How AI tightens cracks and cracks down on crooks

How many hackers does it take to invade an LED light bulb? It doesn’t matter, because once inside they can defraud you of millions.

That’s the reality banks face as they embrace the operational advantages offered by enterprise Internet of Things (IoT) solutions such as network-controlled lighting, HVAC, door locks and plumbing pipe sensors. But there’s a dark side: relatively weak security protocols due to lethargic standards evolution. To an attacker, this makes a single IoT lightbulb look like a hulking airplane hanger door.

But relying on a cybersecurity approach referred to “M&M”—yes, as in the chocolate candy—no longer goes far enough. “Banks need to shift their cybersecurity focus from being hardened around the perimeter, but soft on the inside, to being crunchy throughout,” says Dan Cummins, senior analyst for information security at 451 Research.

Fortunately, some smart new kids on the block offer a couple of effective types of cybersecurity solutions that leverage machine learning, a form of artificial intelligence (AI), to plug the human fallibility gap. Neither category of recent arrivals replace existing perimeter-based defenses. Instead, they’re a component of today’s multi-layered strategies for making your institution crunchy throughout.

That’s crucial because once an attacker infiltrates a business partner, it’s a sure bet they’ll hunt down legitimate credentials used for automated electronic communications such as those with your institution. “You have to assume your supply chain can be corrupted and infiltrated.” says Avivah Litan, VP and distinguished analyst at Garner.

Yet there are new ways to thwart hackers before they dial up fraud. First up is user and entity behavior analytics (UEBA). Essentially, this technology establishes a behavioral baseline for everything—animate or inanimate—that connects to your network. After ascertaining connection norms, these solutions monitor for anomalies and raise an alert when risk levels reach your pre-determined thresholds.

For example: If a person who most often accesses your network on their laptop during business hours suddenly logs in on a Sunday evening from a nearby location, this may not qualify as risky behavior because they could just be working from home. On the other hand, if a light bulb starts accessing multiple commercial deposit accounts and transferring funds to an external location on a Sunday evening, alarms would most certainly ring.

In a nutshell, UEBA provides the machine learning and advanced analytics needed to find needles in a haystack, says Litan. “For bankers, UEBA does for insider threats what fraud detection has been doing for years—and then some.”

“Bankers are familiar with machine learning for deposit accounts and credit card fraud, but not around employees, contractors or trusted IoT systems,” she continues. “UEBA brings advanced analytics to these other types of threats, making such solutions another critical layer in your security arsenal.”

The other new AI-enabled security strategy layer is threat deception technology. It turns your entire computing environment into an intelligent, self-learning equivalent of a malware mousetrap. Deception solutions lure attackers into engaging with a virtual decoy and, in the process, revealing themselves. Simultaneously, the solution reports the infection to the individual, or group of people, authorized to take action.

Just one of threat deception’s advantages is uncovering the most troublesome type of assault: zero-day. Whether targeted at your specific institution or at a vulnerability affecting many companies, zero-day malware takes advantage of unknown software and hardware weaknesses—often to spectacular affect—that are unknown to the vendor or end user..

On the value of threat deception, Cummins minces no words. “Deception technology is essential in banking,” he says. “It provides high efficacy that what you’ve detected is a real threat and not a false alarm.”

In addition, such solutions permit following a threat’s lifecycle. “As attacks move throughout your systems, they typically uncover ways to escalate their privileges,” says Cummins. “Understanding the tactics and procedures of the current attack allows you to foreclose on the next one, quickly, as you gain a list of items you need to fortify before the next intrusion begins.

Indeed, the need for AI intervention has never been greater.

Regardless whether malicious actors enter via your IoT systems or someone else’s, one major factor for carrying out fraud is time. The longer an attacker pokes around your network, the more likely they are to get away with the cash. Respected studies say hackers now spend around 150 days, on average, inside a network before they’re detected: plenty of time to gain a foothold, infect multiple systems, harvest vital data and phone it all home.

Traditional threat detection systems also break down because they depend on a human investigating an alert – with any given bank experiencing dozens, hundreds or thousands of alerts every day. But given the accelerating adoption of enterprise IoT, the cybersecurity white hats will likely engineer even more ways to protect your network-connected systems from the black hats.

In the meantime, adopting one of today’s advanced AI-enhanced solutions helps ensure you get some sleep when you turn out the lights.

Anne Rawland Gabriel is a contributing writer to BAI Banking Strategies who has spent more than 20 years writing about business and business technologies as a journalist and marketing communications consultant. She is based in the Minneapolis/St. Paul, Minn. metropolitan area.