Senior Reporter
geisha.kowlessar@guardian.co.tt
The Central Bank of Trinidad and Tobago is an early adopter of Artificial Intelligence (AI), but the regulator of financial institutions remains cautious about its use.
Keisha Lashley, assistant manager of Information and Cyber Security at the Central Bank, made this point while delivering remarks at a webinar and panel discussion titled, “Artificial Intelligence, Cyber Resilience and Cyber Security” hosted by the bank yesterday. The webinar was held in collaboration with the Bank for International Settlements (BIS).
Regarding the implementation of AI technology, Lashley said at the Central Bank, like many other institutions, many employees are very interested in utilising AI.
“Certain departments are using it and the process we follow is that if a business user is interested in using any AI-related technology, as a matter of fact, there’s a process that they must adhere to where the security team would do a review and we would give feedback on it.
“We use it in the IT department. A lot of new technology is related to machine learning, so that is already fully entrenched in some of our tools. So, I’d say we are early adopters. We are a central bank and we tend to be a bit more cautious than other institutions. There’s interest and we try to balance that interest with doing it securely,” Lashley added.
During the discussions, the issue of the “threat landscape” within T&T was raised as it relates to cybersecurity.
Lashley said ransomware is getting “a lot of attention.”
“What we see happening locally is outside of compromising your environment. They (cyberattackers) are exfiltrating data and trying to put that additional pressure on the institutions. So, they are always seeking ways to monetise and that’s what we see happening,” Lashley added, as she advised financial institutions that they need to keep their guard up at all times.
“They (cyberattackers) offer malware as a service, multifunctional malware. So it is tough as defenders, but we have to try and keep pace. We have to evolve and assess and keep growing even though the attackers do their bit,” Lashley said, noting that T&T is not unique when it comes to cybercrimes.
She said attackers often look for “soft targets” whether it is a credit union, an insurance company or a bank.
While stating that she did not have any data to point to any institution being more at risk, Lashley said companies must ensure their defence mechanisms are set up to “safeguard their crown jewels.”
Speaking at the webinar, Central Bank Governor Dr Alvin Hilaire said the issue of cybersecurity remains the “priority number one” for the bank.
Using ChatGPT as an example of artificial intelligence (AI), Hilaire said while efficiency is possible there are however, some “flip sides.”
“Efficiency in what? Is there a bias because it could create certain biases in trying to find a different pattern of behaviour and so we have to be very careful about that,” Hilaire said.
According to the Governor, there are other factors that must also be taken into consideration when using AI.
“AI could mask a whole lot of things so we have to be careful about identity theft and misrepresentation and mimicking of our data and our systems.
“... And of course, there is the related issue of control because as you try to use AI for even supervision and for cybersecurity, you may be saying okay, well tell me what are outliers. So, you have a certain pattern of behaviour and you say, oh you know this, we had this login from a different source or some behaviour that is not regular so this could help you, but you may not be able to control what the AI is doing,” Hilaire further explained, noting that there are a number of different things that can be derived from AI.