Artificial Intelligence and Machine Learning: The Most Effective Weapons Against Ransomware

An essential part of an IT department’s mission is to stay atop the latest technological trends. And that includes protecting corporate networks by leveraging the latest security solutions and processes.

Artificial Intelligence (AI) in security, which heavily builds on Machine Learning (ML), has one key principle: to recognize patterns that emerge from past experiences and make predictions based on them.

ML enables new-generation security solutions to react to new, unseen cyber-threats (i.e. zero-day exploits) faster than traditional, automated detection systems. AI and ML are also used with great success in fighting off sophisticated attacks such as advanced persistent threats (APTs), whose authors are particularly adept at flying under the radar for long periods.

While Bitdefender has been steadily building on this applied science for years, patenting quite a few technologies in the process, others have been slow to pick up the baton. Nevertheless, IT departments everywhere are starting to recognize the edge that AI and ML can give them in fighting off cyber threats.

Tomorrow’s security

Spiceworks conducted a survey in July 2018 and included 780 business technology buyers from organizations across North America and Europe. While the research focused on technology adoption in general, a good chunk of the report offers an in-depth look at the latest trends in cybersecurity – specifically, in the business sector.

When it comes to emerging security tools, the biggest investments are in anti-ransomware solutions, employee security training tools, hardware-based authentication, and breach-detection systems. Fewer organizations use deception technology such as honeypots, security solutions powered by AI, or IoT security solutions.

However, adoption rates vary considerably depending on the organization’s size. Spiceworks found large enterprises are adopting most emerging security solutions, including those based on AI, faster than other organizations.

Large enterprises have the highest adoption rates for deception technology (29%), cloud workload protection (39%), browser isolation (43%), and IoT security solutions (40%).

Ransomware: nipping the threat in the bud with AI and ML

As the above graph also shows, a top-of-mind issue for large organizations is ransomware, driving some 48% of current investments in cybersecurity. An additional 20% of those surveyed said they planned such deployments in the next 12 months, and another 8% have anti-ransomware tech on their roadmap over the next 1-2 years.

Why is ransomware so scary? If we are to count just last year’s biggest incidents – WannaCry and NotPetya – the toll can rise into the hundreds of millions of dollars for just one victim, such as Maersk. In its first financial statement following the WannaCry outbreak, the Danish shipping giant reported losses upwards of $300 million. And that didn’t count the reputational damage that probably still takes a toll to this day. Together, the two ransomware contagions dealt damages in the billions globally.

But the real reason ransomware is such a menace is its anatomy, as we’ve noted in the past. Not only does it wreak havoc when deployed properly, ransomware also notoriously hides its authors in plain sight, making the attackers virtually untraceable. On top of that, new ransomware variants emerge at such a rapid pace that traditional AV solutions can’t keep up. This is where AI steps in.

“Criminals are turning out new variants of ransomware so quickly that anti-virus products can’t keep up,” according to James Slaby, a security expert at Acronis. “This suggests that truly effective anti-ransomware measures will have to use artificial intelligence and machine learning to more adaptively detect and stop ransomware attacks, especially the previously unknown ones. AI and ML enhancements will be able to spot ransomware by its behavior, not based on a prior encounter with it.”

Preventing threats long-term

Opinions among IT professionals vary widely regarding which emerging security solutions are most effective. For example, 59% believe employee security training tools (e.g., end user security awareness and testing) are the most effective solution to prevent security incidents, followed by breach detection systems (37%) and anti-ransomware solutions (37%).

However, when researchers looked at company size while asking the same question, respondents’ answers differed greatly. For instance, 71% of IT pros working in businesses with less than 100 employees believe employee security training tools are the most effective, compared to only 35% of IT pros in large enterprises with 5,000+ employees.

Furthermore, IT pros in large businesses are more likely to believe AI-powered security solutions and cloud workload protections are effective in preventing security incidents.