I recently had the honor of testifying before the House Financial Services Committee’s Taskforce on Artificial Intelligence about two critical emerging issues in the financial services sector – cloud and artificial intelligence (AI). Both have incredible potential for energizing the financial sector, but they also raise important security concerns.
Financial services organizations are migrating to the cloud to reduce complexity, cut costs, and focus their capabilities on delivering financial services to their customers. Leveraging the cloud, both large and small institutions benefit from advanced technology that is normally only available to those who can substantially invest in a highly technical workforce.
While cloud providers generally practice strong cyber hygiene, enabling quick responses to vulnerabilities and security incidents, there are also major security challenges with moving to cloud.
Because cloud providers service many clients, a single breach can place multiple organizations’ data at risk. Today, almost all organizations, including financial services, use multiple cloud providers, a trend that is making visibility into operations more challenging. To remediate this situation, organizations need solutions to manage visibility and monitor security between cloud service consumers and providers. Services like McAfee’s MVISION Cloud, a Cloud Access Security Broker (CASB), represent a critical new class of applications that are rapidly being adopted to manage and secure diverse cloud environments.
As with cloud, we must also understand the capabilities, limitations, and risks of AI. Financial services organizations are using AI and machine learning to enable advanced analytics that allows them to better serve and protect customers, while better managing overall cost.
As the new foundation for cyber defense, AI is enabling us to better detect threats and find the so-called “needle in a haystack of needles.” Additionally, AI-based automation is helping alleviate the cybersecurity talent shortage, enabling us to free up human security professionals to focus on the most critical aspects of cyber defense.
Unfortunately, AI can be used by our adversaries. Bad actors can use AI to identify the most vulnerable victims, automate phishing, and evade detection. AI improves their ability to execute attacks and enables content creation for use in social engineering and information warfare, such as deepfake videos. These and many other adversarial uses of AI can and will occur, putting our financial services sector as well as our democracy and civil society at risk.
To properly secure cloud and AI technology in the financial services sector, I recommended the Taskforce consider voluntary collaboration and the use of industry-supported standards and best practices such as the NIST Cybersecurity Framework. When appropriate, existing cybersecurity rules for highly regulated critical infrastructure industries should be updated to reflect the rapid speed of innovation.
While innovations in both cloud and artificial intelligence are and will continue to enhance the cybersecurity of the financial services and cloud sectors, these same innovations will progressively enable cyber hackers.
At McAfee, we look forward to working with Congress to help provide cybersecurity advice as the industry moves towards the adoption of cloud and artificial intelligence technologies.
A transcript of my testimony on the U.S. House Financial Services Committee’s Taskforce on Artificial Intelligence can be found here.