Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?

Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.

That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.

Ransomware: The Basics

Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.

Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:

You click on a malicious link.

Your device downloads the malware.

Your system is now infected, and somebody else is essentially in charge.

They encrypt your data and demand you pay ransom for the encryption key to get it back.

As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.

Ransomware as a Service

Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.

As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.

The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.

How Has AI Affected Ransomware?

Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.

AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.

How so?

Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.

AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.

Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.

How to Prevent Ransomware Attacks

Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.

1. Keep Your Systems Updated

When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.

Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.

Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.

2. Invest in Quality Training

Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.

These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.

3. Implement Defensive Systems

Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.

However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.

4. Implement Network Segmentation

As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.

As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.

So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.

5. Collaborate With Others

Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”

That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”

Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).

In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.

Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.

Why?

Because paying the ransom often won’t solve any problems.

As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.

So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.

6. Invest in Backups and Disaster Recovery

According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.

That’s precisely what Tom has experienced working with many small and medium-sized businesses.

He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.

According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.

Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).

Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.

Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!

The Importance of Cybersecurity Specialists

Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.

That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.

Related posts

Il Sole 24 Ore: Integrating Artificial Intelligence into the Enterprise – Challenges and Opportunities for CEOs and Management
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Apr 14, 2025 6 min read

Source:


Expert Pierluigi Casale analyzes the adoption of AI by companies, the ethical and regulatory challenges and the differentiated approach between large companies and SMEs

By Gianni Rusconi

Easier said than done: to paraphrase the well-known proverb, and to place it in the increasingly large collection of critical issues and opportunities related to artificial intelligence, the task that CEOs and management have to adequately integrate this technology into the company is indeed difficult. Pierluigi Casale, professor at OPIT (Open Institute of Technology, an academic institution founded two years ago and specialized in the field of Computer Science) and technical consultant to the European Parliament for the implementation and regulation of AI, is among those who contributed to the definition of the AI ​​Act, providing advice on aspects of safety and civil liability. His task, in short, is to ensure that the adoption of artificial intelligence (primarily within the parliamentary committees operating in Brussels) is not only efficient, but also ethical and compliant with regulations. And, obviously, his is not an easy task.

The experience gained over the last 15 years in the field of machine learning and the role played in organizations such as Europol and in leading technology companies are the requirements that Casale brings to the table to balance the needs of EU bodies with the pressure exerted by American Big Tech and to preserve an independent approach to the regulation of artificial intelligence. A technology, it is worth remembering, that implies broad and diversified knowledge, ranging from the regulatory/application spectrum to geopolitical issues, from computational limitations (common to European companies and public institutions) to the challenges related to training large-format language models.

CEOs and AI

When we specifically asked how CEOs and C-suites are “digesting” AI in terms of ethics, safety and responsibility, Casale did not shy away, framing the topic based on his own professional career. “I have noticed two trends in particular: the first concerns companies that started using artificial intelligence before the AI ​​Act and that today have the need, as well as the obligation, to adapt to the new ethical framework to be compliant and avoid sanctions; the second concerns companies, like the Italian ones, that are only now approaching this topic, often in terms of experimental and incomplete projects (the expression used literally is “proof of concept”, ed.) and without these having produced value. In this case, the ethical and regulatory component is integrated into the adoption process.”

In general, according to Casale, there is still a lot to do even from a purely regulatory perspective, due to the fact that there is not a total coherence of vision among the different countries and there is not the same speed in implementing the indications. Spain, in this regard, is setting an example, having established (with a royal decree of 8 November 2023) a dedicated “sandbox”, i.e. a regulatory experimentation space for artificial intelligence through the creation of a controlled test environment in the development and pre-marketing phase of some artificial intelligence systems, in order to verify compliance with the requirements and obligations set out in the AI ​​Act and to guide companies towards a path of regulated adoption of the technology.

Read the full article below (in Italian):

Read the article
The Lucky Future: How AI Aims to Change Everything
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Apr 10, 2025 7 min read

There is no question that the spread of artificial intelligence (AI) is having a profound impact on nearly every aspect of our lives.

But is an AI-powered future one to be feared, or does AI offer the promise of a “lucky future.”

That “lucky future” prediction comes from Zorina Alliata, principal AI Strategist at Amazon and AI faculty member at Georgetown University and the Open Institute of Technology (OPIT), in her recent webinar “The Lucky Future: How AI Aims to Change Everything” (February 18, 2025).

However, according to Alliata, such a future depends on how the technology develops and whether strategies can be implemented to mitigate the risks.

How AI Aims to Change Everything

For many people, AI is already changing the way they work. However, more broadly, AI has profoundly impacted how we consume information.

From the curation of a social media feed and the summary answer to a search query from Gemini at the top of your Google results page to the AI-powered chatbot that resolves your customer service issues, AI has quickly and quietly infiltrated nearly every aspect of our lives in the past few years.

