How Generative AI Can Be Used to Counter Ransomware ActorsV.S. Subrahmanian Says Vendors Should Put Themselves in the Shoes of Adversaries
The infamous NotPetya ransomware attack on global shipping company Maersk in 2017 was a wake-up call for organizations. Regarded as one of the most destructive cyber incidents in history, NotPetya paralyzed Maersk's IT infrastructure, disrupting operations worldwide that included over 70 ports and 800 ships. Although Maersk decided to not pay the ransom, it had to invest substantial time and resources in recovery efforts. However, ransomware continues to be one of the top vectors of cyberattacks, accounting for almost 25% of all breaches.
It's time organizations learnt the lessons. Besides education on cyber hygiene, the biggest challenge is the industry playing a constant catch-up game and not innovating beyond the obvious.
"Part of the problem lies with the cybersecurity companies that fail to put themselves in the shoes of the adversaries. Can they not make use of modern technologies like generative AI to generate 10,000 future variants of malware they have detected? Should they not build a detector that can detect similar or rare malware?" asked V.S. Subrahmanian, Walter P. Murphy professor of Computer Science and Buffet Faculty Fellow at Northwestern University.
In the first part of this interview, Prof. Subrahmanian discussed the importance of cybersecurity in national security. In the second part of the interview with Information Security Media Group, he discussed:
- The past, present and future of ransomware;
- How can cybersecurity companies use generative AI to stay ahead in the game;
- Importance of OT security and lessons from STUXNET attack.
Prof. Subrahmanian is internationally recognized as a prominent leader in various fields, including logical reasoning under uncertainty, probabilistic logics, temporal probabilistic logics, and managing huge, heterogeneous databases containing incomplete and inconsistent information, and multimedia databases. His research interest lies in the intersection of AI and security problems.