Until the machines fully take over the world and have no use for us human beings, people are going to still be the main line of defense against cyber threats. We have seen an uptick of AI generated phishing attacks, focusing on secure email notifications, request for e-signatures, and QR codes. These messages appear to be getting through our filters since it appears the bad actors' AI has taken over legitimate business mail systems hosted on AWS, Apple, and IONOS. We are able to detect these email system takeovers by the legal disclaimer footers in the emails, enforced on the back-end by the mail server, often identifying the organization. Provided the threat, we use KnowBe4's artificial intelligence phish testing platform on a monthly basis. We have also implemented a culture of trust but verify, where people are trained to call back using a known number in our system (not the contact information provided). We also promote a culture where people are skeptical of emails or contacts that are unexpected or unusual. Our mail system automatically identifies if an email originated outside of the organization and puts this in red text at the top of the email.
------------------------------
Matt Johnson
CFO
Premier Bank
Omaha, NE
Posts reflect my personal opinion and do not represent any organization in which I am affiliated.
------------------------------
-------------------------------------------
Original Message:
Sent: 10-02-2023 14:37
From: Rob Blackwell
Subject: Tuesday Topic: Cybersecurity in the Age of AI
Cybercriminals are becoming increasingly sophisticated, and with the rise of generative AI and digital transformation, community bankers need to be aware of a bevy of emerging threats, from ransomware-as-a-service to voice deepfakes.
According to the Independent Banker, to prevent attacks (and mitigate their impact), banks should adopt new technological capabilities such as automated real-time threat intelligence and penetration testing, consider cybersecurity insurance, and ramp up employee training. They should also take advantage of resources offered by the U.S. Cybersecurity and Infrastructure Security Agency and ICBA's Community Banker University.
What steps is your bank taking to protect itself? Do you have board members with cybersecurity experience? Any specific successes or lessons learned you can share with the community?
------------------------------
Rob Blackwell
Chief Content Officer and Head of External Affairs
IntraFi
Arlington, VA
------------------------------