Financial entities urged to boost digital resilience against AI threats
Banca d'Italia urges financial intermediaries to strengthen digital operational resilience against advanced artificial intelligence models. The central bank highlights increased cyber risks from AI's ability to identify and exploit software vulnerabilities rapidly.
AI amplifies cyber vulnerabilities
Emerging technologies, particularly artificial intelligence systems, are transforming the cybersecurity landscape and posing new challenges for the confidentiality, integrity, and resilience of IT systems and the information they manage within the financial sector.
Advanced AI models can identify software vulnerabilities and simultaneously generate exploitation methods in extremely short times, without requiring specific technical skills.
This significantly reduces the time between vulnerability detection and exploitation, increasing the risk of effective cyberattacks.
Banca d'Italia, consistent with European single supervision and DORA requirements, invites intermediaries to promptly identify and implement necessary measures to enhance security processes and controls protecting their systems.
This aims to strengthen their operational and cyber resilience, ensuring business continuity and reliable financial services.
Fortifying core defenses
Banca d'Italia outlines key areas for strengthening defenses.
Governance bodies must revise risk appetite frameworks to incorporate frontier AI risks, aligning with ICT investments and resource allocation.
They must also define controls for external IT service providers, including contractual requirements for security monitoring and patch management.
Cyber hygiene strategies should integrate defense-in-depth principles, rigorous authentication, granular access management, and constant activity monitoring.
Network segmentation is crucial to limit compromise propagation.
Comprehensive, updated IT resource inventories are essential for vulnerability management and mapping the attack surface, necessitating modernization of legacy infrastructures.
Rapid identification and timely remediation of vulnerabilities, prioritizing critical and external-facing systems, are also highlighted.
AI's double-edged sword
This communication serves as a critical, albeit expected, warning to financial institutions.
While DORA provides the regulatory baseline, the rapid evolution of AI necessitates a proactive and substantial overhaul of existing cyber defenses.
Firms must now integrate advanced AI risk assessments into their core governance and invest significantly to close the widening gap between attackers and defenders.