To prevent cybercrime, you need to be one step ahead of the cybercriminals – at least that’s the principle behind how banks are using AI in their cybersecurity measures.
AI is also a tool that cybercriminals use to launch sophisticated attacks and a tool that cybersecurity professionals use to monitor traffic and user behavior to stop cyberattacks before they happen.
“Over the past few years, AI has emerged and is available to help organizations in hundreds of ways,” said Emy Dunfeedirector of security and incident management at First Bank.
Much of what Dunfee does at FirstBank — in addition to overseeing all physical security, cybersecurity and Security Governance – coordinates with the technology team on how to use AI in the company’s cybersecurity defenses.
“Our goal is to ensure we seize the opportunities of AI while following safe data sharing practices and limiting avoidable risks,” Dunfee said.
FirstBank began providing banking services in 1963. Today, its digital banking services have propelled it to become one of the largest private banks in the United States. While larger banks are likely to experience more cyberattacks in terms of incidents, fintech organizations like that of FirstBank need to prepare for any attempts that may arise and harden customer data. In addition to AI, FirstBank uses measures such as encryption, firewalls, automatic logout, secure logins and multiple authentication controls to help protect customer data.
“As data breaches become more common and individual passwords are compromised, bad actors are testing those passwords across as many institutions as possible,” Dunfee noted.
How FirstBank uses AI
The banking sector in particular faces specific challenges in terms of AI and cybersecurity.
On the one hand, generative AI can be used to create sophisticated phishing attacks, such as the deepfake group video call that was used to trick an anonymous financial employee of a multinational company into transferring 200 million Hong Kong dollars – the equivalent of 26 million US dollars. — to cybercriminals, as highlighted by the International Monetary Fund in its April 2024 report on global financial stability.
On the other hand, AI can also play a vital role in identifying fraud and speeding up incident response time, as it does for FirstBank’s information security team. AI can also help technical teams by completing time-consuming tasks.
How is AI used in cybersecurity?
AI is used by cybersecurity teams to analyze complex attacks and monitor network traffic and user behavior, all with the goal of quickly alerting the team to attacks and helping prevent future attacks. Cybersecurity teams can also use AI in the same way as malicious actors, but in the context of “ethical hacking” or penetration testing.
Banks must raise the bar on cybersecurity preparedness, knowing that nearly a fifth of cyber incidents affect the financial sector and banks are the most frequent targets, according to the International Monetary Fund.
FirstBank has set the internal bar for cybersecurity excellence very high. A notable example is when Brenden Smith, FirstBank’s Chief Information Security Officer, hired professional hackers to hack into FirstBank’s systems to assess vulnerabilities in its cybersecurity defenses. It took hired hackers three years to achieve this, according to American banker.
Beyond its cybersecurity uses, AI is also used at FirstBank to support the way employees work and in some aspects of the product itself.
“With the use of AI increasingly integrated into products and services, I see the greatest benefit emerging in faster correlation of data and expanded use of data for various use cases,” said Dunfee. “Being able to identify anomalies or abnormal behavior more quickly will improve incident response time while reducing their impact. »
Dunfee has his work cut out for him. However, it has a counterpart on the technological side… Jamie BlockDirector of Infrastructure and Operations at FirstBank – who is here to help.
“I completely agree with Emy,” Block noted. “AI has the potential to improve the efficiency of a variety of tasks. This can help reduce tedious work like creating the right Splunk query to get what you need. Or it can help find anomalies among thousands of log files.
When Block shows up for work each morning, she has to be ready for anything.
“You never know what you’re going to face next,” Block said. “One day you may be dealing with highly targeted credential stuffing and the next day you’ll be patching a high-severity zero-day vulnerability. We’ve implemented a robust suite of tools that help us understand where our attention needs to be and how to respond.
“You never know what you’re going to face next. One day you may be dealing with highly targeted credential stuffing and the next day you’ll be patching a high-severity zero-day vulnerability.
Block also pointed out that in technical roles, anything that can save the team time on tedious tasks allows them to focus on more important issues like cybersecurity.
“AI is important because it has the potential to allow staff to spend their time on valuable work,” Block said. “Almost any IT person can tell you they spent an hour finding the right Splunk query or going through a million log messages. This kind of tedious work can be outsourced to various AI tools.
Team alignment: technology and security
Block and Dunfee’s teams often work together and, at the same time, can be obstacles for each other. It’s each team’s job to find fallibilities in each other’s work.
“While there will always be friction between technology and security due to the nature of what these teams do, we have worked very hard to build strong relationships based on mutual respect that allow our teams to collaborate and to challenge each other until they arrive at the best possible solution. ” Block said.
Block explained that security and technology teams work closely together to detect and address external security threats.
“We work together to evaluate new technologies and ensure that everything we bring into our environment is secure and meets best practices,” she said. “Emy and I work very closely to ensure there is a strong partnership between our teams.
“I’m fortunate to be a peer and partner to Jamie,” Dunfee said. “She approaches leadership from the perspective of responsibility and innovation. His teams are knowledgeable and collaborative, which has led to strong partnerships with my teams. Safety is an organizational effort, and Jamie leads by example in this area.
Block had similar feelings about Dunfee. “Emy is an incredible partner,” noted Block, mentioning how Dunfee’s domain expertise allows her to develop the best possible solutions and that she takes the time to educate others on very complex topics in cybersecurity. “She is a great leader for our organization. »
Continuous learning
Dunfee explained that, like many financial institutions, FirstBank frequently encounters phishing attempts and credential stuffing attacks. She explained that the cybersecurity threat landscape is constantly evolving, making continuous learning essential.
“Security leaders need to be able to mitigate different types of attacks, and it’s critical that the technologies we invest in can do the same,” she stressed.
Dunfee is confident in his team’s response actions and strategies, but continually pushes those teams to stay abreast of developments in the field.
“Supporting continuing education opportunities as well as red team exercises ensures that our teams’ skills evolve with the threats themselves,” Dunfee noted.
Team members attend conferences throughout the year and the security program “maintains a continuous RSS feed from key information sources to review product announcements, threat intelligence and updates.” up-to-date in the industry,” added Dunfee.
“On the technology side, we encourage staff to research and experiment as part of their jobs,” Block said.
“We encourage staff to research and experiment as part of their work. »
Block explained that she welcomes technical experts to conduct training so the team can learn new skills. “We also make cloud-based sandbox environments available to technology staff to provide a safe place for experimentation. »
“FirstBank’s security teams are highly collaborative and engaged,” added Dunfee. “We pride ourselves on having a supportive culture. If there’s a product, concept or innovation that interests you, we’re happy to hear about it.
Today, FirstBank uses AI as its first line of cybersecurity defense against hackers and other nefarious actors who pose a threat to the security of its customers’ financial data.
“It’s such an exciting time to be in security and technology, with all the new ways to harness the capabilities of AI. However, deriving real, tangible value from these capabilities is the strategic goal,” concluded Dunfee.