Rethinking data security in the age of ransomware and AI

“It’s just somebody walking up and punching you in the face, and in this case an entertainment company, which back then was really just quite unprecedented,” said John Scimone, president and chief security officer at Dell Technologies Inc., in an interview with theCUBE, SiliconANGLE Media’s livestreaming studio. “The real question, the strategic question … what is the impact 10 years, 20 years from now on our ecosystem? Does it help more, or does it hurt more? There’s a significant asymmetry between the offense and the defense. The defense is losing broadly if you look at the scoreboard, and that hasn’t changed over the last decade.”

Current strategies and best practices to safeguard the digital landscape are top of mind for all organizations in today’s business world. These topics, and more, were recently discussed during the Cyber Resiliency Summit. (* Disclosure below.)

Prevalence of ransomware

Today’s computing world is seeing a troubling rise and persistence of ransomware attacks. During the recent Summit, Rob Emsley, director of data protection marketing at Dell, offered a hint at what the upcoming release of the company’s annual research report will reveal.

“Come January, we’ll be releasing a new set of insights,” he said. “[It’s] the 2024 ‘Global Data Protection’ research, and it’s a special edition focused on cyber resiliency and multicloud. One of the things that the survey keeps telling us is that customers just haven’t arrived at their destination yet. They’re still staying awake at night, worried about how to bring the business back after a ransomware attack or a cyberattack.”

Businesses have a right to be worried about ransomware. According to cyber underwriter Corvus Insurance, the number of ransomware victims posted on leak sites in 2023 is on pace for a new record. The high number has been driven by the Clop ransomware group, which exploited vulnerabilities in file transfer software, and another set of hackers who specialized in targeting cities and municipalities.

Ransomware groups have become so bold in their methods that one recently filed a U.S. Securities and Exchange Commission complaint because a victim had not complied with an SEC rule for breach disclosure within a four-day window.

“It doesn’t matter what industry you’re in, ransomware is so prevalent,” Scimone told theCUBE. “It’s really plaguing all industries as the top risk concern, for businesses of all breeds. Even as we think forward a decade from now, I imagine that probably won’t be too different than what we’re seeing today.”

Emergence of AI

Attack scenarios such as these have spurred enterprises to take a closer look at emerging solutions that leverage artificial intelligence. What this could mean for enterprises and the cybersecurity field in general was a prime topic of discussion during the Summit.

Event participants noted that AI will likely be both a help and a danger in the cybersecurity world. The widespread availability of ChatGPT and other generative AI engines enables stronger defenses against cyberattacks, while threat actors could use AI to sharpen their tools for targeting victims.

“It’s a tool that gets you to an outcome,” said Kris Lovejoy, global security and resilience practice leader at Kyndryl Holdings Inc., in an interview during the event. “Generative AI might be a great solution within the confines of the problem that you’re trying to solve.”

One problem many organizations are trying to solve is how to protect critical data in a computing environment that is increasingly more decentralized, with workloads on-premises, in the cloud or at the edge. In October, automated cloud backup provider Druva Inc. launched a generative AI solution that can analyze logs and troubleshoot errors to help reduce the risk in data management. Dell has partnered with Druva for the delivery of data protection services across the cloud-native platform.

“The broader the cloud gets to the edge and the other domains, the handling of data gets more error-prone,” said Jaspreet Singh, founder and chief executive officer of Druva, during the Cyber Resiliency Summit. “This is where a lot of AI-oriented systems can make or bring automation at the same time and can help solve these long-tail problems of managing information.”

Despite steps such as the alliance between Druva and Dell, malicious actors are also leveraging generative AI to build sophisticated social engineering attacks, using deepfake audio and realistic emails. There are already signs that use of deepfake technology by scammers is on the rise. A veteran author recently alerted Amazon Inc. that several books were being sold under her name that she had not written, and a Subsum study, based on analysis of over 2 million fraud attempts, found that use of deepfakes increased 10x across all industries from 2022 to 2023.

“Attackers use generative AI in one really scary way, which is in social engineering,” Lovejoy said. “That’s very hard to protect against because it just seems so legitimate.”

Addressing cost and complexity

Threats from ransomware attacks and complications presented by adoption of gen AI have motivated security practitioners to look for solutions that can control cost and manage complexity. The security industry has been plagued for years by “tool sprawl,” a situation in which data protection involves installation and use of tens or even hundreds of solutions.

At the very least, enterprises are seeking to consolidate security vendors. A report issued by Gartner Inc. last year noted that 75% of organizations were pursuing vendor consolidation, up from 29% the previous year. This trend is being driven by both cost and complexity, a sentiment expressed during theCUBE’s Summit by several participants.

“There’s complexity; there’s also increased demands often in terms of cost and becoming more cost-efficient in terms of how organizations need to operate,” said Mark Hughes, president of security at DXC Technology Co., in conversation with theCUBE. “Cost to serve is under pressure. Take that complexity, coupled with the factor of then needing to secure all of that in a cost-sensitive environment [and the] challenge, as you can see, gets even greater.”

This combination of cost and complexity has led IT vendors such as Dell to offer security solutions through managed services. An example of this can be seen in the company’s launch earlier this year of Managed Detection and Response Pro Plus, a fully managed security operations solution that protects endpoints, infrastructure, hardware, software and the cloud with 24/7 threat detection and analysis.

“It’s all the way from advisory services for zero trust to building out all these security controls,” said Mihir Maniar, vice president of products at Dell, in an interview with theCUBE. “The threats to security have expanded. You’ve got to create all these controls to put into place. The third one [is] a very robust set of resiliency practices.”

Maniar’s last point goes the heart of the message expressed by many during the event. Against a backdrop of uncertainty created by today’s threat environment, organizations need to be prepared for the worst-case scenarios. This means striking a balance between defending the fort and handling the recovery when it gets breached.

“I think you’re definitely starting to see customers realizing they need to get the balance right,” said Dell’s Emsley. “For many, many years, customers have been investing a lot of their IT dollars on cyber prevention technologies, keeping the bad guys out. The reality is that you’ve got to also invest in recovering when those defenses aren’t good enough.”

(* Disclosure: TheCUBE is a paid media partner for the “Cyber Resiliency Summit.” Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Image: Created with the assistance of DALL·E