The ability for cyber attackers to steal data has become increasingly more sophisticated, according to US-listed identity security specialist CyberArk. Developments in artificial intelligence could make the threat worse.

The emergence of artificial intelligence is creating new opportunities to beef up securities capabilities at banks. Machine learning can improve financial monitoring to prevent money laundering or other unwanted flows. Natural language processing tools can make compliance procedures faster and more accurate.

But as is the case with with any other technologies, AI is a double-edged sword that can be used for good or bad.

Negative Impact Expected

According to a 2023 survey by CyberArk, 94 percent of cybersecurity experts in Asia Pacific expect a negative impact from AI tools and services. Chatbot security vulnerabilities were cited as the top worry with concerns about potential employee impersonation, ransomware, malware and phishing. 

«There is integration to an AI system that pushes malicious code and malicious malware. That gives an attacker an advantage [as they don’t need to be] spending a lot of time writing malicious code and then getting detected,» said Shay Nahari, vice president of red team services at CyberArk, in a conversation with finews.asia.

Closing Gap

New capabilities aside, the techniques and procedures applied by attackers in the APAC region have historically lagged compared to those being applied in western markets. But that gap is increasingly narrowing.

«In the past we used to see gaps, sometimes measured in years,» Nahari said. «These days, we've seen almost no gap [and it may be the] same attack, sometimes.»

Post-MFA

Previously, cyberattacks for data theft were often focused on login credentials such as usernames and passwords. Nowadays, most financial institutions have security measures like multi-factor authentication (MFA) to combat such theft but hackers are moving on.

«One of the way we've seen those advanced attacks go after [financial firms] is by trying to steal identities, secrets and cookies, which will allow them to bypass that MFA authentication,» Nahari explained.

Cloud Attacks

According to Nahari, most financial organizations today have a very good grasp on basic security and methods for managing human identities. But there is a relatively lower level of understanding for machine identities, especially with regards to the wholesale move towards cloud computing.

«We've seen several breaches happening [in the cloud],» he added. «There are attack surfaces that an attacker can abuse in order to get in or to move laterally horizontally. I would recommend even being aware of that.»

Founded in 1999, Nasdaq-listed CyberArk is headquartered in Massachusetts with other offices in the Americas, EMEA and Asia Pacific. Today, the identity security specialist has more than 8,000 customers in 110 countries.