<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">


Episode Notes

Generative AI (GenAI) is changing the cybersecurity landscape at a phenomenal pace, creating both new challenges and opportunities. As cyber attacks become increasingly sophisticated, preventing them requires information sharing. Ann Barron-DiCamillo, Managing Director and Global Head of Cyber Operations at Citi, talks about the difference between traditional attacks and AI-powered threats. Ann, also the current Chair of FS-ISAC's Board, discusses supply chain risks, the importance of information sharing and nurturing the cybersecurity talent pool.

Notes from our Discussion with Ann

(0:50) - GenAI in Cybersecurity
GenAI has helped accelerate time to market. The use of advanced technologies, especially in the financial sector, centers around acceleration. On the cybersecurity front, the opportunities are reversed. With acceleration, there’s a growing need to ensure we are not bypassing validation or losing control. There’s also the need to differentiate between traditional malware and AI-powered threats. ChatGPT has resulted in the merger between security tool capability and business logic, allowing security teams to reverse engineer the use of AI to find vulnerabilities quicker. 

(4:51) - Threat Actors Using AI
95% of breaches begin with a phishing email and threat actors are adopting highly sophisticated phishing techniques. The emails no longer have obvious errors, making detection harder and they are combined with more sophisticated payload links. The threat actors pivot so quickly that your controls are unable to catch up before they move on to other things.

(6:18) - Threat Vectors in Focus
Geopolitical factors have infiltrated cybersecurity and hacktivists have become a key attack group.
(8:10) – Recommendations for Firms with Less Sophisticated Defense 
Join and engage in a community like FS-ISAC. Information sharing helps institutions with less investment dollars get up to speed with the latest developments. It helps to close the gap between more sophisticated organizations and ones that are still evolving. 

(10:13) – Supply Chain Risks
The Cyber Risk Institute (CRI) Profile incorporates the NIST Framework for considering third-party partners. It’s important to have a framework to evaluate third-party providers and elevate their security depending on their criticality to an organization’s operations. It helps if you are sharing information in a community like FS-ISAC because partners, stakeholders and vendors can have open discussions. 

(14:39) – Bringing Partners on Board with Cybersecurity
Organizations like Citi must lead by example. There is the need for partners to provide visibility into the state of their network, security practices and control, without violating privacy or creating additional vulnerabilities. Vendors need to be part of the conversation because they have a lot of information. The partnership must be furthered to enhance awareness. 

(16:53) – Citi’s Strategic Initiatives in Cybersecurity in the Financial Sector 
Citi’s has a number of strategic initiatives, ranging from people strategy to being a threat focused, data-driven organization to providing seamless services to clients, stakeholders and colleagues. One of the focus areas is developing the pipeline of talent in cybersecurity. For this, Citi has scholarships and apprenticeship programs.

(20:27) – Stress and Burnout Among Senior Executives
Organizations must collectively think about how to empower delegation and build teams that can share the load. This helps senior executives have a better work-life balance. Leveraging a hybrid model can also keep senior talent in the industry longer.

(22:44) – Advice to Talent Aspiring for Senior Positions
It’s important to vocalize that you need work-life balance. This also empowers others to create space for their families while pursuing a stressful career. People can also attend events and create a network. It’s a great way to create opportunities for yourself. Embrace ambition.

(25:51) – Where is The Community Heading?
While communities may have a regional component, it does not mean they will not benefit from a global perspective, especially because cyber has no borders. FS-ISAC has created such communities and is well positioned to be a great source of information.


FinCyber Today

FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence.

Our host Elizabeth Heathfield leads wide-ranging discussions with cybersecurity leaders and experts around the world who bring practical ideas on how to confront cyber challenges in the financial sector, improve incident response protocols, and build operational resilience.

Amid the clutter and noise, FS-ISAC Insights is your go-to destination for clarity and perspectives on the future of finance, data, and cybersecurity from C-level executives worldwide.

© 2024 FS-ISAC, Inc. All rights reserved.

Listen on

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More