Brett Chase, Director of Systems Engineering, Cohesity APJ, on AI powered defences against the backdrop of innovative scam methods in Singapore.
The cyber threat landscape continues to worsen, with authorities in Singapore revealing that a successful ransomware attack is now reported almost every three days or less in Singapore, creating a major challenge to organisations’ business continuity given their reliance on technology.
As cyberattacks are now firmly a matter of ‘when’ not ‘if’, organisations need to prioritise their ability to rapidly respond and recover, so they can mitigate the costly impacts of cyber incidents, and IT failures or outages.
Research by IBM Security and the Ponemon Institute has found the average cost of a data breach in ASEAN in 2023 has risen 6% year-on-year to over US$3.05 million – while research from analyst firm Gartner has found the average cost of a ransomware attack globally is 10 to 15 times the ransom demand.
Cohesity’s recent survey found that today’s pervasive cyberattacks are forcing the majority of companies to break their ‘do not pay’ policies and pay ransoms. The survey found that the cyber threat landscape is expected to get even worse this year, with 96% of respondents saying the threat of cyberattacks to their industry will increase this year and over 7 in 10 (71%) predicting it will increase by more than 50%. These findings underscore the importance of organisations achieving cyber resilience – the ability for them to continue their usual business operations despite suffering an adverse cyber event – instead of only traditional cybersecurity measures.
Organisations need to prioritise their people, processes and technology as a ‘cyber resilience collective’ to address enhanced and evolving cyber threats. This includes training their people in all the organisation’s functions to manage data security risks relative to their job role, adopting and deploying modern data security and management capabilities, and ensuring their processes bring IT & Security together to respond to attacks; as both technology functions have a role to play in responding, remediating and recovering from attacks.
These challenges are compounded by the rapid progress in AI and ML that are providing scale, simplicity and serviceability to cybercriminals. For example, NotPetya is a malware discovered in the systems of an undisclosed data and telecommunications equipment company. Using an AI-powered algorithm, the malware was able to avoid detection and managed to extort more than US$500 million from its victims.
The useability and widespread availability of AI and ML through large language models, such as ChatGPT, have removed the need for extensive programming nous and are lowering the barrier to entry for threat actors to craft malicious code and automate cyberattacks to probe until a vulnerability is found.
Malicious actors are also leveraging these technologies to identify potential victims and create phishing emails that are more professional and personalised to better ensnare victims. Phishing emails today are more convincing and often mimic the styles of official correspondence from trusted sources. For example, in Singapore, malicious actors posed as government officials and deployed phishing links via SMS to cheat Singaporeans of their government cash vouchers.
To nullify the latest cyberattack techniques businesses similarly need to harness the power of AI and ML to automate aspects of data security, threat detection and intelligence, and data protection. Key capabilities they should have as part of their arsenal include:
- Immutable backup snapshots: Cybercriminals are increasingly targeting backups as they become more sophisticated in their attacks. Unlike traditional backups that can be changed or deleted, these unmodifiable backup snapshots provide a secure and intact copy of data for recovery, forensics and compliance.
- AI-enabled multifactor authentication (MFA): With MFA, organisations can protect themselves against password cracking or guessing attacks. When enhanced by AI, the protection offered by MFA can adjust authentication requirements or outright block a user’s access based on perceived risk levels such as changes in a user’s typing speed or if a user’s access strays beyond normal boundaries.
- AI-enabled activity and behaviour tracking and systems monitoring: Through continuous analysis of activity logs, AI and ML can establish norms for both user and application behaviour. Against those established norms, both technologies can provide near real-time monitoring and identify suspicious activity such as failed login attempts, excessive file access, or other activities that indicate anomalous activity.
- AI-enabled ransomware detection: AI and ML can comb through vast amounts of data, analysing network traffic or file access, allowing organisations to spot the signs of an imminent attack – or even one in progress – and neutralise malware.
- AI-enabled backup data management: AI and ML optimise backup schedules based on critical data needs, usage patterns and seasonality. This includes identifying and retiring inactive data during the backup process. By discerning dormant data suitable for archiving, AI reduces recovery time, eliminates the unnecessary retrieval of unused information and concurrently enhances efficiency while reducing storage costs.
As malicious actors leverage AI and ML to step up the sophistication and relentlessness of their attacks, organisations must leverage the latest data security, protection and recovery capabilities that harness the transformative power of AI and ML technology to protect, detect and respond to ever-evolving cyber threats. AI & ML powered data security and management platforms offer a step-change in ransomware defence by providing these capabilities and should be a focus for organisations seeking to strengthen their data security and cybersecurity posture to a level that today’s worsening cyber landscape demands.