Is AI the solution to protect our financial institutions against ransomware?
By Vectra A / NZ, country manager, Tony Bauman.
The threat of ransomware continues to disrupt businesses, grab headlines for all the wrong reasons, and create widespread uncertainty. Surely many of the most prominent recent ransomware victims knew of the dangers and had measures in place to protect themselves?
While the pandemic-related restrictions were imposed last year, many companies have switched to conducting business online and quickly embraced cloud technologies. New findings in a PaaS and IaaS security investigation report highlighted how the cloud has changed everything we know about security; 100% of companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services every week.
Likewise, consumer behavior has changed considerably; people relied on online services, including banking and payments. Against this backdrop, more and more financial institutions have had to upgrade their digital capabilities to create new online customer experiences.
In fact, banking regulators across Asia, including the Monetary Authority of Singapore (MAS), have started granting new banking licenses for digital-only banks. While these developments will indeed bring tremendous new opportunities and capabilities, technological challenges will remain, particularly with regard to data and privacy. Cybercriminals continued to use the disruption caused by the pandemic to break into financial services companies using methods such as phishing to trigger ransomware attacks.
These targeted strikes struck near our home in September this year, several New Zealand financial institutions went offline as officials reported that a series of cyber attacks had occurred. Hundreds of customers experienced problems accessing Internet banking services during the outage, which reportedly presented all the signs of a denial of service attack.
Closer to home, the Reserve Bank of Australia advised banks to be on alert, saying a major cybersecurity attack on one of the country’s banks was “inevitable.”
An evolving threat
Part of the problem is that ransomware has evolved and diversified in recent years – attackers have moved from simple, fully automated, and easy to prevent tactics to using more targeted and sophisticated methods. At the same time, most security teams are using the same old tactics to try to prevent ransomware – an approach that is now broken.
It’s time for financial organizations to change. One thing is certain, in today’s sprawling computing landscapes, AI will play a decisive role in this war on ransomware. A recent report shows that most financial services institutions need to analyze behavior and separate suspects from malicious ones using AI-powered cybersecurity.
The earliest forms of ransomware followed a simple business model: infect as many computers as possible because at least some of the victims will pay to recover their files. This so-called basic ransomware quickly evolved to find and encrypt entire network drives – the reason being that you increase the likelihood of locking down something the victim cannot do without. This initial development also saw attackers start targeting financial organizations rather than individuals, as companies are more likely to pay larger ransoms to recover critical files.
Forwards have continued to step up their game and diversify, replacing automated tactics with more sophisticated and targeted methods. Around 500,000 records, including confidential client agreements, were reportedly hacked and the breach impacted several financial institutions.
For all intents and purposes, ransomware has become an industry in its own right; it is hardly surprising that sophisticated human-made variants have been identified by Microsoft as “one of the most impactful trends in cyber attacks today”.
AI to strengthen the ranks.
The focus needs to shift from trying to prevent the inevitable to detecting and stopping successful attacks as early as possible – and that’s where AI comes in.
With estimates indicating that the average wait time for a ransomware attack is 43 days, AI should play a decisive role within the security team to help eliminate the threat. While a team of analysts may need days or even weeks, AI can quickly, if not immediately, detect when attackers are moving through systems before the ransomware deploy button is activated. This is because AI can contextualize and consolidate the wide variety of signals and markers left by attackers as they move through systems to achieve their goal.
AI can bring all of this disparate information together into one clear picture, meaning that security teams can respond effectively to the most critical threats.
Financial services conquer the ransomware battlefield
Ransomware continues to be a serious threat to finance companies and if 2021 is anything to do with it, it isn’t going away anytime soon. This modern day threat has also caught the attention of the Australian Federal Government with the creation of a new ransomware task force spanning several agencies, including the Australian Cyber Security Center and the Australian Federal Police.
Security teams should take note of the many recent high-profile ransomware incidents and view them as a case study of what can happen if they are not prepared for the wide variety of threats.
As ransomware operators continue to diversify, financial organizations should consider adding AI-based ransomware detection to their arsenal, so that they can dramatically reduce the time it takes to detect the threat.