Online banking is on the rise, and so are the resulting security risks. To enhance its protection, UnionDigital Bank was created with a specific approach to cybersecurity using artificial intelligence.
An online bank’s reliance on data required an AI-based approach to cybersecurity and risk management. It was essential to success, says Dominic Grunden, head of information security at UnionDigital Bank. For him and his team, this took on even greater significance given the speed with which UnionDigital Bank was set up to boost the Philippines’ digital economy. The Bank enables the Filipino people, communities, businesses and regulators to benefit from digital banking, financial technology, blockchain and open banking technologies. It was created in just five months, an unprecedented time in the banking sector, according to this CISO.
From the start, Dominic Grunden recognized the need for an AI-driven security policy to keep pace with both the unprecedented growth of the company and the complexities of the online banking ecosystem. The key to achieving this was a transparent relationship with the company’s Chief Data Officer (CDO), David R. Hardon. Working together, the two used independent technology to instill a “truly comprehensive” AI-powered security and risk management strategy.
Cybersecurity and Artificial Intelligence for Banking Needs
Dominic Grunden says that the spread of online banking is important in the Philippines, as is the growing demand and dependence on cryptocurrencies and other payment methods. “It presents internet banking as an unprecedented opportunity, but at the same time it foreshadows a new era of cybercrime. I say this because this is an era characterized by complex interconnectedness and undefined geographies. It is not like a traditional bank in physics. Technically, we have no boundaries. “. Dominic Grunden adds that the biggest challenge in digital banking is that the threat landscape is changing rapidly, and criminals are constantly evolving, using more IT tools and becoming more sophisticated. “It’s impersonal, complex, interconnected, and makes use of advanced data and technology that humans can’t keep up with.”
This is what drives UnionDigital Bank’s security orientation towards artificial intelligence, says this Information Systems Security Director. “We need to be able to keep up – to be both defensive and offensive at the same time in innovation to protect our customers and their data. AI has given us this mechanism to keep pace with the industry, where we can also understand the behaviors and motivations of individuals and consumers, detect criminal activity more quickly and enhance our collective ability to combat and fending off financial crime, because at the end of the day, that’s what comes into digital banking. I firmly believe that online banking isn’t just about finance; we’ll be the custodian of customer data. We’ll need to make faster decisions about risks, such as blocking payments and detecting The fraud is in real time, and we will need to detect violations more quickly.” All while meeting higher consumer experience expectations as online banking becomes more prevalent.
The full potential of artificial intelligence
Data transparency is key to achieving this, and AI’s ability to provide broad and accurate analytics of data patterns is UnionDigital’s primary security feature, according to Hardoon. AI is primarily about identifying patterns and/or irregularities in patterns, and with that being able to provide a highly customized service that can recognize anomalies. For me, the principle of security, governance, compliance and crime prevention is an integral part of customer service. It is the goal and integration of anything and everything from a defensive line perspective that requires data that cultivates a dynamic understanding of behavior that helps better manage risk,” he says.
Mr. Grunden agrees, adding that this data transparency also provides diverse insights into threat patterns that can be understood and used to identify potential trend-based risks from a digital banking perspective, thus reducing the cost and time of detection and response. David R. Hardoon cites the example of a situation where he was asked to use AI-powered data analytics to help predict non-compliance before it occurs. “Again, it was about identifying if there was a pattern and asking if we could learn from it. Sometimes the answer is no, but in this case we were able to predict the likelihood of non-compliance two or three months in advance.”
Implementation of preventive measures
He admits that the term “probability” is important here because there is no way to guarantee a 100% risk, but if you can say there is an 85% chance of non-compliance, that allows you to move from being able to react as soon as this happens to taking precautionary measures up front. “In a way, it creates a capability that wants to eventually be caught as wrong, and then it will put all the controls and all the measures in place to reduce the likelihood of that thing happening. It’s a real shift in how risk works — using data and relying on AI to find something that might happen. , so you can put in place preventative measures to make sure that doesn’t happen.”
This allows UnionDigital to improve its attack and threat prevention capabilities, moving from simply “catching fools” caught in simple traps to implementing a more sophisticated method to stop attackers using their independent technology to conduct malicious campaigns. “Attackers are getting a lot more sophisticated than we want to admit,” says CDO. “The systems we have put in place go beyond that, and we are thinking in terms of better customer service and stronger, more relevant advocacy. Ultimately, I think it has to be an industry-wide approach.” Mr. Grunden, for his part, is contemplating plans to go further. “We are definitely pushing things too far, and a lot of that has to do with the maturity of the security function, despite it being a new bank.”
Enthusiasm and collaboration are integral to the success of AI security
Dominic Grunden says he and his team are motivated by uncovering potential AI to improve their cybersecurity strategy, which plays a key role in their collaboration with David R. Hardoon division. “We are looking at what AI solutions his team currently has or what can be built to improve things, because we might buy a product out of the box but it’s not good enough for us. We want to go further, which is why we’re leveraging AI to create Improved capabilities and pushing the boundaries of the products, services, and platforms we buy.”
“I’ve never had the same level of emulation and commitment in other companies I’ve worked for,” adds Dominic Grunden. “It’s also about maintaining that enthusiasm for AI policy first, so that we can use technology to have security, and my team fully embraces that.” The two men are convinced that true cybersecurity driven by artificial intelligence must be comprehensive, a concept they are committed to implementing at UnionDigital Bank. This means activating the comprehensive application of AI in cybersecurity and risk management.
Artificial intelligence is still developing, with challenges ahead
This strategy is not without its challenges — or at least important factors to consider — Dominic Grunden and David R. Hardon agree. “One of them is a bigger call for talent when it comes to AI and cybersecurity,” says Dominic Grunden. “Currently, this technology is in its infancy, so the cost of creating a pool of very good talent in both AI and cybersecurity is high.” He adds that there is also the fact that AI can benefit attackers in certain ways if it is not well understood, implemented, and used. “Then there’s the old saying that more data creates more problems, and while I don’t struggle with that at UnionDigital Bank due to the way our CDO has structured the data, that’s generally a problem. As far as you have to entrust the data to a third Parties. It would be more challenging if we were based in Europe with GDPR, for example. Finally, if there was room for human error in the way AI is deployed, it could still be error prone.”
From a CDO perspective, the main consideration in applying AI to security and risk management centers around establishing a definition of what constitutes a “good risk”. “Of course, there are always risks, but AI makes the questions sharper – what is the acceptable level of risk? It can tell you the levels of risk up front, which is very different from an operational perspective where, after the fact, you realize you may have missed something, because x or y or z event downstream. So, if you decide not to accept the level of risk presented to you, it may have an impact on future operational activities, so the best ways of exploiting the results should be carefully considered.” Ultimately, the benefits of AI for cybersecurity outweigh any drawbacks or challenges UnionDigital Bank faces, says Grunden.
Artificial intelligence, essential for future cybersecurity
Looking to the future, CISO believes that the need for an AI-based approach to cybersecurity will only increase in the online banking industry and beyond. “It will be more important than many experts think,” he said. “In my opinion, AI will be incorporated into some kind of security standard in the next five to 10 years, whether it’s an ISO standard or something else. For digital banking in particular, I also think there’s a good chance that failure to use AI will become For cybersecurity is illegal or some form of regulatory non-compliance. I believe AI will be a catalyst in determining whether the digital banking industry can keep pace with the threat community, and I see a time when we will have “good threat-hunting bots on the threat landscape.”
An opinion shared by the CDO: “Artificial intelligence must simply become an essential component of cybersecurity defense. If you don’t, you will be devastated – perhaps not now, but someday.”