In the rapidly evolving world of cybersecurity, staying ahead of emerging threats and leveraging cutting-edge technologies is paramount. Vimal ManiResponsible for Information Security, Privacy and Data Protection and IT GRC Programs (CISO/DPO/CPO) at one of the leading commercial banks in the UAE, exemplifies leadership and innovation in this critical area.
With rich experience in implementing robust cybersecurity frameworks and integrating advanced technologies, Vimal has been at the forefront of using Artificial intelligence (AI) to improve the bank’s security posture.
In this exclusive interview with The Cyber ExpressVimal shares his insights on the transformative role of AI in cybersecurity, particularly in the banking sector. He discusses the effective deployment of AI-based technologies for threat detection and response, essential AI governance, risk and compliance (GRC) standards, and significant challenges faced while integrating AI into cybersecurity practices.
Furthermore, Vimal is interested in ethical considerations, the balance between data confidentiality and security, as well as future AI trends that are expected to impact the industry. His strategic approach and practical solutions provide a comprehensive understanding of how AI can be leveraged to create a secure banking environment.
TCE: How do you see the role of AI evolving in cybersecurity, particularly in the banking sector?
The global banking industry is currently in a transition phase that will be powered by analytics and ultimately AI. The global banking industry has started using AI-based technologies such as advanced analytics and cognitive analytics to improve cybersecurity. risk managementoperational efficiency and provision of wealth management advice to their HNI clients.
TCE: What specific AI-based technologies have you found to be most effective in improving threat detection and response?
Operational Cyber Cyber threat intelligence (CTI) is a relatively new AI-based technology that helps organizations effectively detect and prevent cyber threats. Additionally, AI technologies help digital forensics teams analyze digital data and recognize complex patterns. cyber security engineering activities.
TCE: Can you tell us more about the AI governance, risk and compliance (GRC) standards that you consider essential for integrating AI into your cybersecurity framework? How do you ensure compliance with these standards?
AI, like all other new-age technologies, can be used for good or bad purposes. Biases and prejudices in AI algorithms will add to the misery. As the adoption of AI technologies increases, data privacy will increasingly become a concern for individuals and businesses adopting these technologies. In addition to this, a significant number of legal issues are also possible.
There are currently no specific GRC frameworks to regulate AI-driven systems, which are addressed in other GRC frameworks such as data or consumer protection. Now, countries around the world and developed nations like the United States and China have gradually started to put in place new GRC laws and regulations to ensure that the use of AI technology triggers risks are identified and appropriately mitigated.
TCE: What are the main challenges you have faced when integrating AI into your cybersecurity practices? How have you overcome these difficulties to ensure a successful implementation?
Challenges like algorithmic bias and fairness issues, explainability issues, interpretability issues, accountability and ethics issues, lack of transparency, false positives and false negatives in threat detection are some of the critical challenges we face while trying to integrate AI technologies into our cyber defense mechanism.
To address these challenges, the following techniques are used, depending on need and feasibility:
1) Use diverse and representative training data to avoid bias
2) Use of fairness-aware model architectures and optimization
3) Continuous monitoring and auditing of biases
4) Develop inherently interpretable AI models (GenAI)
5) Use of post-hoc explanations and visualizations
6) Using “human-in-the-loop” approaches for interpretability, such as interactive machine learning, collaborative decision making, etc.
7) Definition of roles and responsibilities for the deployment of GenAI models
TCE: In your experience, how does AI help balance strict data privacy and cybersecurity requirements within the banking sector? Can you give specific examples of this balance?
The use of AI technologies in cybersecurity will help shape contemporary cybersecurity practices and policies, even as concerns about bias remain. Information systems based on AI technology can help individuals protect their sensitive data activities from piracy Cyberattack attempts are targeted at them. However, the following interventions should be considered to balance the risks and potential rewards of using AI-based systems:
- Develop adequate awareness of the risks and benefits associated with the use of AI technologies
- Develop robust GRC standards and support guidelines for the development and deployment of AI technology in cybersecurity practice.
- Promoting citizen participation in improving and defining the future of AI-based cybersecurity through various innovative interventions
- Continuously monitor the impacts of deploying AI technologies in cybersecurity and ensure that these AI technologies are fully aligned with business objectives
TCE: How do you approach the task of regularly evaluating and auditing AI systems to ensure they remain impartial, transparent and effective in detecting and responding to threats?
Conducting periodic audits to assess the performance and fairness of deployed AI models and challenge the decisions made using these AI models will help shape the reliability and performance of these AI models to produce more accurate predictions and be impartial, transparent, and effective in threat detection. Conducting bias and fairness audits such as disparate impact analysis, sensitivity analysis, and ethics matrix analysis could help in this regard.
TCE: What are the future trends in AI that you believe will have the greatest impact on cybersecurity in the banking sector? How do you plan to integrate these emerging technologies into your current cybersecurity strategy?
I foresee the following trends in AI-driven cybersecurity in the global banking industry:
- Real-time fraud detection
- AI-driven endpoint security
- Predictive Cybersecurity Analytics
- Automated Incident Response (EDR/MDR)
We continue to review our bank’s existing cybersecurity architecture by conducting proof-of-concept studies of various AI-based cybersecurity technologies.
TCE: Can you tell us about the specific benefits and use cases you’ve observed from implementing AI in your cybersecurity practices, particularly tasks or processes where AI has proven more effective? Additionally, could you share an example of an incident where AI significantly improved threat detection and mitigation at your bank, and what were the key learnings from that experience?
Here are some successful AI-based cybersecurity use cases I can talk about that have the potential to improve the cyber resilience of the banking industry:
- AI-Enabled Security Operations Center
- AI-based expert systems to facilitate cybersecurity decisions
- Deployment of an intelligent agent which is an independent entity that recognizes the movements of the adversary through sensors and provides tracking
- Deployment of an AI-based security expert system that will follow a set of predefined AI algorithms to combat cyberattacks
- Using neural networks, known as deep learning AI algorithms
TCE: How do you ensure your cybersecurity team is properly trained and prepared to work with AI technologies? What steps are you taking to account for the human element in this integration?
We continue to conduct targeted security awareness and training programs for our teams with the aim of gaining comprehensive knowledge of the latest uses of AI technologies in cybersecurity. In addition, we continue to send our team members to technology trade shows and exhibitions where solution providers showcase the new AI-based cybersecurity solutions that can be used by Banking sector.
TCE: What ethical considerations are crucial when implementing AI in cybersecurity, especially regarding privacy and data protection? How do you ensure that your AI systems meet these ethical standards?
We are aware of the legal and ethical complications related to the deployment of AI models and the security and privacy risks they may bring to our cybersecurity operations. We are managing these issues with the support of the AI GRC guidelines available for the banking sector and other AI GRC best practices. This will include periodic audits of these AI-based cybersecurity technologies from a legal and ethical perspective.
TCE: For CISOs and DPOs in the banking industry looking to integrate AI into their cybersecurity frameworks, what key factors and best practices would you recommend to ensure a smooth and effective transition?
I recommend the following to both new and experienced CISOs and DPOs:
- Understanding contemporary AI regulations and actions in developed countries
- Investing in research on AI-driven cybersecurity operations
- Understanding the attack surface and prioritizing AI-based mitigation strategies
- Understand how cybercriminals use AI in designing their TTPs (tools/techniques/processes)
- Implementing AI-driven automated and augmented incident response
- Identify and mitigate potential third-party risks in AI applications used
- Continuous training and learning around AI-based cybersecurity technologies
