ABI Lab, the Research and Innovation Centre, promoted by the Italian Banking Association (ABI), plays a pivotal role in fostering collaboration between banks and ICT companies to strengthen the efficiency of financial services. Their expertise spans across areas such as Digital Transformation, Fintech, Blockchain/DLT, Cybersecurity, AI, IT&Operations, and Sustainable Banking Transition.
In our interview, we explore their role within the TRUST aWARE project, their contributions to the development of the Security & Privacy Cyber Threat Intelligence (S&P CTI) platform, and the expected benefits of this innovative solution. We also delve into the biggest challenges facing cybersecurity research today and their vision for the evolving cybersecurity landscape.

Firstly, how would you describe your role working with TRUST aWARE and your work as a partner?

ABI Lab is the Research and Innovation Centre promoted by the Italian Banking Association (ABI) to foster collaboration between banks and ICT companies on innovative technology to strengthen the efficiency of the financial services.

Through its Centres of Excellence, ABI Lab conducts primary research in key areas including Digital Transformation, Fintech, Blockchain/DLT, Cybersecurity, Artificial Intelligence (AI), IT&Operations and Sustainable Banking Transition. ABI Lab’s insights are based on surveys and analysis with the aim to understand the trends of the ICT market for the banking sector. At the same time, there is a focus on operational activities and testing, involving the banking community. 

ABI Lab also manages the activities of the Italian Financial CERT (CERTFin), a public-private partnership led by ABI and Bank of Italy, aimed at increasing the cyber-resilience of the Italian financial system through an operational and strategic support for the prevention, preparation and response to cyber-attacks and security incidents. It also acts as a national Information Sharing and Analysis Center (ISAC) for the banking sector.

In the context of TRUST aWARE, ABI Lab – CERTFin delivers the application scenarios on the field and facilitate the dissemination and communication activities of the project focusing on specific stakeholders like the CERTs/CSIRTs network and public authorities such as DPAs. Thanks to its international connections, and participation to European Working Groups, it offers support to the project in the activities related to dissemination and engagements by:

1. Co-designing, testing and validating the results of the project, particularly focusing on the specific tools for CERTs/CSIRTs. These include:

• Cyber S&P threat intelligence methodology, workflow and an operating model for conducting collaborative CTI, to identify and enable access to cyber-threat intelligence insights that are actionable, timely and relevant;
• A MISP-based collaborative CTI platform to enable joint collaboration in cybersecurity, privacy and data protection threats, bringing together the network of stakeholders involved, including CERTs/CSIRTs and DPAs, and engaging with organisation (CISOs, DPOs) and individuals (citizens);
• Insightful reports for DPAs on current and emerging industry trends and threats with respect to data protection, by extracting meta-data to allow modelling of the risk landscape and policy-making.

2. Communicating, and disseminating the project through its network to foster and strengthen the services provided to the community for the efficient identification and mitigation of cyber threats that can have a big and extended impact on the respective networks;

3. Building and coordinating a network of stakeholders (National CERTs/CSIRTs, DPAs, etc.) to participate in the project workshops and training sessions.

What do you think are the biggest challenges facing cybersecurity research today?

One of the main challenges relates to the traditional approach of relying on mere Indicators of Compromises (IoCs), which are becoming less effective over time. As threat actors become more sophisticated, they use more advanced techniques to exploit vulnerabilities, making it harder to identify intrusions and remediate security breaches using IoCs alone.

Another significant challenge in cybersecurity research, related somehow to the risks of intrusions (and the related IoCs), is the exponential increase in the number of newly discovered vulnerabilities/patches being released by the software providers, which requires constant attention and a timely action. In fact, with so many patches available, it might be difficult to prioritise which ones to apply first. Factors such as the availability of Proof-of-Concepts (PoCs), in case of exploitations in-the-wild must be considered, though it is a time-consuming task to evaluate each patch’s potential impact thoroughly. As a matter of fact, the patch management process is often slow and risky, leading organisations to hesitate in applying them in a timely fashion.

Overall, cybersecurity researchers shall adapt and innovate as to identify new ways of detecting and mitigating attacks beyond traditional IoCs, by leveraging Machine Learning (ML) algorithms to detect anomalies in the system behaviour. Additionally, researchers should focus on developing more efficient and effective patch management solutions that prioritize critical patches and reduce the time required to implement them.

How do you see the field of cybersecurity evolving over the next few years? What emerging technologies or trends are you most excited about?

Over the next years, the cybersecurity field will continue to evolve, driven by emerging technologies such as Quantum Computing and Artificial Intelligence (AI).

Quantum computing has certainly the potential to revolutionise many industries, but it also poses significant challenges for cybersecurity. In fact, while quantum computing can be used by cybercriminals to break classical encryption easily, it also raises concerns about the need to proactively address cybersecurity challenges in a world where current systems become obsolete due to quantum technology. Businesses will need to start planning their road to transition from known quantum-vulnerable encryption (such as current PKI standards) to something that is at least quantum-safe if not quantum-secure. This will be a long process that requires a significant investment of time and resources.

As for cybercrime, quantum computing might introduce new threats, such as the form of “Harvest now, decrypt later” model of hacking, where cybercriminals can gather encrypted data now, knowing that quantum computing will eventually allow them to decrypt it easily. This highlights the need for improved encryption techniques that are quantum-resistant and for greater emphasis on protecting data during transmission.

Regarding AI, cybercriminals are already misusing AI platforms (e.g., ChatGPT) to conduct nefarious activities, such as bypassing and jailbreaking current AI models to conduct illicit activities and improve their skills. As AI continues to be adopted across industries, the risk of AI-based cyberattacks will increase. Cybercriminals will leverage AI to remove language barriers in social engineering schemes, build custom malware, generate misinformation with deep-fake, and other malicious activities. Therefore, cybersecurity professionals must stay vigilant and continue to develop AI-based defenses to counterfeit these threats.

How is the work of TRUST aWARE assisting in your core aims of managing cyber risk and sharing awareness? 

Our collaboration with TRUST aWARE operates in two directions: on the one hand it allows us to share our information on cyber risks with a trusted international audience and on the other it allows us to collect information on possible threats from sectors other than the financial one. For us, they are activities connected to our infosharing doings.

Part of your exploitation plans involves developing the S&P CTI platform. What are its expected benefits?

With the main goal to share analysed, contextualised and timely Cyber Threat information, capable of increasing the defenses of the Italian financial sector to prevent cyberthreats, CERTFin adopts the “Malware Information Sharing Platform” (MISP). The MISP platform became the standard in the information security community and it is used by all members of the CERTFin Constituency.

This model has been adopted also at EPC level as well as in the TRUST aWARE project. Nowadays, there is a vast number of entities who adopt this platform and with whom it is therefore technically possible to exchange information automatically. This combined with the availability of uniform and shared taxonomies allows to give a huge boost to infosharing activities as a critical element of any cybersecurity strategy.