While there have been significant concerns recently about the possibly negative impact of AI, Alliata’s “lucky future” prediction takes these fears into account. As she detailed in her webinar, a future with AI will have to take into consideration:

  • Where we are currently with AI and future trajectories
  • The impact AI is having on the job landscape
  • Sustainability concerns and ethical dilemmas
  • The fundamental risks associated with current AI technology

According to Alliata, by addressing these risks, we can craft a future in which AI helps individuals better align their needs with potential opportunities and limitations of the new technology.

Industry Applications of AI

While AI has been in development for decades, Alliata describes a period known as the “AI winter” during which educators like herself studied AI technology, but hadn’t arrived at a point of practical applications. Contributing to this period of uncertainty were concerns over how to make AI profitable as well.

That all changed about 10-15 years ago when machine learning (ML) improved significantly. This development led to a surge in the creation of business applications for AI. Beginning with automation and robotics for repetitive tasks, the technology progressed to data analysis – taking a deep dive into data and finding not only new information but new opportunities as well.

This further developed into generative AI capable of completing creative tasks. Generative AI now produces around one billion words per day, compared to the one trillion produced by humans.

We are now at the stage where AI can complete complex tasks involving multiple steps. In her webinar, Alliata gave the example of a team creating storyboards and user pathways for a new app they wanted to develop. Using photos and rough images, they were able to use AI to generate the code for the app, saving hundreds of hours of manpower.

The next step in AI evolution is Artificial General Intelligence (AGI), an extremely autonomous level of AI that can replicate or in some cases exceed human intelligence. While the benefits of such technology may readily be obvious to some, the industry itself is divided as to not only whether this form of AI is close at hand or simply unachievable with current tools and technology, but also whether it should be developed at all.

This unpredictability, according to Alliata, represents both the excitement and the concerns about AI.

The AI Revolution and the Job Market

According to Alliata, the job market is the next area where the AI revolution can profoundly impact our lives.

To date, the AI revolution has not resulted in widespread layoffs as initially feared. Instead of making employees redundant, many jobs have evolved to allow them to work alongside AI. In fact, AI has also created new jobs such as AI prompt writer.

However, the prediction is that as AI becomes more sophisticated, it will need less human support, resulting in a greater job churn. Alliata shared statistics from various studies predicting as many as 27% of all jobs being at high risk of becoming redundant from AI and 40% of working hours being impacted by language learning models (LLMs) like Chat GPT.

Furthermore, AI may impact some roles and industries more than others. For example, one study suggests that in high-income countries, 8.5% of jobs held by women were likely to be impacted by potential automation, compared to just 3.9% of jobs held by men.

Is AI Sustainable?

While Alliata shared the many ways in which AI can potentially save businesses time and money, she also highlighted that it is an expensive technology in terms of sustainability.

Conducting AI training and processing puts a heavy strain on central processing units (CPUs), requiring a great deal of energy. According to estimates, Chat GPT 3 alone uses as much electricity per day as 121 U.S. households in an entire year. Gartner predicts that by 2030, AI could consume 3.5% of the world’s electricity.

To reduce the energy requirements, Alliata highlighted potential paths forward in terms of hardware optimization, such as more energy-efficient chips, greater use of renewable energy sources, and algorithm optimization. For example, models that can be applied to a variety of uses based on prompt engineering and parameter-efficient tuning are more energy-efficient than training models from scratch.

Risks of Using Generative AI

While Alliata is clearly an advocate for the benefits of AI, she also highlighted the risks associated with using generative AI, particularly LLMs.

  • Uncertainty – While we rely on AI for answers, we aren’t always sure that the answers provided are accurate.
  • Hallucinations – Technology designed to answer questions can make up facts when it does not know the answer.
  • Copyright – The training of LLMs often uses copyrighted data for training without permission from the creator.
  • Bias – Biased data often trains LLMs, and that bias becomes part of the LLM’s programming and production.
  • Vulnerability – Users can bypass the original functionality of an LLM and use it for a different purpose.
  • Ethical Risks – AI applications pose significant ethical risks, including the creation of deepfakes, the erosion of human creativity, and the aforementioned risks of unemployment.

Mitigating these risks relies on pillars of responsibility for using AI, including value alignment of the application, accountability, transparency, and explainability.

The last one, according to Alliata, is vital on a human level. Imagine you work for a bank using AI to assess loan applications. If a loan is denied, the explanation you give to the customer can’t simply be “Because the AI said so.” There needs to be firm and explainable data behind the reasoning.

OPIT’s Masters in Responsible Artificial Intelligence explores the risks and responsibilities inherent in AI, as well as others.

A Lucky Future

Despite the potential risks, Alliata concludes that AI presents even more opportunities and solutions in the future.

Information overload and decision fatigue are major challenges today. Imagine you want to buy a new car. You have a dozen features you desire, alongside hundreds of options, as well as thousands of websites containing the relevant information. AI can help you cut through the noise and narrow the information down to what you need based on your specific requirements.

Alliata also shared how AI is changing healthcare, allowing patients to understand their health data, make informed choices, and find healthcare professionals who meet their needs.

It is this functionality that can lead to the “lucky future.” Personalized guidance based on an analysis of vast amounts of data means that each person is more likely to make the right decision with the right information at the right time.

Read the article