Data Privacy Day 2022: How Can AI Help in the Fight Against Ransomware?

Jan. 28 marks Data Privacy Day each year. Individuals are increasingly aware of the importance of data privacy, and governments continue to implement and tighten associated regulations.

How successfully are organizations dealing with data privacy? It varies wildly; there are all too frequent reports of data privacy failures, often associated with ransomware. A Dark Reading poll that ended in December 2021 found that fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, leaving the remaining three-quarters highly susceptible, which in turn threatens data privacy.

Ransomware will continue to be a hugely successful method of attack that organizations must defend against, with data privacy regulations a significant part of the equation. [Note: Omdia research subscribers can read more on this here: "Data Privacy Day 2022: Ransomware’s Success is Data Privacy’s Failure."] Focusing on the information life cycle (create, process, store, transmit, destroy) will help organizations understand what data requires protection and where it resides. Furthermore, classifying data appropriately is important as all data is not equal: Some data will require strong protection, and other data will not. By understanding these nuances, organizations can begin exploring more advanced approaches to ransomware as with the use of artificial intelligence (AI) to see unseen patterns in the data that may point to a potential incursion or threat.

Attackers using malware can block access to data and/or systems, encrypt and lock data, or even move company data off-site. Attacks that take place over a keyboard can be particularly difficult to detect and mitigate as they can dwell over time, appearing innocuous at first as attackers may use trusted routes of ingress as they move laterally through a target network. AI techniques such as unsupervised deep learning (DL) can help organizations understand attack targets and vectors by encouraging observability across the data life cycle. If an organization can detect the wake of activity created by a potential wrongdoer, it stands a good chance of blocking or diverting an incursion before systems can be locked or data encrypted.

Here, AI offers many helpful tools that can help companies deal with malware. Statistical and mathematical machine learning (ML) algorithms like "k-nearest neighbor" and "decision trees" can identify malware payloads and known attack patterns, for example. Where AI really steps into the spotlight, however, is with DL neural networks. Unlike statistical and mathematical ML technologies that use known rules (e.g., "this is or is not a piece of malware") to identify a potential attack, DL technologies can actually deduce the rules themselves. Popular DL algorithms — including convolutional neural networks (CNNs), recurrent neural networks (RNNs), and long short-term memory (LSTM) — can parse huge amounts of disparate data to build an understanding of the patterns in that data, patterns that may turn out to represent an attack.

IT and security practitioners considering investing in AI as a means of fighting ransomware must first build an understanding of their entire data landscape as it pertains to data security and privacy. This means building solid metadata defining ownership, access, privacy exposure, locality, and so on. On top of this, the organization must establish a set of governance requirements that span the full information life cycle (create, process, store, transmit, destroy). Fortunately, both within and beyond the confines of the security industry, technology providers are presently laser-focused on helping companies build a consistent view of company operational, system, and analytical data using the concept of a data fabric.

Over time, Omdia expects these metadata efforts to more closely align between security and business practices. At that time, companies will likely provision an AI-capable malware tool in the same way they provision any cloud-native service, by specifying data sources and flipping the "on" switch. Until then, organizations without an existing investment in a data fabric may find themselves somewhat handicapped without the ability to "observe" the entirety of the system of resources they're seeking to protect. In other words, fighting malware, just like fighting data privacy risks, demands a high degree of data literacy, domain expertise, and governance.