The executive director of police services cautions about the ‘exponential’ rise of AI technologies in cyber-attacks at City Week, writes Rasika Sittamparam
The world’s financial services could be under threat from cyber-attacks planned by ‘a small group’ of perpetrators, Interpol’s Tim Morris said to a diverse crowd of intermediaries attending City Week.
He explained that the current danger comes from around 200-300 criminals who ‘outsource speciality’ to a wider spread of countries to make investigations more difficult. The perpetrators are also adopting emerging technologies such as AI at an ‘exponential’ rate, and can produce ‘credential harvesting’ malware ‘you can harness for a dollar’ to steal all manner of passwords and personal information.
‘Are nation states involved?’ an audience member asked, to which the executive director of police services gave an ominous reply. ‘Some nation states have a very close relationship with organised crime,’ he hinted, ‘if you identify the [geographical] source of attack, you’re nearer. It doesn’t matter who’s after your data – you have to look after it.’
There was a general consensus among the panellists, which included representatives from KPMG, Fidelity International and the Prudential Regulation Authority (PRA), that cyberattack can happen to anyone in the City’s financial services industry. ‘It’s a case of when not if,’ warned Fidelity boss Anne Richards, who challenged the culture of secrecy around data breaches caused by cyberattacks, admitting to which is largely seen as a stigma. ‘I think collaboration is really important across the industry because, particularly with the cyber aspects, one of the absolutely critical things is the speed of response.
‘Because we’re worried about competition and because we’ve always tried to minimise reputational risks and damage, I don’t think we’ve historically always been as fast at sharing with other people in the ecosystem,’ Richards said.
A panel member from cybersecurity expert Darktrace, Mariana Pereira, said that the future will bring ‘a painful learning’ curve with the rate at which the technologies used in cyberattacks evolve.
She cautioned against losing ‘billions of AuM’ if the issue is not treated as an emergency among financial institutions. There is hope however, against cyber criminals’ speed of learning. Darktrace uses its own AI technology to counter the perpetrators and their ‘self-learning’ malwares. ‘[It’s about] layering technology onto each other,’ Pereira said. ‘AI is very precise yet complementary – like the human immune system.’
The panel was asked to rate their confidence in the way cyber risks are managed. There is cautious optimism of a stronger framework in place with the help of GHCQ’s National Cyber Security Centre (NCSC).
The NCSC will collaborate with the PRA, later this year, to test UK companies’ software vulnerabilities with an ethical form of hacking called ‘penetration testing’.
Morris, who had earlier described the virtual interplay between the police and the criminals as ‘a giant game of whack-a-mole’, and that his department is facing a ‘crucial shortage’ of cyber investigators, was not convinced that the problem is under control. ‘If you’re in the police you’ve got to be pessimistic,’ he said, ‘constant battle is the new norm’.
Photo credit: Pixabay
Rasika Sittamparam is senior researcher at Spear’s