If you think ransomware is a problem now, brace yourself. It’s going to get a lot worse. The number and severity of ransomware attacks are about to be turbocharged, said David Masson, Director of Enterprise Security for Darktrace at a recent ITWC briefing.
Ransomware is becoming increasingly sophisticated, Masson said. “But once the bad guys start using artificial intelligence (AI), just triple or quadruple everything.” This will make it almost impossible for people to detect deep fake videos, phone calls or emails. As if that isn’t enough, the advent of 5G, the growth of the Internet of Things and the rise in remote work are all multiplying the potential entry points for criminals.
View on demand: Preparing your organization for a ransomware attack with AI
“If you try to keep up with the big bad world, you’re going to go mad,” said Masson. “Take a deep breath and accept that it’s going to happen.” Rather, Masson advises that organizations should focus on defensive measures to detect breaches early and to minimize the damage.
Be prepared to fight fire with fire
In many cases, threat actors can enter and move around networks because organizations don’t have the visibility to see it. With AI technology, organizations can see the threat and stop it in seconds, said Masson. For example, Masson noted one instance where AI stopped the WannaCry ransomware attack within seven seconds.
The advantage of using AI to defend against threats is that it can learn everything about a digital infrastructure and how it normally works. Then if something changes, AI can tell you about it in the very early stages of the attack. “The world we live in is much too complex and too fast. That’s not a problem for AI,” said Masson. “AI can move at the speed of machine threat because it can handle complexity and quantity, in the case of a mass attack.” What’s more, it’s the only way to keep up with attackers that are also going to be using AI.
With the help of cybersecurity experts, organizations can train the AI platform to do the triage and investigation of breaches. “Instead of spending hours or days piecing together all the different alerts and bits of the attack to work out what happened, AI can do that in seconds,” said Masson.
It’s not about replacing people, stressed Masson. “Your security teams are overwhelmed. They can’t handle the quantity and the sophistication now. People need support. I call it augmenting the humans to give them a fair chance in the fight.”
Maintenance and training are essential too
Security measures, like AI, and maintenance are equally important, said Masson. “You’ve got to do your patching” he said. “If you don’t patch, that’s when things like the Equifax attack happen.” As well, organizations should back up everything and keep it offline. This is necessary because some ransomware strains look for the online backups and encrypt them. Similarly, incident response plans should not be stored on computers, but rather posted in offices. These plans should simply and clearly outline the steps to be taken in case of a breach.
Given that 94 per cent of attacks come in via email, employee training remains a vital component of any security plan, said Masson. There also needs to be a “no-blame culture.” People should be encouraged to speak up if they click on something so that it can be fixed quickly.
Ultimately, cyber defence is all about business resilience, Masson said. “It allows organizations to take the thump of an attack or multiple attacks, but to keep on going.”
View on demand: Preparing your organization for a ransomware attack with AI