The use of AI technology may not be new to the financial sector, but, as new programs appear, so do new threats. The objective of hackers is usually quite simple: “It’s purely money,” says Pascal Steichen, CEO of the Luxembourg House. This makes high net worth individuals (HNWIs), their assets and data, the ideal victims.
New technologies--Steichen lists AI, blockchain, cloud and big data--which help wealth managers crank up the speed and quality of their work, could therefore pose additional risks. The cybersecurity community notes new types of cyberattacks that rely implementing biases in algorithms.
Guarding the construction site
While AI can be an efficient tool for companies, it also needs to be trained before it can do so. It is during that training phase that businesses should be especially vigilant, explains Steichen. If a cybercriminal slips data into the program when it is in its building stages, this data could lead algorithms trained towards certain biases and decisions.
“This sector being what it is, the targets are more prominent and so the sector is more vulnerable,” Steichen stresses.
It is therefore key to “avoid [training the AI] in an open environment”, instead using dedicated and closed test environments and working with trusted partners, the cybersecurity specialist recommends. “Take the due diligence process seriously and be quite thorough.”
Cybersecurity by design
Confidentiality is also a pool of potential wealth for hackers. “A prime technology to protect confidentiality is cryptography. In a few years time, we’ll see more and more quantum computers and this will be able to break cryptography algorithms quite fast,” warns Steichen. Which means that even if data hacked now remains crypted, it could be decrypted in the future and exploited then for blackmailing purposes or others.
Hackers could of course exploit the usual vulnerabilities found in companies too, like technical flaws. Social engineering, which relies on manipulating people, is also on the rise. “We see more and more attacks where human vulnerabilities have been used,” confirms Steichen. Here, both clients but also wealth managers can be manipulated as they have access to extensive wealth and data.
Training staff, applying due diligence
In the face of both new and more traditional cybersecurity threats, Steichen has one recommendation for wealth managers: “The set-up is important. It’s not just about technological flaws and social engineering and being careful with AI projects. It’s important to think about cybersecurity by design.” Being thorough with due diligence checks on programs used will also be key in prevention efforts.
The sector will never be risk-free, so it is important to put in place strategies and protocols for all types of attacks and scenarios. Training staff on all levels on the topic is important, and so is making sure to have competent IT stuff on hand that is a part of the cybersecurity community.
“We don’t have the privilege anymore to ignore cyber threats,” says Steichen, who, however, as a silver lining, cites new and upcoming cybersecurity regulation like Nis2 and, for financial institutions, Dora.
Pascal Steichen will speak at conference on 26 January 2023.