Treasury Report Highlights Cyber Risks to Financial Sector Fueled by AI
In a pivotal move to address the burgeoning concerns around artificial intelligence (AI) in the financial services sector, the Treasury Department has unveiled a report that casts a spotlight on AI-specific cyber risks threatening this critical infrastructure. Facilitated by Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, the report is an outcome of President Joe Biden’s executive order on AI, aiming to steer the financial services industry towards heightened vigilance and robust protective measures against potential AI-enabled fraud.
The document refrains from imposing cyber-related mandates or expressing preferences regarding the application of AI within the financial realm. Drawing insights from interactions with 42 entities spanning financial services and tech industries, it alerts firms about the dual nature of AI – as a tool for both potential fraud exacerbation and a means for advanced cyber and fraud defense.
“Artificial intelligence is redefining cybersecurity and fraud in the financial services sector, and the Biden administration is committed to working with financial institutions to utilize emerging technologies while safeguarding against threats to operational resiliency and financial stability,” Under Secretary for Domestic Finance Nellie Liang remarked. She further emphasized that the Treasury’s AI report extends the framework of a successful public-private partnership for secure cloud adoption, offering a vision for the judicious application of AI in combating rapidly evolving fraud threats.
The report identifies a stark advantage poised by threat actors through increased accessibility to emerging AI tools, potentially enabling them to outmaneuver cybersecurity mechanisms. To counteract this, it urges financial institutions to fortify their risk management and cybersecurity practices with AI’s advanced capabilities, urging a broader integration of AI in these areas and a strengthened collaboration on threat information sharing.
Emphasizing best practices akin to those in IT system protection, the report acknowledges the challenges of implementing practical, enterprise-wide policies for nascent technologies such as Generative AI. Yet, many participants revealed that they’re aligning their current practices with the National Institute of Standards and Technology’s AI Risk Management Framework alongside developing in-house AI-specific frameworks, inspired by globally recognized principles and guides.
Despite these advances, there’s a noticeable capability disparity between larger and smaller firms within the sector, with the former pioneering in-house AI model development and the latter primarily depending on third-party solutions due to resource constraints.
Financial institutions maintain a positive stance on AI adoption, recognizing its potential to elevate the effectiveness and cost-efficiency of cybersecurity and anti-fraud operations. The report enumerates various avenues through which AI can be harnessed by cyber threat actors, alongside potential threats to AI systems, and highlights how generative AI could revolutionize current automation practices in fraud and cybersecurity tasks.
The sector also expressed a need for a unified AI lexicon to facilitate clearer communication among stakeholders and for the establishment of best practices around data supply chains and standards. In response, the Treasury Department pledged to collaborate with the financial sector, regulatory bodies, and other stakeholders to explore recommendations and further initiatives addressing AI-related challenges.
This collaboration promises to pave the way for a more secure and AI-empowered future in financial services, marking a significant stride towards mitigating the emerging cyber risks presented by the ongoing evolution of artificial intelligence.
