and use that understanding to enhance their security posture.”
The ever-moving target
Financial institutions must be prepared however for cybercriminals’ methods countering new defences with continuing evolving means of their own.
Instead of executing cyberattacks with the intention of stealing money or making fraudulent payments, cyber criminals may target the machine learning processes, embedding fraudulent mechanics into the way the AI engines work.
“One of the big concerns, especially at the regulatory level for the future, is ultimately the underlying data integrity,” Holt says.
“So, if the attackers don’t do big enormous payouts immediately but attempt to alter the underlying data, how would that be spotted?”
Therein lies the danger for financial services companies which are overly optimistic about the potentials for AI in cybersecurity. Dries Watteyne, head of SWIFT’s cyber fusion centre, urges caution in this area.
“When talking about the potential of machine learning, I think we shouldn’t forget everything we achieved to date without it.”
“I’m very pragmatic about these things. We hear a lot about AI, but I think we’re still waiting for the big success stories. So, I think 2020 will be another year of moving into that space, but it might be 2021 before we really see big developments in my view.”
Watteyne compares evangelism around the potentials of AI in cybersecurity to excitement about what a calculator can do when one is faced with a “2+2” sum. Getting the basic things right with basic business processes must be the number one priority.
“I think there’s still a lot to be done around basic security hygiene, and companies need to continue to focus on getting this in place first.”
The full report, The Future of Cybersecurity: 2020 Predictions, looks at the changing methods of cyber criminals, the growing challenges that they pose and the evolving methods that experts believe financial institutions will use to defend against them.