How AI Will Help Combat Ransomware and Leaky Cloud Security

By Willem Hendrickx, SVP International at Vectra

Every year the world of cybersecurity encounters new challenges and obstacles for organisations to overcome, for instance, we saw how 2021 managed to be an exceptionally dangerous year. Most notably, ransomware was consistently a hot topic within the industry after a string of high-profile incidents involving organisations such as Kaseya and the Irish Health Service all falling victim. In addition, the ransomware attack on JBS was a stark reminder of the potential severity of supply chain attacks. More widely, permanent shifts to hybrid working and rapid cloud adoption also meant organisations had to revaluate their security infrastructure to ensure remote workers are fully safeguarded.

So how will the lessons learnt from 2021 shape the cybersecurity landscape over the coming years? Here are five areas of cybersecurity that are set to evolve in the not-so-distant future.

1. Cloud security will come under increasing pressure

First of all, ransomware will shift to exfiltrating and encrypting cloud data. While this has sometimes happened by attacking third-party processors of data (as we saw with the Labour Party member data being ransomed). Moving forward we will see that data which is on the customer’s side of the “shared responsibility” model undergoes direct attack by more and more ransomware gangs.

1. Proactive action to minimise ransomware attacks

In terms of defending against ransomware, we’re going to see an increase in the frequency of public take-down of ransomware gangs and the increased formal oversight over Information Security due to the prevalence of ransomware attacks. However, we can also expect to see the woeful under preparedness of many public sector entities to address the threat. Finally, we’ll see a relative reduction in ransomware outcomes versus data loss or exfiltration outcomes, as Human Operated Ransomware is detected and stopped before it goes nuclear.

It is going to be increasingly important for organisations to have a defence in depth security architecture covering network and endpoint that can work at speed to detect and thwart these attacks. Prevention rather than a time-consuming recovery operations from backup, or worse having to pay the ransom has to be the focus. Business continuity plans must be updated to properly consider the increased risk presented by ransomware to the respective organisations, and investments made as appropriate to prevent and minimise downtime in the case of an attack.

1. A growing demand from organisations for Managed Detection & Response services and automation

Outside of ransomware, while managed security services will continue to grow in volume, a non-trivial subset of organisations will meet talent shortfalls with automation, orchestration, and analyst-augmenting AI. Organisations will recognise that outsourcing business context to an external entity can be exceptionally difficult, and a few well-equipped and supported internal resources can be more effective than an army of external resources.

1. Increased use of AI to counteract malicious use of MFA

Another area to focus on revolves around Multi-Factor Authentication (MFA). With MFA being enforced by some of the major tech giants including Microsoft and Google. This is in large part because attackers continue to have success stealing credentials and bypassing basic authentication, however, while MFA is a step that everyone should take — criminals continue to prove that it’s not enough to keep them out. In some cases, criminals are even using bots to help them work around MFA and this will continue to be an uphill battle for organizations. As a result, we’ll see more organisations turn to AI-driven security tools to help stop attacks that make their way past MFA.

1. Increased focus on cyber security by Governments and Regulators

President Biden’s executive order on improving cyber security published in May 2021 seeks to raise the bar considerably in the wake of numerous successful attacks against US critical national infrastructure. We can expect to see other Governments around the world adopting an increasingly robust approach in terms of a meaningful and effective cyber security management and control, targeted at increasing resilience to breach in a measurable way. UK Regulatory initiatives such as CBEST within Financial services and TBEST in Telecommunications which promote a threat intelligence led approach to objectively assessing breach susceptibility will almost certainly be expanded to cover other critical sectors.

Being on the front foot year after year

New security-related hurdles are always going to emerge, so it is vital organisations get ahead of the game to ensure they have the best possible protection against potential threats. To achieve this, organisations should look to implement a detection and response strategy. This will usually employ combinations of AI and Machine Learning (ML) to look for crossover between authorised but suspicious activities, and the sorts of behaviours that an adversary will exhibit as part of an unfolding attack. If organisations assume they have been compromised and actively search for the signs, they will be in a much stronger position to detect all sorts of attacks in good time and stop them before they become breaches.