AS mobile devices continue to reshape the way we connect, shop and entertain ourselves, they also open new doors for cyber criminals and among the most alarming threats is ransomware — a digital seizer that locks users out of their data until a ransom is paid.
With cyberattacks evolving faster than traditional security defences, the battle against ransomware has become one of the most urgent challenges in our increasingly connected world.
Nevertheless, the rise of artificial intelligence (AI) and machine learning (ML) is now offering an innovative approach to reducing this threat, carrying significant outcomes for Malaysia.
AI, ML and ransomware
Heriot-Watt University Malaysia computer science Associate Professor Dr Ian Tan says ransomware can be classified under the broader category of malware, which refers to any malicious software designed to disrupt, damage or gain unauthorised access to a computer system and in the cybersecurity landscape, ransomware is just one of many types of threats that companies and individuals face.
He says AI and ML have been used in cybersecurity for years to spot patterns and unusual behaviour. These technologies analyse data to detect threats, learning from past information to predict and stop future attacks, and this makes them very effective in dealing with ransomware and other cyber threats.
"Early antivirus programmes worked by recognising patterns in known threats while today's cybersecurity uses AI to learn and adjust to new, unknown dangers. AI and machine learning can find new threats by studying patterns, making them important tools in fighting modern malware and this approach has been developed over many years and continues to improve."
Fast, reliable, smart
Tan says traditional antivirus software works by finding and stopping malware based on known examples. While this method can help, but it only works after the malware has been discovered and added to a list and this can be slow to respond to new or changing threats, leaving systems open to attacks that don't follow familiar patterns.
"AI and ML are better at catching threats because they look for unusual behaviour, not just known malware where it detects possible threats earlier, even if the malware is new or hasn't been identified yet.
"As more people use mobile devices and go online, ransomware can show up in new ways and AI helps security systems stay flexible and spot new threats by looking for unusual behaviour, offering better protection against constantly changing cyberattacks."
Advantages and disadvantages
Tan says AI in cybersecurity significantly boosts protection by identifying potential threats, even those that are unknown. Its proactive approach helps detect and block dangers before they can cause harm, keeping users safer from evolving cyber threats.
AI also monitors user behaviour to improve security, which can lead to access issues. If a user acts in a way that seems unusual, the AI may mistakenly block them, balancing security with accessibility, especially in areas like banking.
He adds that one problem with AI and ML in cybersecurity is false positives and it means the system can mistakenly label something safe as dangerous. While these tools are good at finding threats, they can sometimes cause issues by blocking things that are actually harmless.
Challenges
The big challenge for AI in cybersecurity is that there often is not enough harmful data to learn from. For example, if there are a million data points and only one is bad, the AI has trouble understanding what a real threat looks like and to improve this, companies need to use a wider variety of data to train their AI systems so they can better spot actual threats, says Tan.
He adds that many cybersecurity issues arise from user mistakes, particularly with ransomware attacks, hence organisations and governments should prioritise educating users on safe online practices to reduce risks and enhance protection.
Privacy concerns
Tan points out statistics is a core component of ML and has been used in cybersecurity for many years, helping to identify threats more effectively than before where it analyses past data to detect unusual patterns, making it easier to prevent attacks like denial-of-service (DoS) that were more common a decade ago.
"ML is not perfect as it cannot guarantee complete protection against cyber threats. Just like tsunami warning systems that provide limited time to respond, cybersecurity systems must act quickly to prevent damage. The response time in cyber threats is often measured in milliseconds, emphasising the need for efficient early warning mechanisms."