The New York State Department of Financial Services this week issued guidance for financial institutions on how artificial intelligence is changing cybersecurity risks. The document lists risks arising from AI along with controls and measures that institutions can implement to mitigate threats. It does not impose any new requirements on financial institutions.
Risks include AI-enabled social engineering, in which the technology allows bad actors to create realistic and interactive audio, video and text that allow them to target specific individuals. The guidance also notes that AI can amplify the scale and speed of existing cyberattacks, and that AI products typically require the collection of a vast amount of data that must be secured.
Measures that financial institutions can take to mitigate threats include implementing risk assessments and risk-based policies and procedures, having effective third-party and vendor management, implementing robust access controls, and cybersecurity training, according to the guidance.
