Major financial institutions have used artificial intelligence to play increasingly stingy defense against fraud and cybersecurity threats over the past decade, a top Treasury Department official said Thursday. But “there’s growth to do” when it comes to deploying those same technologies for smaller banks.

Todd Conklin, the Treasury Department’s chief AI officer and deputy assistant secretary for the Office of Cybersecurity and Critical Infrastructure Protection, said during an American Bankers Association virtual event that the sector has done “very well” to narrow the cybersecurity gap between large and small lenders.

But though Conklin has seen a “significant reduction” in fraud at some of the country’s largest financial institutions thanks to AI, there’s a concerted public-private effort now on “how do we ensure that we’re … leveraging the capabilities of our largest institutions and making sure that our smallest institutions have the same advantage from a defensive perspective.”

Protecting small financial institutions from AI-fueled threats was a primary topic of discussion during Thursday’s press briefing featuring Conklin and two members of the Financial Services Sector Coordinating Council, which contributed to Treasury’s March report on managing AI-specific cyber risks in the financial services sector.

Paul Benda, vice chair of the FSSCC and executive vice president of fraud, risk and cybersecurity at the ABA, said the focus of current and future public-private financial sector coalitions will be to “figure out ways to provide more data and better training systems” to smaller institutions.

“By their nature, small institutions simply don’t have the same volume of data to train their systems on,” Benda said. “They may not have access to some [of the] same high-end technical systems that some of the larger institutions have. … Can we take those lessons learned from those larger institutions that are more leaning forward, that have sandboxes they can play in to test out these capabilities, and extend those to small institutions?”

At least some of the dozens of financial institutions interviewed as part of last month’s Treasury report raised “significant concerns about the data used to train commercial generative AI because of privacy and liability concerns.” A potential solution floated by representatives from those participating banks would be a “standardized description, similar to a nutrition label, for vendor-provided generative AI systems to clearly identify what data was used to train a model, where it came from, and how any data submitted to the model will be incorporated.”

Debbie Guild, the FSSCC chair and head of enterprise technology & security at PNC Financial Services Group, acknowledged during Thursday’s call that nutrition labels won’t “be something that everybody will care about.” But there is plenty of value for financial institutions large and small to be transparent about when an AI model “stopped being trained” given the decision-making that revolves around those outputs, she said.

Conklin added that nutrition labels will be “really significant” for small financial institutions given their reliance on third-party data sources “to meet the level of explainability that’s going to be required of them by the Regulatory Oversight Committee,” an international body of more than 65 markets regulators and other public officials from 50-plus countries.

Treasury and the FSSCC, meanwhile, have enlisted “multiple core providers” — makers of software used by banks to manage processes — in discussions on how best to adopt and apply AI to financial services, Conklin said.

Those third-party services “have a significant role to play as does, frankly, the U.S. Treasury Department, in terms of making sure we’re working in lockstep with our sector partners to try to close the gap between our largest and smallest institutions,” he added. “We’re going to definitely try to encourage as much innovation in that space as reasonably possible.”

The post Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Cisco Releases Security Updates for Multiple Products

March 28, 2024 0 Comments 0 tags

Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA

Cisco Releases Security Updates for IOS XR Software

March 14, 2024 0 Comments 0 tags

Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device.  CISA

Cloud Account Attacks Surged 16-Fold in 2023

March 13, 2024 0 Comments 0 tags

Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors