AT Think

AI's critical role in enhancing cybersecurity

We hear a lot these days about the risks associated with using artificial intelligence models in business and professional work, but what about the risks of not using AI?

Accounting firms are navigating new challenges as the industry changes rapidly. Firms have contemplated the adoption of AI technology to help increase efficiency, accuracy and capacity. However that is not without expressing their reservations. A Thomson Reuters survey last year on ChatGPT and generative AI, for example, found that while 73% of tax professionals felt that generative AI could be used in their work, only about half felt it should be. At the time of that survey, 15% said they were currently using generative AI or planned to do so, with 11% saying they were making large-scale use of it. Another 51% said they expected to implement AI within the next year.

To successfully implement an AI strategy, firms need to first identify areas where AI could be most beneficial, and it may not jump out at you right away. Many firms have identified their security and compliance environment as the starting place in their AI journey. First adoption could be as minimal as machine learning algorithms identifying sensitive information to be redacted and progress further to become sophisticated enough to identify complex cybersecurity threats. Regardless of AI's eventual role in accounting processes, protecting the information of firms and customers is one area where AI can make a substantial difference.

Understanding the risks: With and without AI

Among the concerns over using AI in accounting are the potential risks to the security and privacy of data. A successfully integrated AI model would likely have access to sensitive client financial and personal information. Additionally, firms are starting to understand the ethical dilemmas associated with AI such as bias. An AI model is only as good as the data it's trained on; an insufficiently trained model can introduce errors or biases that could produce inaccurate results with potentially serious consequences. 

When using AI, it's critical to make sure the firm has resources to understand its AI strategy and the complexity of the model so it can be properly transparent with its users about inputs and outputs. Additionally, firms must ensure these models aid them in conforming to their existing security and privacy protocols and regulations. 

Firms that resist the introduction of AI run the risk of falling behind in accuracy and efficiency, but in terms of cybersecurity, the risks of not taking advantage of AI are much greater. Cyberattacks against accounting firms are on the rise, and the average cost of a data breach in the financial sector is $5.9 million, according to Trustwave. 

Digital transformations, the growth of cloud environments and the greater use of automated systems have changed the way information is managed. Employees regularly create, share, process, store and manage countless documents that contain sensitive information. With more and more information being exchanged digitally, the significance of cybersecurity, particularly in identity management, escalates as cyberattacks increasingly target user identities via phishing and other methods of compromising user credentials. Due to all these factors, it is becoming increasingly more difficult, if not impossible, to maintain security with manual processes.

Accounting firms have a lot of turnover, for example, with many employees leaving after serving for only a couple of years. Firms also hire large numbers of recent graduates each year. Keeping track of active user identities on their networks and ensuring these new users are properly trained on firm security policies can be difficult for accounting firms with so many people coming and going. 

AI also has the ability to monitor anomalous online activity. Insider threats have become a greater concern for organizations and their clients. An AI-powered system can automatically track user accounts and monitor activities, such as whether departing employees are downloading a lot of documents or information, perhaps intending to take it with them when they leave. 

Leveraging AI for enhanced cybersecurity

AI's ability to collect and quickly analyze vast amounts of information can greatly enhance an organization's cybersecurity posture by automating threat detection, analysis and response.

It's capable of analyzing activity across the enterprise, from network traffic to system logs and user activity. An important feature of AI is its ability to detect patterns, which helps when it's applied to accounting procedures, but it's also essential to recognizing malicious activity, whether in the form of external attacks or anomalous activity by authorized users.

Traditional threat detection systems are capable of recognizing attacks with known signatures, such as those included in MITRE's Common Vulnerabilities and Exposures list. AI's continuous monitoring, advanced pattern recognition, and analysis capabilities, however, enable it to detect new attacks, such as zero-day threats, as well as unusual behavior in real time. 

An advanced knowledge work automation platform can also offer AI-enabled information control over sensitive or restricted information for accounting firms that alleviates the risk of manual error or employee oversight. 

AI also plays an important role in combating phishing, one of the top cyberattack vectors and the primary means attackers use to compromise user credentials. This is critical because a lot of clients send their financial information to accounting firms via email, especially when working with smaller firms. That can leave both customers and firms open to phishing and other attacks.

To avoid some of those risks, a lot of firms are creating their own homegrown portals for exchanging information. But people are still sending their private financial information, and you still have to be sure you are applying proper security measures. 

AI can add an important layer of security to those exchanges. It can, for example, detect if there is information in an attachment that ought to be redacted. It can then automatically assign levels of security, or permissions and access privileges, to those documents.

AI algorithms make use of natural language processing, which can understand and analyze the language used in emails, by identifying anomalous patterns, unusual requests, and the suspicious use of imitated writing styles that could signal that an email is fraudulent.

Cybersecurity risks are more costly than ever and expected to continue to rise. Firms that embrace AI and take action can mitigate these risks and increase capacity through technology to better monitor these threats. 

When backed by a workforce that understands how to operate it successfully, AI can bolster cybersecurity for accounting firms while removing the onus from the employees to manually monitor their security environment. Firms have the opportunity to make large digital transformations with AI, but only if they really understand the power and advantages that it offers, and how to effectively use it to help perform some of their mission critical tasks.

For reprint and licensing requests for this article, click here.
Technology Artificial intelligence Cyber security
MORE FROM ACCOUNTING TODAY