Is AI the answer to protecting our financial institutions from ransomware?
By Vectra A/NZ, country manager, Tony Bauman.
The threat of ransomware continues to disrupt businesses, generate headlines for the wrong reasons and create widespread uncertainty. Surely, many of the most high-profile recent ransomware victims knew the dangers and had measures in place to protect themselves?
As pandemic restrictions set in last year, many companies shifted to conducting business online and rapidly adopted cloud technologies. New findings in a PaaS & IaaS Security Survey Report have underlined how the cloud has changed everything we know about security; 100% of the companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services weekly.
Similarly, consumer behaviour was significantly transformed; people relied on services online, including banking and making payments. Against this backdrop, more financial institutions had to upgrade digital capabilities to create new online customer experiences.
In fact, banking regulators across Asia including the Monetary Authority of Singapore (MAS) have started granting new banking licenses for digital-only banks. While these developments will indeed bring tremendous new opportunities and capabilities, the technology challenges will remain – particularly around data and privacy. Cybercriminals have continued using pandemic-led disruptions to breach financial services firms using methods such as phishing to unleash ransomware attacks.
These targeted strikes hit close to home in September of this year, several financial institutions in New Zealand went offline as officials reported a series of cyber-attacks had occurred. Hundreds of customers faced problems accessing internet banking during the outage, which reportedly had all the signs of a denial-of-service attack.
Closer to home, Australia's Reserve Bank has advised banks to be on alert, saying that a major cyber security attack against one of the country's banks is "inevitable."
An evolving threat
Part of the problem is that ransomware has evolved and diversified in recent years – attackers have moved on from simple, fully-automated tactics that are quite straightforward to prevent, to using more targeted and sophisticated methods. At the same time, most security teams are using the same old tactics to try to prevent ransomware – an approach that is now broken.
It's time for financial organisations to evolve. One thing is for sure, in the sprawling IT landscapes of today, AI will play a decisive role in this war against ransomware. A recent report shows that most financial services institutions need to analyse behaviours and separate the suspicious and the malicious using AI-powered cyber security.
Early forms of ransomware followed a simple business model: infect as many computers as possible because at least some of the victims will pay to recover their files. This so-called commodity ransomware soon evolved to search out and encrypt entire network drives – the rationale being that you're increasing the likelihood of locking something the victim can't live without. This initial evolution also saw attackers start to target financial organisations rather than individual people, as businesses are more likely to pay bigger ransoms to recover critical files.
Attackers have continued to step up their game and diversify, replacing automated tactics for more sophisticated and targeted methods. About 500,000 records, including confidential client agreements, were allegedly hacked and the breach impacted multiple financial institutions.
For all intents and purposes, ransomware has become a fully-fledged industry; it's hardly surprising that the sophisticated human-operated variants have been identified by Microsoft as "one of the most impactful trends in cyberattacks today".
AI to reinforce the ranks.
Focus must shift from trying to prevent the inevitable, to instead detecting and halting successful attacks at the earliest possible point – and this is where AI comes in.
With estimates indicating the average dwell time in a ransomware attack is 43 days, AI should play a decisive role within the security team to help flush out the threat. While a team of analysts may need days or even weeks, AI can rapidly – if not immediately – detect when attackers are moving through systems before the ransomware deploy button is hit. This is because AI can contextualise and consolidate the wide variety of signals and markers left by attackers as they move through systems to reach their intended goal.
AI can pull all this disparate information together into one clear picture, meaning security teams can efficiently respond to the most critical threats.
Financial services conquering the ransomware battlefield
Ransomware continues to be a serious threat to finance firms and if 2021 is anything to go by, it's not going away any time soon. This modern-day threat has also caught the attention of the Australian federal government with a new ransomware task force being established spanning across several agencies, including the Australian Cyber Security Centre and the Australian Federal Police.
Security teams should take note of the numerous recent high-profile ransomware incidents and view them as a case study of what can happen if they are not ready to deal with the wide variety of threats.
As ransomware operators continue to diversify, financial organisations should look at adding AI-powered means of detecting ransomware to their arsenal, so they can significantly reduce the time taken to spot the threat.