Enterprise cybersecurity technology research that connects the dots.

Data Privacy Day 2022: How Can AI Help in the Fight Against Ransomware?

Fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, threatening data privacy

Maxine Holt, Research Director, Omdia

January 28, 2022

4 Min Read
Shadow hands on a screen of green computer data
Source: <a href="https://pixabay.com/users/pixel2013-2364555//?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5137269">Ghinzo</a> from <a href="https://pixabay.com/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5137269">Pixabay</a>

Jan. 28 marks Data Privacy Day each year. Individuals are increasingly aware of the importance of data privacy, and governments continue to implement and tighten associated regulations.

How successfully are organizations dealing with data privacy? It varies wildly; there are all too frequent reports of data privacy failures, often associated with ransomware. A Dark Reading poll that ended in December 2021 found that fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, leaving the remaining three-quarters highly susceptible, which in turn threatens data privacy.

Ransomware will continue to be a hugely successful method of attack that organizations must defend against, with data privacy regulations a significant part of the equation. [Note: Omdia research subscribers can read more on this here: "Data Privacy Day 2022: Ransomware’s Success is Data Privacy’s Failure."] Focusing on the information life cycle (create, process, store, transmit, destroy) will help organizations understand what data requires protection and where it resides. Furthermore, classifying data appropriately is important as all data is not equal: Some data will require strong protection, and other data will not. By understanding these nuances, organizations can begin exploring more advanced approaches to ransomware as with the use of artificial intelligence (AI) to see unseen patterns in the data that may point to a potential incursion or threat.

Attackers using malware can block access to data and/or systems, encrypt and lock data, or even move company data off-site. Attacks that take place over a keyboard can be particularly difficult to detect and mitigate as they can dwell over time, appearing innocuous at first as attackers may use trusted routes of ingress as they move laterally through a target network. AI techniques such as unsupervised deep learning (DL) can help organizations understand attack targets and vectors by encouraging observability across the data life cycle. If an organization can detect the wake of activity created by a potential wrongdoer, it stands a good chance of blocking or diverting an incursion before systems can be locked or data encrypted.

Here, AI offers many helpful tools that can help companies deal with malware. Statistical and mathematical machine learning (ML) algorithms like "k-nearest neighbor" and "decision trees" can identify malware payloads and known attack patterns, for example. Where AI really steps into the spotlight, however, is with DL neural networks. Unlike statistical and mathematical ML technologies that use known rules (e.g., "this is or is not a piece of malware") to identify a potential attack, DL technologies can actually deduce the rules themselves. Popular DL algorithms — including convolutional neural networks (CNNs), recurrent neural networks (RNNs), and long short-term memory (LSTM) — can parse huge amounts of disparate data to build an understanding of the patterns in that data, patterns that may turn out to represent an attack.

IT and security practitioners considering investing in AI as a means of fighting ransomware must first build an understanding of their entire data landscape as it pertains to data security and privacy. This means building solid metadata defining ownership, access, privacy exposure, locality, and so on. On top of this, the organization must establish a set of governance requirements that span the full information life cycle (create, process, store, transmit, destroy). Fortunately, both within and beyond the confines of the security industry, technology providers are presently laser-focused on helping companies build a consistent view of company operational, system, and analytical data using the concept of a data fabric.

Over time, Omdia expects these metadata efforts to more closely align between security and business practices. At that time, companies will likely provision an AI-capable malware tool in the same way they provision any cloud-native service, by specifying data sources and flipping the "on" switch. Until then, organizations without an existing investment in a data fabric may find themselves somewhat handicapped without the ability to "observe" the entirety of the system of resources they're seeking to protect. In other words, fighting malware, just like fighting data privacy risks, demands a high degree of data literacy, domain expertise, and governance.

About the Author(s)

Maxine Holt

Research Director, Omdia

Maxine leads Omdia's cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong understanding of the Office of the CISO, the security challenges CISOs face, and how organizations can look to overcome these challenges.
Before rejoining Omdia (as Ovum) in 2018, Maxine spent over two years at the Information Security Forum (ISF) developing research in areas including Protecting the Crown Jewels and Securing Collaboration Platforms. Prior to the ISF, Maxine spent 15 years at Ovum covering topics including security, human capital management, and identity and access management. Maxine has a particular interest in how all the component parts of security combine to make up an organization's security posture. She focuses specifically on the Office of the CISO.
Maxine started her career as a software developer in the financial services industry. She gradually progressed into a systems analyst role and then moved into consulting for the financial services and Internet sectors. Maxine is a regular speaker at events and writes a monthly Computer Weekly article covering various aspects of information security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights