Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?

Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.

That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.

Ransomware: The Basics

Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.

Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:

You click on a malicious link.

Your device downloads the malware.

Your system is now infected, and somebody else is essentially in charge.

They encrypt your data and demand you pay ransom for the encryption key to get it back.

As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.

Ransomware as a Service

Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.

As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.

The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.

How Has AI Affected Ransomware?

Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.

AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.

How so?

Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.

AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.

Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.

How to Prevent Ransomware Attacks

Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.

1. Keep Your Systems Updated

When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.

Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.

Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.

2. Invest in Quality Training

Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.

These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.

3. Implement Defensive Systems

Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.

However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.

4. Implement Network Segmentation

As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.

As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.

So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.

5. Collaborate With Others

Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”

That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”

Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).

In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.

Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.

Why?

Because paying the ransom often won’t solve any problems.

As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.

So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.

6. Invest in Backups and Disaster Recovery

According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.

That’s precisely what Tom has experienced working with many small and medium-sized businesses.

He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.

According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.

Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).

Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.

Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!

The Importance of Cybersecurity Specialists

Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.

That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.

Related posts

Il Sole 24 Ore: 100 thousand IT professionals missing
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
May 14, 2024 6 min read

Written on April 24th 2024

Source here: Il Sole 24 Ore (full article in Italian)


Open Institute of Technology: 100 thousand IT professionals missing

Eurostat data processed and disseminated by OPIT. Stem disciplines: the share of graduates in Italy between the ages of 20 and 29 is 18.3%, compared to the European 21.9%

Today, only 29% of young Italians between 25 and 34 have a degree. Not only that: compared to other European countries, the comparison is unequal given that the average in the Old Continent is 46%, bringing Italy to the penultimate place in this ranking, ahead only of Romania. The gap is evident even if the comparison is limited to STEM disciplines (science, technology, engineering and mathematics) where the share of graduates in Italy between the ages of 20 and 29 is 18.3%, compared to the European 21.9%, with peaks of virtuosity which in the case of France that reaches 29.2%. Added to this is the continuing problem of the mismatch between job supply and demand, so much so that 62.8% of companies struggle to find professionals in the technological and IT fields.

The data

The Eurostat data was processed and disseminated by OPIT – Open Institute of Technology. an academic institution accredited at European level, active in the university level education market with online Bachelor’s and Master’s degrees in the technological and digital fields. We are therefore witnessing a phenomenon with worrying implications on the future of the job market in Italy and on the potential loss of competitiveness of our companies at a global level, especially if inserted in a context in which the macroeconomic scenario in the coming years will undergo a profound discontinuity linked to the arrival of “exponential” technologies such as Artificial Intelligence and robotics, but also to the growing threats related to cybersecurity.

Requirements and updates

According to European House Ambrosetti, over 2,000,000 professionals will have to update their skills in the Digital and IT area by 2026, also to take advantage of the current 100,000 vacant IT positions, as estimated by Frank Recruitment Group. But not only that: the Italian context, which is unfavorable for providing the job market with graduates and skills, also has its roots in the chronic birth rate that characterizes our country: according to ISTAT data, in recent years the number of newborns has fallen by 28%, bringing Italy’s birth rate to 1.24, among the lowest in Europe, where the average is 1.46.

Profumo: “Structural deficiency”

“The chronic problem of the absence of IT professionals is structural and of a dual nature: on one hand the number of newborns – therefore, potential “professionals of the future” – is constantly decreasing; on the other hand, the percentage of young people who acquires degrees are firmly among the lowest in Europe”, declared Francesco Profumo, former Minister of Education and rector of OPIT – Open Institute of Technology. “The reasons are varied: from the cost of education (especially if undertaken off-site), to a university offering that is poorly aligned with changes in society, to a lack of awareness and orientation towards STEM subjects, which guarantee the highest employment rates. Change necessarily involves strong investments in the university system (and, in general, in the education system) at the level of the country, starting from the awareness that a functioning education system is the main driver of growth and development in the medium to long term. It is a debated and discussed topic on which, however, a clear and ambitious position is never taken.”

Stagnant context and educational offer

In this stagnant context, the educational offer that comes from online universities increasingly meets the needs of flexibility, quality and cost of recently graduated students, university students looking for specialization and workers interested in updating themselves with innovative skills. According to data from the Ministry of University and Research, enrollments in accredited online universities in Italy have grown by over 141 thousand units in ten years (since 2011), equal to 293.9%. Added to these are the academic institutions accredited at European level, such as OPIT, whose educational offering is overall capable of opening the doors to hundreds of thousands of students, with affordable costs and extremely innovative and updated degree paths.

