Artificial intelligence (AI) are becoming increasingly important to how we live, work, and interact. Although AI is best known for consumer products like Alexa or Siri, it is a vital development area for businesses across multiple industries, including the financial industry.
The application areas have expanded from business intelligence to customer support (service and decision making), and from fraud detection to customer security and safety, AI has plenty to offer and can drive significant benefits for industries, like the financial industry. There are actors on the market today that have already started their journey with the technology, but with non- or little efforts to explore what kind of security challenges AI can bring.
The perception of being served by a robot is still very unfamiliar to extensive part of banking customers. The personal interaction is a core activity in building trust and that will probably remain the same for large part of the services a bank provides today. Getting information on stocks and funds outperforming their peers via an application on your device is more accepted then being served by an artificial voice when you call your bank to apply for a house loan.
AI and robotics is sometimes hailed as the solution to many of the financial sector’s more intractable issues. It is easy to overstate the impact AI will have, without considering the vulnerabilities, risks, and problems it could introduce.
AI is a rapidly-developing technology. As the frameworks, code, and software evolves, so too does the security risk. This can mean that security protocols and controls can’t keep up with new developments. Security must be built into all AI and robotic deployments and be a key consideration in product and service development.
AI can be an “unknown quantity” – this can make securing all the various touchpoints, interfaces and layers of application very expensive and increase total cost of ownership.
AI touches on many different areas – software development, integration, data management, hardware, and more. Each of these areas may involve multiple vendors, which creates a complex supply chain of information. Every part of this supply chain must be secured to provide a safe environment. “Security is only as good as the weakest link” applies very well in this case.
AI and robotics rely on complex algorithms and machine learning. These algorithms can be difficult to analyze and understand, possibly making it difficult to identify and resolve failures that impact business-, personal- or financial data.
There are a few proactive ways your business can address the cybersecurity challenges posed by AI.
Be super clear about how you use AI when interacting with customers: Communicate and be distinct about how AI will be used in the interaction with the customers. Make sure it is optional, but attract customers to use services provided with AI.
Verify the data and systems: Consider using robust verification techniques to check the security and accuracy of data throughout the AI ecosystem. This means authenticating data at every point, inputs, analysis, processing, outputs, and deliverables.
Understand the complex environment: Audit and understand the overall attack surface and ecosystem used by AI. Understand all the integrations between various technologies, frameworks, systems, and data. Clearly define, monitor, and protect all vulnerable areas across the organization.
Create adaptable, built-in controls: Security controls must adapt to the rapidly-evolving nature of AI, and be part of the DNA of AI development, especially for new products and services. Build AI security into the entire lifecycle of products, services, and processes.
Understand integration between areas: Manage and monitor all movement of data between various parts of the AI ecosystem. Ensure data is encrypted when in transit or at rest.
Create business continuity and disaster recovery: In the event of a breach or other failure, ensure that there are robust recovery plans in place to minimize loss. Introduce appropriate security around the various levels of business, personal, and financial data.
Understand risk exposure: Work with cybersecurity experts to understand the risks to AI environment and data and take the necessary corrective actions.
Don’t just focus on technology: Remember that risk doesn’t just apply to technical infrastructure and applications. It can also impact all touch points with other processes, employees, customers, products, and services.
Written by Kevin Aytap