Financial sector preparations for malicious AI use

The financial services sector is hyper competitive, but financial institutions are also highly interdependent and routinely support each other in several essential ways: by sharing cyber threat information and best practices against cyber-attacks and fraud, and by participating in joint exercises to prepare for severe but plausible scenarios.

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

One such exercise was recently held in-person by FS-ISAC on Artificial Intelligence (AI). Security practitioners from many EMEA-based financial institutions gathered to learn from each other and experts about AI’s ability to exacerbate incidents in the current threat landscape and to discuss mitigation tactics to reduce its effects. Their realistic scenario was to defend their institution against a deepfake attack, i.e., synthetic media that adversaries generate to spread lies or incite market panic (a tactic known as MDM, or Mis/Dis/Mal-Information).

AI exercise objectives

Financial institutions exercise incident scenarios together because a crisis impacting one can quickly cascade and become systemic. Last year a large US bank collapsed because of a bank run. What if an AI-based MDM campaign incited a similar trajectory? Community collaboration can tackle such scenarios before they start and speed up the response.

In the case of AI, exercises help practitioners understand the implications of the technology on existing threats and mitigate the effects. During this exercise, teams:

  • Examined the potential negative impacts AI can have on market activity and public confidence in the financial sector.
  • Identified best practices for how incident response teams, external engagement teams, and impacted business lines work together during a disruptive event.

Outcomes and recommendations

AI amplifies certain threats by lowering the entry threshold for malicious actors to enact sophisticated social engineering attacks. MDM campaigns in particular can quickly erode trust in the proper functioning of markets and could lead to bank runs or undue market volatility.

It is acknowledged that deepfake detection tools are lagging behind the quickly evolving threat of synthetic media.  To combat the threats raised by synthetic media, financial institutions may consider implementing some of the following mitigation techniques:

  • Ramp up staff education on emerging threats. This is vital in combatting the malicious use of AI against employees. 
  • Prepare dedicated customer communication plans in the event that an MDM campaign impacts public confidence in the firm or sector. 
  • Establish strong standing relationships with social media companies, in addition to governments and regulators, to quickly combat MDM campaigns. 

Collaboration is critical

During an MDM campaign – as well as many other attack scenarios – a peer-to-peer early warning system accelerates individual responses. Additionally, a coordinated sector response can calm the market and sustain consumer trust in the proper functioning of the economy. 

Both approaches rely on collaboration. Such mutual support helps each firm stay competitive in its market, where business resilience is key to an individual firm’s ability to succeed. Likewise, the sector as a whole benefits when the security posture of each organisation is improved.  

In fact, collaboration is a form of operational resilience. Considering the new AI-enhanced tools exploited by malicious actors and the increasing regulatory requirements around information sharing and resilience, the business case for mutual support gets ever stronger. 

Against the backdrop of manifold threats and attack vectors such as AI, hyperconnectivity, and the speed of technological and geopolitical developments, firms must take a proactive and collective approach to building robust systems and processes to withstand adverse events. Sharing information and real-world exercises are crucial to that approach.

Link: FinCyber Today UK in London