Digital banking’s reliance on data means that an AI-based approach to cybersecurity and risk management is integral to success, UnionDigital Bank CISO Dominic Grunden tells CSO. For him and his team, this took on even greater significance given the speed with which UnionDigital Bank was set up to enable the digital economy in the Philippines. The bank enables Filipinos, communities, businesses, problem solvers, and regulators to benefit from digital banking, financial technology, blockchain technologies, and open finance. Grunden says it was established in just five months, a time range unheard of in the banking industry.
From the start, Grunden recognized the need to adopt an AI-driven security policy first to keep pace with the unprecedented growth of the company and the complexities of the digital banking space. The key to achieving this was having a seamless relationship with the company’s Chief Data Officer (CDO), Dr. David R. Hardon. Working together, the two used independent technology to instill a “truly holistic” AI-powered security and risk management strategy.
How AI-Based Cybersecurity Can Meet UnionDigital’s Banking Needs
Grunden says the spread of digital financial technology is significant in the Philippines, as is the growing demand and dependence on cryptocurrencies and other payment methods. “This presents digital banking with unprecedented opportunity, but at the same time it heralds a new era of digital crime. I say that because it features complex interconnectedness and undefined geographies. It is not like traditional brick and mortar banks. We technically have no boundaries.”
The biggest challenge in digital banking, Grunden adds, is that the threat landscape is rapidly changing, and criminals are constantly evolving, using more electronics, and getting more sophisticated. “It’s impersonal, complex, interconnected, and makes use of advanced data and technologies that humans just can’t keep up with.”
Grunden says this is what drives UnionDigital Bank’s number one AI security focus. “We need to be able to keep up – to be both defensive and offensive by innovating to protect our customers and their data. AI has given us this mechanism to feel like we are keeping pace with the industry, where we can also understand the behaviors and motivations of individuals and consumers, detect criminal activity faster and enhance our capacity Collective focus on fighting and fending off financial crime.Because at the end of the day, that’s what it’s coming to in digital banking.I firmly believe that digital banking will be more than just finance;We will be safe with customer data.There will be a need to make faster decisions about risks. Such as blocking real-time payments and detecting fraud, we will have to detect violations faster and respond to violations faster,” while meeting higher expectations about consumer experience as digital banking becomes more prevalent.
The potential of artificial intelligence in data transparency is the main security and quality of risk management
Data transparency is key to achieving this, and AI’s ability to provide broad and accurate analyzes of data patterns is UnionDigital’s main security advantage, according to Hardoon. AI is primarily about identifying patterns and/or irregularities in patterns, and with that being able to provide a highly customized service that can recognize anomalies. For me, the premise of security, governance, compliance, and crime prevention is an integral part of customer service. That’s the point and including anything and everything from a defensive line point of view entails that data cultivate a dynamic understanding of behavior that helps better manage risk.
Grunden agrees, adding that this data transparency also provides diverse perspectives on threat patterns that can be understood and used to identify potential new risks based on trends in a digital banking perspective, reducing the cost and time to detection and response.
Hardon cites an example when he was asked to use AI-powered data analytics to help predict non-compliance before it occurs. “Again, this was all about identifying if there was a pattern and asking if we could learn from it. Sometimes the answer is no, but in this case, we were able to predict the potential for non-compliance two or three months in advance.” He admits that the term “probability” is important here because there is no way to guarantee 100% risk, but if you can say there is an 85% chance of non-compliance, that allows you to move from just being able to react once that happens to taking precautionary measures early . “In a way, it allows you to create a capability that you want to prove wrong in the end because it allows you to put all of the controls and measurements in place to reduce the likelihood of something going wrong. This is a real shift in the risk taking process — using data and leveraging AI to find something that might happen, so you can of putting in place preventive measures to ensure that it does not happen.”
This allows UnionDigital to enhance its attack and threat prevention capabilities, moving from simply “catching fools” caught in simple traps to implementing a more sophisticated method to stop attackers using Its own independent technology for malicious campaigns. “Attackers are getting a lot more sophisticated than we might like to admit,” Hardon says. “The systems we have put in place go beyond that, and we are thinking in terms of providing better customer service and a more relevant and more robust defense. Ultimately, I think this has to be an industry-wide approach.”
Grunden ponders plans to go one step further. “We are definitely pushing things too far, and a lot of that is due to the maturity of the security function, despite the fact that we are a new bank.”
Excitement and alignment are integral to the success of AI security
Grunden says he and his team are driven by excitement about AI’s ability to enhance their cybersecurity strategy, something that plays a key role in their collaboration with the Hardoon division. “We’re looking at what AI solutions David’s team currently has or what can be built to improve things, because we might buy a product ‘out of the box’ but it’s not good enough for us. We want to go further, so we leverage AI to create capabilities Optimizing and driving the products, services, and platforms we buy.”
The Grunden team is working closely with Hardoon especially in the areas where AI plays and how it can improve things, he notes. “I haven’t had the same level of excitement and involvement in the previous organizations I’ve worked for,” Grunden adds. “It’s also about keeping that excitement of AI-first policy out there so we can use technology to make security our own, and my staff fully embrace that.”
Both Grunden and Hardoon believe true AI-driven cybersecurity should be comprehensive, a concept they are passionate about ensuring at UnionDigital Bank. This means enabling the comprehensive application of AI in terms of cybersecurity and risk management.
AI is still evolving with challenges to consider
This strategy is not without its challenges—or at least important factors to consider—Grunden and Hardon agree. “One of these is a higher call for talent in terms of AI and cybersecurity,” says Grunden. “The AI technology is currently still in its early stages, so the cost of creating a very good talent pool with both AI and cybersecurity is high.”
He adds that there is also the fact that AI can benefit attackers in certain ways if it is not well understood, implemented, and used. “Then there’s the old saying that more data creates more problems, and while I don’t struggle with that at UnionDigital Bank because of the way our CDO data is structured, it’s generally a problem that you’re required to outsource the data. That would be Much more difficult if we’re based in Europe with GDPR to look at, for example. Finally, if there’s room for human error in how AI is deployed, you can still be prone to errors.”
In Hardoon’s view, the main point to keep in mind when applying AI to security and risk management centers revolves around establishing a definition of what “good risk” is. “Of course, there is always risk, but AI makes the questions more acute – for example, how much risk is OK? It can tell you up front your levels of risk, which is very different from an operational perspective where you discover, in hindsight, that you are You may have missed something, because x, y, or z happened downstream.So if you decide you don’t want to accept the level of risk presented to you, it can affect the business going forward operationally, so there is a need to be careful about How to make the best use of the product.
In the end, Grunden says that the advantages of AI in cybersecurity far outweigh the negatives or challenges facing UnionDigital Bank.
AI will be more important to cybersecurity than many think
Looking to the future, Grunden believes that the need for an AI-driven approach to cybersecurity will only increase for the digital banking sector and beyond. “It’s going to be more important than many experts think,” he says. “In my opinion, AI will be attracted to some Security standard type In the next five to ten years, whether it’s an ISO standard or something else. For digital banking specifically, I also think there is a very strong chance that it will become illegal or a form of regulatory non-compliance if the organization is not using AI in its cybersecurity. I believe AI will be a catalyst to determine if the digital banking sector can keep pace with the threatening community of actors, and I can see a time when we will have ‘good AI threat-hunting bots’ working against the ‘bad bots’ that change in flight. Depending on the nature of the threat.
Hardon agrees. “Artificial intelligence simply needs to be a staple of cybersecurity defence. If not, you will just take a beating – maybe not now, but someday.”
Copyright © 2022 IDG Communications, Inc.