Analyzing the figures

An analysis of Eurostat statistics relating to the year 2021 highlights that 27% of Europeans aged between 16 and 74 have attended an entirely digital course. The highest share is recorded in Ireland (46%), Finland and Sweden (45%) and the Netherlands (44%). The lowest in Romania (10%), Bulgaria (12%) and Croatia (18%). Italy is at 20%. “With OPIT” – adds Riccardo Ocleppo, founder and director – “we have created a new model of online academic institution, oriented towards new technologies, with innovative programs, a strong practical focus, and an international approach, with professors and students from 38 countries around the world, and teaching in English. We intend to train Italian students not only on current and updated skills, but to prepare them for an increasingly dynamic and global job market. Our young people must be able to face the challenges of the future like those who study at Stanford or Oxford: with solid skills, but also with relational and attitudinal skills that lead them to create global companies and startups or work in multinationals like their international colleagues. The increasing online teaching offer, if well structured and with quality, represents an incredible form of democratization of education, making it accessible at low costs and with methods that adapt to the flexibility needs of many working students.”

Point of reference

With two degrees already starting in September 2023 – a three-year degree (BSc) in Modern Computer Science and a specialization (MSc) in Applied Data Science & AI – and 4 starting in September 2024: a three-year degree (BSc) in Digital Business, and the specializations (MSc) in Enterprise Cybersecurity, Applied Digital Business and Responsible Artificial Intelligence (AI), OPIT is an academic institution of reference for those who intend to respond to the demands of a job market increasingly oriented towards the field of artificial intelligence. Added to this are a high-profile international teaching staff and an exclusively online educational offer focused on the technological and digital fields.

Read the article
Times of India: The 600,000 IT job shortage in India and how to solve it
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
May 2, 2024 3 min read

Written on April 25th 2024

Source here: Times of India 


The job market has never been a straightforward path. Ask anyone who has ever looked for a job, certainly within the last decade, and they can tell you as much. But with the rapid development of AI and machine learning, concerns are growing for people about their career options, with a report from Randstad finding that 7 in 10 people in India are concerned about their job being eliminated by AI.

 Employers have their own share of concerns. According to The World Economic Forum, 97 million new AI-related jobs will be created by 2025 and the share of jobs requiring AI skills will increase by 58%. The IT industry in India is experiencing a tremendous surge in demand for skilled professionals on disruptive technologies like artificial intelligence, machine learning, blockchain, cybersecurity and, according to Nasscom, this is leading to a shortage of 600,000 profiles.

 So how do we fill those gaps? Can we democratize access to top-tier higher education in technology?

These are the questions that Riccardo Ocleppo, the engineer who founded a hugely successful ed-tech platform connecting international students with global Universities, Docsity, asked himself for years. Until he took action and launched the Open Institute of Technology (OPIT), together with the Former Minister of Education of Italy, Prof. Francesco Profumo, to help people take control of their future careers.

OPIT offers BSc and MSc degrees in Computer Science, AI, Data Science, Cybersecurity, and Digital Business, attracting students from over 38 countries worldwide. Through innovative learning experiences and affordable tuition fees starting at €4,050 per year, OPIT empowers students to pursue their educational goals without the financial and personal burden of relocating.

The curriculum, delivered through a mix of live and pre-recorded lectures, equips students with the latest technology skills, as well as business and strategic acumen necessary for careers in their chosen fields. Moreover, OPIT’s EU-accredited degrees enable graduates to pursue employment opportunities in Europe, with recognition by WES facilitating transferability to the US and Canada.

OPIT’s commitment to student success extends beyond academics, with a full-fledged career services department led by Mike McCulloch. Remote students benefit from OPIT’s “digital campus,” fostering connections through vibrant discussion forums, online events, and networking opportunities with leading experts and professors.

Faculty at OPIT, hailing from prestigious institutions and industry giants like Amazon and Microsoft, bring a wealth of academic and practical experience to the table. With a hands-on, practical teaching approach, OPIT prepares students for the dynamic challenges of the modern job market.

In conclusion, OPIT stands as a beacon of hope for individuals seeking to future-proof their careers in technology. By democratizing access to high-quality education and fostering a global learning community, OPIT empowers students to seize control of their futures and thrive in the ever-evolving tech landscape.

Read the article