The Increasing Threat of Ransomware
United States Authorities reported that ransomware payments of approximately $590 million were made during the first six months of 2021, a significant increase compared to the $416 million reported for the whole year of 2020. With the alarming increase of complexity and volume of attacks, the US department of Homeland Security confirmed that ransomware is a major threat to national security. 2022 will see both an increase in the number of ransomware attacks along with more avenues being exploited to inflict an attack. Ransomware-as-a-Service kits are now being bought and leveraged by unexperienced cybercriminals to deploy undetectable attacks across multiple paths.
The Need for AI to Protect Against Ransomware
Traditional security tools can only detect cyber-threats using the rules and signatures that the tool knows - unable to detect the new strains of ransomware that are continuously being discovered. Organizations must adopt new security technology that identifies emerging threats immediately before any damage is done. Many IT / security teams are too small and busy to constantly keep up with the emerging threats, leaving many vulnerabilities open to attack. With BCG reporting 56% of executives saying their cybersecurity analysts are overwhelmed, AI and machine learning are pragmatic and driven by the need to reduce the overwhelming workload analysts face daily.
Artificial Intelligence (AI) has revolutionized cyber defense by detecting attacks that are incapable of being detected by the human eye, and taking the necessary actions to neutralize the threat. More specifically, AI has revolutionized detection, investigation, and response to cyberattacks. The innovative technology learns a users behavior over time to recognize any threats that are outside of the normal human behavior. Since ransomware has the power to encrypt a company's infrastructure in a matter of minutes - machine speed response is critical to minimizing the impact.
The Great Resignation will also affect the number of insider threats as employees may accidentally or purposely take sensitive information with them to their new positions at different companies. DarkReading's recent article surrounding cybersecurity predictions in 2022 stated, "The Great Resignation also indicates an increasing number of disgruntled employees who are more likely to be recruited to intentionally undertake insider threat by cybercriminal syndicates or nation-states". AI offers organizations the technology they need to combat this threat, by detecting when employees act in an unusual manner. The technology can automatically take action to prevent them from intentionally or unintentionally doing something malicious.
Cyber Insurance Increased Requirements
Cyber insurance is increasingly being adopted by companies with the goal of mitigating the financial loss associated with cyberattacks. With the exponential increase of ransomeware attacks over the past year, the need for cyber insurance has correspondingly increased. Chief Insurance Officer, Lori Bailey, stated "In certain industries and certain revenue segments it's not uncommon to see a requirement for cyber insurance before engaging in a contract". With the increase in demand for cyber insurance, providers have tightened their requirements for coverage. Providers want to make sure that companies are doing everything on their side to prevent a cyberattack, "They want to see everything to the detail of what a client is doing to protect their networks or train their employees, to see if they have an incident response plan and so on" Andrea Rebora, cybersecurity associate stated. On top of validating current cybersecurity practices, insurers are now requiring businesses to implement multi-factor authentication (MFA) as well as endpoint detection and response (EDR) before granting coverage.
AI / EDR Technology Available
Darktrace
Darktrace's Self-Learning AI takes Endpoint Detection Response a step further with autonomous detection and response. By learning normal 'patterns of life' for every user and technology in the organization, it is capable of recognized subtle deviations that point to an emerging threat, including never before seen ransomware. Automatically investigating each threat, users can easily identify each affected device along with the full scope of the incident communicated to them. Darktrace Antingena is the only solution that can interrupt the attack at machine speed with surgical precision. This product offers security teams a sense of relief knowing that the business is protected 24/7.
Carbon Black
VMware Carbon Black Enterprise EDR is an advanced threat hunting and incident response solution delivering continuous visibility for top security operations centers (SOCs) and incident response (IR) teams. It always provides immediate access to the most complete picture of an attack, significantly reducing the time spent on traditional investigations. Additionally, you are given the power to respond and remediate in real time, stopping active attacks and repairing damage quickly.
Acronis Active Protection
Acronis Active Protection leverages the latest technology to deliver advanced protection against ransomware on all fronts - from external drives and removable devices to mobile devices, desktops and laptops, servers, networks and backups. Integrated into Acronis solutions like Acronis Backup and Acronis Cyber Cloud, you can effectively defend against evolving strains of malware.
As cybercriminal techniques evolve and mature into smarter, more complex attack - we must become more proactive versus reactive. Artificial Intelligence provides organizations an effective and efficient approach to preventing and protecting against ransomware. If you are interested in learning more about these AI or EDR tools we offer, contact us to speak with an engineer.