By Anup Kumar, Head of Global Services, Linedata
Artificial intelligence (AI), and particularly generative AI, will transform how investment firms are run as it permeates all aspects of operations, from due diligence to new investments, from how software is developed to how research is conducted. This transformation will include automating private market operations, enhancing data extraction and streamlining compliance. Right now, most firms are only beginning to experiment with AI and are encountering some initial barriers. Data quality may be lagging, infrastructure may be lacking, talent is a challenge and governance needs to be carefully considered. But those barriers will be overcome and over the next three to five years, the effect of AI on investment management productivity and efficiency will be transformative.
One critical area that will be directly impacted, and sooner rather than later, is cybersecurity. AI is proving to be a double-edged sword, bolstering detection and defense capabilities while also providing malicious actors with ever more effective modes of attack. AI can and will be an important tool in helping to prevent cyberattacks and incidents through markedly better detection and threat prevention capabilities, such as the ability to quickly analyze and contextualize vast amounts of network data to identify spear phishing incidents or other potential threats.
On the flip side, AI is also certain to become an important weapon in the arsenal of bad actors, empowering them to mount much more sophisticated social engineering attacks. AI will enable more personalization and more credible communications, allowing much more convincing impersonations of specific people and schemes that are more targeted, automated and adaptive. Communication style personalization will make such attacks harder to detect and we can expect to see more malware, more wire frauds and more data poisoning in penetrated networks, which, in turn, can potentially corrupt or bias the outcomes of an organization’s AI-driven models.
As the overall cyber threat landscape evolves rapidly, investment firms will need to become more agile in their security policies and more dynamic in their approach to detecting and countering threats. Even before the advent of AI, basic cybersecurity “hygiene” that all organizations should be doing – training teams, investing in endpoint protection and anti-virus software, implementing multifactor authentication (MFA) and other added security measures – was a challenge for some investment firms. As AI becomes mainstream and we start to see how bad actors are using generative AI to convincingly mimic communications styles, firms must review and rethink their cybersecurity playbooks in light of evolving and escalating threats. Some of the key elements that firms need to consider:
- Training: security teams and network users will need to be trained much more, including training on detecting deep fakes, and training materials enhanced to deal with more sophisticated, AI- powered threats;
- Endpoint protection: protecting endpoints (desktops, laptops, mobile devices, etc.) in a dynamic threat landscape is essential, particularly in remote and hybrid working environments, and will require greater investment in endpoint detection that will increasingly make use of AI solutions;
- Multifactor authentication: MFA, which some organizations have been too slow to adopt, becomes more relevant than ever in verifying user identity amid increasingly personalized attacks;
- Cyber insurance: while cyber insurance is strongly recommended as an added protection, firms must demonstrate that they have the proper hygiene measures in place or risk having their claims denied;
- Third party risk management: for firms that are themselves leveraging AI capabilities, third party, and even fourth party, risk management becomes even more critical, including patching and ensuring rigor and automated processes for identifying and addressing vulnerabilities;
- Governance: any firm that is embedding AI in its processes must ensure that is has the right governance and controls in place with proper oversight to deal with the myriad ethics, bias and compliance issues raised by AI. New SEC rules mandating timely reporting of cyber incidents further underscore the importance of strong governance and basic hygiene to safeguard operations.
While this may seem daunting and overwhelming to smaller investment firms, managed service providers (MSPs) and specialized cyber security consultants can provide critical functions like endpoint detection on a consumption basis that ensures access to the most up-to-date solutions at a manageable cost.
Inaction or maintaining the status quo in cybersecurity in an AI-centric world carries significant risks. Looking ahead one to two years, the battle between malicious entities launching increasingly sophisticated attacks and organizations using AI for detection and prevention will intensify. It’s imperative for investment firms to strategize their cybersecurity measures now.