Ingram's April 2024

SMALL BUSINESS ADVISER FINANCIAL ADVISER

by Noah Moravec

Strengthening Bank Cybersecurity in the Age of AI

Banks today face cybersecurity challenges that are increasingly complex, compounded by the sophisticated nature of threats and the integration of artificial intelligence into their organization’s operations. In fact, the International Monetary Fund warned just this month that banks are highly exposed to cyber incidents, and a se vere attack could cause loss of confidence and disruption of ser vices, with the potential for significant impact to the economy. As a result, companies are facing a growing demand for enhanced threat detection and monitoring, driven by the rise of ransom ware, model evasion, and data poisoning. Navigating this complex landscape requires a nuanced approach to risk management and mitigation. The rise of AI in banking, while promising, necessitates responsible management of the new risks it introduces. As bank leaders navigate the AI era, here are a few considerations to enhance cyber protection and monitoring. Creating a Culture of Cybersecurity Fostering a culture of cybersecurity awareness starts with leadership. Leaders must prioritize staying informed of emerging cyber threats and establishing AI risk-assessment frameworks. Regular communication with relevant stakeholders, including senior leadership, IT teams, data scientists, engineers, and legal counsel, among others, is crucial. Leaders should also provide continuous security and threat awareness education and training to all employees who leverage and deploy AI algorithms. In addition, it’s essential that security is integrated into the product-development life cycle from the outset. This approach not only enhances security but also aligns with regulatory expec tations and mitigates potential threats proactively. Organizations should govern data management, establish formal governance for data asset management, and prevent privacy vulnerabilities. It is also important to stay compliant by maintaining transparent and timely reporting of security threat incidents. Finally, enhancing board and executive oversight is critical. This involves strengthening the oversight of security risk manage ment, strategy, and governance at the board and executive level. Regular communication and reporting between executives, man agement, and the board will foster a proactive approach to identi fying, monitoring, and mitigating potential security threats. Mitigating Risk in AI Adoption The adoption of AI comes with inherent risks, including issues related to data management, operational dependencies, and the potential for misuse of AI technologies. To mitigate these risks, it is imperative to establish a robust “trusted AI” governance frame work. This framework should encompass formal processes for iden tifying and assessing risks, ensuring visibility of AI across business functions, and promoting continuous training for stakeholders to ensure safe, ethical, and responsible AI usage. It is also critical to maintain transparency into third party vendors’ AI use to ensure

they meet security and privacy standards. Managing these risks requires a com prehensive understanding of each AI de ployment, adaptation of existing risk frame works to incorporate emerging AI tools and trends, and a focus on monitoring out comes and identifying model risk threats. Advantages of AI in Cybersecurity AI can play a pivotal role by offering the ability to monitor and reduce threats through real-time analysis and response to potential cybersecurity incidents. Using AI, companies can detect abnormalities such as excessive logins, unauthorized new us ers, or transactions from unusual locations. AI models can be trained with a knowledge base that predicts outcomes and recom mends next steps for system administrators. One of the most valuable advantages of leveraging AI in cybersecurity is the ability to automate repetitive tasks such as ana lyzing event logs and account monitoring. This enables cybersecurity teams to spend more time on strategy development, up skilling, and threat mitigation. AI systems can also be trained to “remember” previ ous events that required action, enabling it to predict and prepare for future events while streamlining threat responses. While organizations of all sizes can benefit from using AI for cybersecurity, small- and medium-sized businesses stand to gain the most. Sustaining a sophisti cated cybersecurity operation can be an expensive endeavor, and smaller organiza tions might lack the resources to stand up a team. In these cases, AI can be a cost-ef fective solution. For instance, companies that build their own software can utilize AI-driven solutions to scrutinize their code and offer suggestions for improvement, reducing costs and enhancing security. Embracing an AI Future As financial institutions navigate this complex landscape where AI is becoming pervasive, cybersecurity is more pivotal than ever to protecting customer data, building trust, and establishing a foun dation for growth. Business leaders who take the time to integrate the technology responsibly will best position their com panies for success.

Noah Moravec is a part ner the audit practice for KPMG in Kansas City. P | 816.838.7487 E | nmoravec@kpmg.com

69

I ngr am ’ s

Kansas City’s Business Media

April 2024