A few weeks ago Google announced the launch of Willow, the chip that promises to bring computing to the quantum world and mark a new step in data management, data flow and artificial intelligence. as well as in cybersecurity and information protection, especially in the banking system.
Claudio Corradini, general director of Strategy and Consulting at Accenture for Colombia, spoke with Portafolio about the challenges that this will entail for banks and entities globally and pointed out that all this will result in risks that must begin to be managed now, to avoid headaches later.
Also read: New Minhacienda maintains the line of seeking greater reductions in rates
How is cybersecurity today?
To review this, the first thing to keep in mind is that we see it from the nature of the banking business, which, by its essence, is based on the intangible. Its main raw material is, precisely, something immaterial. Historically, the key pillar of banks has been trust in the information they manage.
As we look to the past, present and future, we see how emerging technologies potentially threaten that historic pillar of strength: information protection. This becomes even more important considering that banks guard something we all value deeply: our money.
What risks are there?
Today, emerging technologies, especially artificial intelligence, are posing new threats. In particular, generative artificial intelligence introduces significant risks, such as DeepFake. This technology, which combines audio, video and text to create artificial content, represents an unprecedented threat, especially in customer identification and access in banking systems.
Cybersecurity
iStock
A relevant point is that we have observed an increase of more than 220% between 2023 and 2024 in the purchase and sale of tools associated with DeepFake within the Dark Web, according to our Global Cybersecurity Observatory. This demonstrates a growing interest in creating and employing these tools for identity theft, which represents a critical challenge for banks in their task of protecting information security.
Does financial education influence?
Beyond the general vision of society that public opinion may have, for us it is more of a matter of leadership. There is not always the level of awareness, preparation and deep technical knowledge to understand and anticipate these types of threats.
It is a bit of a game of knowledge, asymmetry of knowledge between those who potentially want to use the threat and those who have to defend themselves. So, beyond education, which we consider important, we believe that passing the creation of policy and the alignment and strengthening of government.
More information: In November, Adres transferred $6.88 billion to the health system: this is how the accounts go
Is this going well in Colombia?
Although at the level of the Global Cyber Security Index they are placed between 60 and 65, in the middle of the world, in the middle of the world ranking, there are good government initiatives. For example, we recognize the banking action that is dedicated exactly to that topic of sharing knowledge, improving practices, guidelines.
For us, the issue of exercise and test planning, penetration testing, attack tests, simulations that determine a little how strong the capabilities are, is important, especially in the banking world, where it must be approached with an ecosystem vision.
Is a new era beginning?
Yes, what we are observing is that there is an aptitude, recognition and clearly an understanding of the problem that is surely good. Although the risks of the present, as we already mentioned, are deepfakes or these works to impersonate identity, moving forward we are already talking about quantum computing.
Claudio Corradini, banking cybersecurity expert at Accenture.
Courtesy – API
This is a trend that is coming in very strongly, with many investments, both in governments, in private equity and in foundations at the university level to develop a technology that can threaten the existing capabilities of cryptography.
What implications will it have?
When these new waves of technological evolution, such as deepfake, which is generative artificial intelligence adopted for negative use, until reaching quantum computing in the medium long term, we see that there are challenges that must be looked at so as not to have warnings in the future. Just a few days ago Google announced the launch of Willow, which is a new quantum computer that has a capacity that surpasses anything seen so far.
This must be seen from the need to always strengthen the understanding of the next waves of risk that arrive and prepare to meet these market needs, understanding that the priority is to take care of the information of the users of the banking system.
Other news: Government defends itself against alerts due to delays in the cadastral update
Is it something to fear?
Our vision is that we do not have to interpret technological evolution as the threat. There are enormous advantages, there are super positive things that come out of these emerging technologies, but as in all technologies, adoption is very dependent, let’s say, on the regulatory framework, on the framework of the capacity of the actors who interpret it, to adopt it by the positive functions. And there is no doubt that, unfortunately, there is also a negative interpretation.
We believe that they are like ghosts of cybersecurity that organizations have to correctly encourage to protect themselves, but in no way do we believe that this is an element for not progressing, for not adopting it, for not experimenting, for not taking all the positive that it does. generates in terms of productivity.
Banks
EL TIEMPO / Courtesy
How to make the most of it?
A topic that I consider of great interest is everything related to the specific value chain of banks. What do I mean? To third parties that collaborate with banking entities and how third-party risk management has become increasingly relevant in the current digital environment. This is a fundamental aspect that today plays a crucial role within the value chain.
In practice, what we see is that, in general, the management of these risks is handled in a somewhat basic way, using paper questionnaires and traditional validations to identify third parties. However, we adopt a different vision, where we believe that this process must be rethought and treated as a continuous value chain, with constant monitoring based on evaluation indicators. There is the key.
