Developments in artificial intelligence and machine learning increase the threat of financial cyber crime, and the financial services industry must be prepared in case of an attack, according to professor Marco Gercke, director of the Cybercrime Research Institute.
In a speech to open the plenary debate, ‘Cyber security: Catching the bad guys’, at Sibos 2016, Gercke noted that, while humans are still superior in making emotional decisions, rationally, robots are ahead.
In negotiations, “artificial intelligence can substitute negotiators”, he said, adding that in the future, more dependencies on those machines will emerge.
The main issue with this, Gercke said, is that “machines will suggest solutions that are based on analyses so complex that we won’t be able to go through it in a lifetime”.
Without the ability to verify these analyses, there will be little choice but to trust the machines. As we become more dependent on them, “attacks become more severe”.
The financial services industry is increasingly dependent on its systems and on financial technology, and, Gercke said, attackers are not going to attack servers. Instead, they will manipulate financial documents, make data inaccurate, and then hold institutions to ransom.
He told attendees: “Your whole industry is based on trust and confidentiality.”
In order to protect against this, institutions must consider their individual risk assessment, considering what a data breach could mean for the business, how clients would react to their financial data being leaked, and how employees would react to personal details, or contract details, being made public.
Gercke also suggested that the financial services industry is lacking cooperation with regards to cyber security. While client data confidentiality is important, it is also crucial to share information on cyber attacks as “the same offenders will use the same methods to attack a competitor”.
Banks should create a sharing culture whereby they can help each other to protect against potential attacks.
Finally, Gercke reminded the audience that they can’t prevent all attacks or “catch all the bad guys”, and reiterated that simply having anti-virus software and a firewall is not a good enough answer to the threat of cyber crime. He said: “You need to have a response strategy.”
