This week:
3 – What the Central Bank of Ireland has to say about AI
2 – Over Half of UK Financial Services Firms Suffered A Third-Party Supply Chain Attack Last Year
1 – ‘All my money was gone’
3 – What the Central Bank of Ireland has to say about AI
“Existing challenges faced by firms associated with [..] their management of cyber and IT risk [..] are likely to become more accentuated.”
Summary: The Central Bank of Ireland recently published its Regulatory & Supervisory Outlook for 2025. And it will come as no surprise that AI pops up as one of its spotlight areas. The Bank expects to be designated as one of the AI regulators in Ireland, so all the fun you are currently having with the Central Bank’s supervisory activities will continue into the AI world. The report also details the Central Bank’s views on the benefits and risks associated with the growing use of AI within the financial services world. The 5 pages dedicated to AI within the report are worth a read. Here are just some of the key points:
- “Many of the risks associated with [the use of AI] are not new risks and are already covered by existing regulations and standards”;
- “Risk concentrations in cloud service providers including AI providers are likely to increase”;
- “Context is key when using AI: just because AI can be used to address a particular business challenge does not mean it is always appropriate for it to be used. “
So what? If you don’t have a good handle on how your own staff and your service providers are contributing to your current IT and cyber risk, the arrival of AI is only going to make matters worse. At a minimum, make sure your staff know what AI tools they are permitted to use, when they are allowed to use them, and what they are allowed to share with them.
Source: Central Bank of Ireland
2 – Over Half of UK Financial Services Firms Suffered A Third-Party Supply Chain Attack Last Year
“Nearly six in 10 (58%) large UK financial services (FS) firms suffered at least one third-party supply chain attack in 2024, with 23% being targeted three or more times.”
Summary: New research from Orange Cyberdefense, a UK-based cybersecurity firm, suggests FS firms continue to suffer due to incidents within their third parties. The percentage appears to increase to 68% for firms that only assess the security of their third party service providers during the initial onboarding phase. And while we complain about regulations like DORA being the pain in the a, 92% of UK cybersecurity professionals “would like the UK to adopt a country-wide regulation similar to DORA to ensure digital resilience in the financial sector.”
So what? Your business is reliant on your supply chain, and it’s called a supply chain for a reason: Your chain is only as a strong as your weakest supplier. I know most people would prefer to clean their neighbour’s toilet than deal with third party risk management, but if you want to reduce the risk of a security incident, you need to increase your investment in this unloved activity. And if you’re a service provider, how are you going to reassure your clients that you are not a risk? (Hint: ISO 27001 can help!)
Source: Fintech Finance News
1 – ‘All my money was gone’
“I have never quite felt anything like it. It feels violating. Especially when you have spoken to them (scammers) on the phone. He seemed so legitimate and caring. It feels extremely violating.”
Summary: RTE recently reported on one business owner’s experience of being scammed. According to the story, it all started with the victim receiving a scam SMS text message which was designed to look like it came from the Irish Government’s website, gov.ie. While the story doesn’t explain all of the steps involved in the scam, it ended up with the victim realising that all of the money in her personal, savings, and business accounts was gone. Luckily, due to the quick actions of the victim and her bank, all of the money was recovered before the scammers got their hands on it.
So what?Apparently, new rules later this year will make it far more difficult for these scammers to send SMS messages that look like they came from genuine sources. In the meantime, don’t trust SMS messages. And whatever you do, don’t click on any links or call any phone numbers included in them.
Source: RTE News