How AI will help fight ransomware and leaky cloud security


Through William Hendrickx, SVP International at Vectra

Every year, the cybersecurity world faces new challenges and obstacles that businesses must overcome. For example, we have seen how 2021 could be an extraordinarily dangerous year. Most notably, ransomware came after a series of high-profile incidents involving organizations such as Kaseya and the Irish Health Service all fall victim. Then there is the ransomware attack JBS was a stark reminder of the potential seriousness of supply chain attacks. More broadly, the ongoing shift to hybrid working and the rapid adoption of cloud also meant organizations had to re-evaluate their security infrastructure to ensure remote workers were fully protected.

So how will the lessons of 2021 shape the cybersecurity landscape for years to come? Here are five areas of cybersecurity that will continue to evolve in the not-too-distant future.

  1. Cloud security will come under increasing pressure

First of all, ransomware will start exfiltrating and encrypting cloud data. While this has sometimes happened through attacks on third-party data processors (like us at the Labor Party membership data To be redeemed). In the future, we will see more and more ransomware gangs directly target data residing on the customer side of the “shared responsibility” model.

  1. Proactive measures to minimize ransomware attacks

With reference to Defense against ransomware, we will see an increase in public removal of ransomware gangs and increasing formal oversight of information security due to the proliferation of ransomware attacks. However, we can also expect that many public sector entities are ill-prepared to face the threat. Eventually, we will see a relative reduction in ransomware results compared to data loss or exfiltration results since it is human-operated Ransomware is detected and stopped before it goes nuclear.

It is becoming increasingly important for organizations to have a deep security architecture that covers networks and endpoints and can quickly detect and thwart these attacks. Prevention rather than time-consuming restore operations from backup or worse, having to pay the ransom must be the focus. Business continuity plans must be updated to adequately reflect the increased risk that ransomware poses to organizations, and appropriate investments must be made to prevent and minimize downtime in the event of an attack.

  1. A growing demand from organizations for managed detection & response services and automation

Aside from ransomware, while the volume of managed security services will continue to grow, a non-trivial subset of companies will fill the skills gap with automation, orchestration, and analyst-assisting AI. Organizations will recognize that outsourcing the business context to an external entity can be exceedingly difficult and a few well-resourced and supported internal resources can be more effective than an army of external resources.

  1. Increased use of AI to counter malicious use of MFA

Another area to focus on revolves around multi-factor authentication (MFA). As MFA is enforced by some of the big tech giants like Microsoft and Google. This is in large part because attackers continue to successfully steal credentials and bypass basic authentication. However, MFA is a step everyone should be taking – criminals continue to prove that keeping them out isn’t enough. In some cases, criminals are even using bots to help them bypass MFA and this will continue to be an uphill battle for businesses. As a result, more organizations will turn to AI-driven security tools to stop attacks that are leaving MFA behind.

  1. Increased focus on cybersecurity by governments and regulators

President Biden’s executive order to improve cyber security, published in May 2021, aims to raise the bar significantly after numerous successful attacks on critical national infrastructure in the USA. We can expect other governments around the world to adopt an increasingly robust approach to meaningful and effective cyber security management and control, aimed at measurably increasing resilience to security breaches. UK regulatory initiatives such as CBEST in financial services and TBEST in telecoms, which promote a threat intelligence-based approach to objectively assessing vulnerability to security breaches, will almost certainly be expanded to other critical sectors.

Be at the forefront year after year

New security-related hurdles will always emerge, so it’s important for organizations to stay ahead of the game to ensure they have the best possible protection against potential threats. To achieve this, organizations should try to implement a detection and response strategy. It typically uses combinations of AI and machine learning (ML) to look for overlap between authorized but suspicious activity and the behaviors an adversary will exhibit as part of an unfolding attack. When organizations assume they have been compromised and actively look for signs, they are in a much better position to detect and stop all types of attacks before they become security breaches.

Source link
#fight #ransomware #leaky #cloud #security

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.