Letters

Address ransomware threat using AI

LETTERS: Ransomware, a type of malicious software that locks users out of their data until a ransom is paid, presents severe challenges.

In Malaysia, ransomware incidents surged by 37 per cent in 2023, compared with the previous year, with average ransom demands reaching a staggering US$5.3 million.

Although there was a 10.52 per cent decline in reported ransomware incidents in the first quarter of 2024, compared with the last quarter of 2023 — when 17 incidents were recorded— the overall threat remains significant.

According to the Pikom Cybersecurity Report 2024, the primary causes of cybersecurity breaches in Malaysia are ransomware, malware, social engineering and misconfigured systems.

The report reveals that the manufacturing and government sectors accounted for 38.2 per cent of organisational cyberattacks, with over 58 per cent driven by ransom demands.

Key sectors such as manufacturing, education, logistics and banking have frequently been targeted, with commercial businesses suffering the most.

The substantial costs associated with data recovery and system repairs highlight ransomware's status as one of the most financially devastating cyber threats.

In this regard, Artificial Intelligence (AI) and Machine Learning (ML) are proving to be game-changers in the fight against ransomware as they can detect threats by analysing behavioural patterns and anomalies.

Anomaly detection allows AI systems to establish a baseline of normal device behaviour and flag deviations such as unauthorised file encryption, which might indicate a ransomware attack. This early detection capability enables swift intervention before the ransomware can be fully executed.

Behavioural analysis further enhances detection by observing user actions and application interactions to identify unusual behaviour that could signal malicious intent.

Moreover, AI-driven systems provide real-time alerts and responses to emerging threats, significantly reducing the window of vulnerability and minimising any potential damage.

The role of AI and ML extends beyond detection to include improved response mechanisms. For instance, automated isolation enables AI systems to automatically contain the threat by disconnecting infected devices from the network, preventing further spread. This containment helps mitigate the impact on other systems.

Additionally, AI can streamline data recovery by managing backups and restoring systems from secure copies, reducing downtime and financial losses.

However, AI and ML do face several challenges. Effective models require extensive, high-quality data for training, and without a robust dataset, these systems may struggle to accurately identify new and evolving threats.

Additionally, AI systems often require access to sensitive user data, raising concerns about data protection and regulatory compliance. Balancing effective security measures with user privacy is essential to maintaining trust and compliance.

A skilled workforce is crucial for harnessing the full potential of AI and ML technologies. Investing in training and education to develop experts who can manage and advance these technologies will be vital for staying ahead of cyber threats.

Nurturing talent not only supports the implementation of cutting-edge solutions but also ensures the continued evolution and resilience of cybersecurity strategies. The role of AI and ML in mobile ransomware detection will most certainly be beneficial in protecting user privacy.

ASSISTANT PROFESSOR DR TIMOTHY YAP

School of Mathematical & Computer Sciences,
Heriot-Watt University Malaysia


* The views expressed in this article are the author's own and do not necessarily reflect those of the New Straits Times

Most Popular
Related Article
Says Stories