AI vs the hackers

By IAN ENGELBRECHT, Veeam Software system engineering manager

Let’s imagine a scenario where you’re ready to start your work for the day, only to notice suspicious network activity, unexpected system pop-ups, or denied access to critical and sensitive files that are often locked, or names and extensions have been changed and encrypted. 

This shock is often followed by a note demanding ransom for the decryption key or the safe return of stolen data. In short, this is an indication that your database is under siege by cybercriminals.

Faced with feelings of fear, frustration, and helplessness, as well as financial stress, ransomware is the worst kind of disaster that any organisation and its employees can be faced with.  

It is unfortunately a reality that as many as 85% of organisations have experienced this at least once over the past year, according to the Veeam Ransomware Trends Report 2023. With figures sitting at 76% a year prior, ransomware attacks are certainly on the rise, particularly given the advent of intrinsic technologies such as Artificial Intelligence (AI) and its ability to enable larger and faster attacks using AI-enabled technologies. And while the psychological condition of Stockholm Syndrome may be real, it is certainly not a situation any organisation wants to find themselves in, let alone return to.

With technology advancing at a rapid pace, there is truly no guaranteed prevention against ransomware attacks. In today’s increasingly connected environment, it’s not a matter of if an attack will occur or when, but how often, and it is for this reason that organisations need to be prepared to fend off the potential storm.  

Don’t get me wrong, AI is a useful tool in the detection of cyber threats. From identifying financial fraud to looking for a polar bear in a snowstorm for any intrusive data dealings, there are several benefits to using this technology to our advantage. It can, however, also be misused to the benefit of cyber criminals. 

Despite the industry’s best efforts, ransomware prevention is not 100% bulletproof, and the only way to stave off an attack is to ensure that your data is protected and cyber-resilient to make your organisation as immune as possible. With only 16% of organisations able to recover their ransomed data successfully without making a payment, organisations need to protect their business-critical data.

There is, however, an opinion that AI can swing the agility pendulum back in favour of data defenders. The technology can allow them to see, classify and contextualise data faster and more efficiently than ever before, and can be viewed as an indispensable tool for IT teams, especially those spread across multiple regions.

Automated and intelligent tools can empower security professionals to focus on security strategy and culture instead of sitting behind a computer watching and managing incoming signals that indicate attacks or zero-day vulnerabilities. The more teams can use AI to provide clear views of cyber threats, the more they can open the door for entry-level talent while also freeing highly skilled defenders to focus on bigger challenges.

AI is a new area for defenders, and as organisations increasingly develop new AI systems, they need to have a thorough understanding of how these systems can be breached, and how attackers can leverage AI systems to carry out attacks. 

Despite AI’s appearance as either a superhero or villain in the fight against cyber threats, organisations need to bolster their security arsenal to protect their data stocks. This means developing an ironclad modern-day data protection strategy that focuses on three non-negotiables. 

The first is data mobility – having a semblance of control over your data and where it resides so that it can be easily moved. The second is simplicity – opting for a single software-defined tool to help manage complex environments that allow for backup onto any platform or device anywhere and at any time. Lastly, but most importantly, organisations need advanced security and immutable backups. 

Immutable backup is the last and best line of an organisation’s defence. As such, organisations should consider implementing the 3-2-1-1-0 backup rule. This means storing three copies of the data on two different media types. One copy should be stored offsite and one copy offline – and air-gapped or immutable – to ensure that the backup doesn’t contain malware and cannot be tampered with by an attacker. Lastly, zero relates to ensuring thorough testing that there are no instances of downtime or failures during the recovery phase and that the verified data can be restored as planned with zero errors.

With the Veeam Data Protection Trends Report 2023 suggesting that 85% of organisations plan to increase their data protection budgets this year, some by as much as 6.5%, don’t you think it’s time to strap on your armour as you prepare for battle in the data protection war?