To prevent cybercrime, you need to be one step ahead of the cybercriminals — at least, that is the premise of how banks use AI in their cybersecurity measures.
AI is equally a tool that cybercriminals use to launch sophisticated attacks and a tool that cybersecurity professionals use in monitoring traffic and user behavior to stop cyber attacks before they happen.
“In the past few years, AI has kicked down the door and is available to help organizations in hundreds of ways,” said Emy Dunfee, director of security and incident management at FirstBank.
A big part of what Dunfee does at FirstBank — in addition to overseeing all of the physical security, cybersecurity and security governance — is coordinating with the technology team on how to use AI in the company’s cybersecurity defenses.
“Our goal is to ensure we are embracing AI opportunities while still following safe data-sharing practices and limiting preventable risk,” said Dunfee.
FirstBank began providing banking services in 1963. Today, its digital banking services have propelled it to become one of the largest privately held banks in the United States. While bigger banks likely draw more cyberattacks in terms of incidents, financial tech organizations like FirstBank’s have to be prepared for any attempts that arise and fortify customer data. In addition to AI, FirstBank uses measures like encryption, firewalls, automatic logoff, secure logins and multiple authentication checks to help keep the data of customers safe.
“As data breaches become more common and individual passwords are compromised, threat actors are testing those passwords at as many institutions as possible,” Dunfee noted.
How FirstBank Uses AI
The banking industry in particular is up against specific challenges when it comes to AI and cybersecurity.
On one hand, generative AI can be used to create sophisticated phishing attacks, like the deepfake group video call that was used to trick an unnamed finance worker from a multinational firm into transferring $200 million Hong Kong dollars — the equivalent of $26 million in U.S. dollars — to the cybercriminals, as noted by the International Monetary Fund in its April 2024 Global Financial Stability Report.
On the other hand, AI can also play a mission-critical role in identifying fraud and speeding up incident response time — like it does for FirstBank’s information security team. AI can also help technical teams by taking on time-heavy tasks.
How is AI Used in Cybersecurity?
AI is used by cybersecurity teams to analyze complex attacks and monitor network traffic and user behavior — all with the goal of alerting the team to attacks quickly and helping to prevent future attacks. Cybersecurity teams can also use AI the same way that bad actors do but in the context of “ethical hacking” or penetration testing.
Banks have to raise the bar for cybersecurity readiness, considering that almost one-fifth of cyber incidents affect the financial sector and banks are the most frequent targets, according to the International Monetary Fund.
FirstBank has set its internal bar of cybersecurity excellence high. A notable example was when Brenden Smith, FirstBank’s chief information security officer, hired professional hackers to breach FirstBank’s systems in order to assess vulnerabilities in its cybersecurity defenses. It took the hired hackers three years to do so, according to American Banker.
Beyond its cybersecurity uses, AI is also used at FirstBank to support how employees work and in aspects of the product itself.
“With the use of AI becoming more integrated into products and services, I see the highest benefit emerging in faster data correlation and expanded data usage for various use cases,” said Dunfee. “Being able to identify anomalies or anomalous behaviors quicker will improve incident response time while reducing incident impact.”
Dunfee has her work cut out for her. However, she has a counterpart on the technology side of things — Jamie Block, infrastructure and operations director at FirstBank — who is there to help.
“I completely agree with Emy,” noted Block. “AI has the potential to improve efficiency for a variety of tasks. It can help reduce tedious work like creating the right Splunk query to get what you need. Or it can help find anomalies among thousands of log files.”
When Block signs in for work each morning, she has to be prepared for anything.
“You never know what you’re going to be up against next,” said Block. “One day you may be dealing with highly targeted credential stuffing and the next day you’re patching a high-severity zero-day vulnerability. We have implemented a strong suite of tools that help us understand where our attention needs to be and how to respond.”
“You never know what you’re going to be up against next,. One day you may be dealing with highly targeted credential stuffing and the next day you’re patching a high-severity zero-day vulnerability.”
Block also pointed out that in technical roles, anything that can save the team time on cumbersome tasks frees them up to focus on bigger issues like cybersecurity.
“AI is important because it has the potential to allow staff to spend their time on valuable work,” said Block. “Nearly every IT person can tell you of a time they spent an hour figuring out just the right Splunk query or sifting through a million log messages. That kind of tedious work can be offloaded to a variety of AI tools.”
Team Alignment: Tech and Security
Block and Dunfee’s teams often work together and, at the same time, can be roadblocks for one another. It’s the job of each team to find fallibilities in the work of the other.
“While there is always friction between technology and security just by nature of what these teams do, we have worked really hard to build strong relationships based on mutual respect that allow our teams to collaborate and challenge one another until they get to the best possible solution,” said Block.
Block explained that the security and technology teams work closely to detect and address external security threats.
“We work together to evaluate new technologies and ensure anything we bring into our environment is secure and meets best practices,” she said. “Emy and I work very closely to ensure there is a strong partnership between our teams.”
“I am blessed to be a peer and a partner of Jamie,” noted Dunfee. “She approaches leadership from a place of accountability and innovation. Her teams are knowledgeable and collaborative, which has led to strong partnerships with my teams. Security is an organizational effort, and Jamie leads by example in this space.”
Block had similar sentiments about Dunfee. “Emy is an incredible partner,” Block noted, mentioning how Dunfee’s expertise in the field allows her to develop the best possible solutions and that she takes the time to educate others on very complex subjects in cybersecurity. “She is a great leader for our organization.”
Continuous Learning
Dunfee explained that, like many financial institutions, FirstBank experiences frequent phishing attempts and credential-stuffing attacks. She shared that the cybersecurity threat landscape is always evolving, which makes continuous learning vital.
“Security needs to be skilled at mitigating various types of attacks, and it is vital that the technologies we invest in can do the same,” she noted.
Dunfee is confident in her team’s response actions and playbooks, but continuously pushes those teams to stay up to date with developments in the field.
“Supporting continuous education opportunities as well as red team exercises ensures our teams’ skills evolve with the threats themselves,” noted Dunfee.
Team members attend conferences throughout the year, and the security program “maintains a continuous RSS feed from key informational sources to review product announcements, threat intel and industry updates,” Dunfee added.
“On the technology side, we encourage staff to research and experiment as a part of their job,” said Block.
“We encourage staff to research and experiment as a part of their job.”
Block explained that she hosts technical experts to conduct trainings so the team can learn new skill sets. “We also make cloud-based sandbox environments available to technology staff to provide a safe place for experimentation.”
“The FirstBank security teams are highly collaborative and engaged,” added Dunfee. “We pride ourselves on having a culture of support. If there is a product, concept or innovation you are interested in exploring, we are excited to hear about it.”
Today, FirstBank is using AI as an early line of cybersecurity defense against hackers and other nefarious players who are a threat to customer’s financial data security.
“It is such an exciting time to be in the security and technology space with all the new ways to leverage AI capabilities — however, getting real, tangible value from these capabilities is the strategic goal,” concluded Dunfee.
