Data is a company’s most valuable asset. So, doing everything in your power to protect that asset is a given. But what if the threat you’re guarding your data against is known to cripple operations, tarnish reputations, and drain finances? And even worse, what if that threat is only getting more dangerous, thanks to a little thing called artificial intelligence (AI)?

Unfortunately, for many businesses, there’s nothing “what if” about this scenario. As many as 72% of businesses worldwide have experienced a ransomware attack at some point and know just how devastating the aftermath can be.

That’s why we tapped two cybersecurity experts to share their insights on ransomware, its evolution, and how businesses can protect themselves. Read on to hear what Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, a seasoned cybersecurity architect, have to say on this topic in their “Cyber Threat Landscape 2024: Navigating New Risks” master class.

Ransomware: The Basics

Ransomware is nothing new. However, there are always new business owners who (luckily) haven’t encountered it yet. So, let’s cover the basics first.

Ransomware is a natural product of phishing, a human-centric cyber threat that relies on social engineering to deceive individuals into providing sensitive information or downloading malicious attachments. The latter is what ultimately triggers a ransomware infection. Tom describes the process like this:

You click on a malicious link.

Your device downloads the malware.

Your system is now infected, and somebody else is essentially in charge.

They encrypt your data and demand you pay ransom for the encryption key to get it back.

As mentioned, dealing with ransomware attacks and cyber criminals has become a daily reality for companies worldwide. What certainly doesn’t help companies is the fact that ransomware is now also offered as a service.

Ransomware as a Service

Just a few short years ago, cybercriminals needed sophisticated technical skills and tools to develop and deploy ransomware. Now, all they need is access to the dark web.

As Tom explains it, numerous cyber criminals on the dark web offer ransomware as a service, a malicious adaptation of the software as a service (SaaS) business model. So, you essentially pay them to deploy their ransomware on your behalf.

The most famous, or should we say infamous, among these threats is the LockBit model, which has wreaked havoc on thousands of companies worldwide. The issue is that LockBit ransomware attacks vary in tactics, techniques, and procedures. In other words, an organization must be prepared for virtually anything.

How Has AI Affected Ransomware?

Ransomware is dangerous on its own. But throw artificial intelligence into the mix, and you’ve got a massive threat on your hands.

AI has undoubtedly revolutionized the cybersecurity industry, for better or for worse. The “worse” part is that AI is making cyber threats smarter. Unfortunately, for organizations, this particularly applies to ransomware. According to a 2024 report by the U.K.’s top intelligence agency, ransomware stands to gain the most from AI.

How so?

Well, AI has the potential to create malware that circumvents current cybersecurity detection measures. After all, AI is trained using data. Give it malware data to analyze, and it will learn how to evade detection by traditional cybersecurity tools.

AI will also likely generate a surge of new cybercriminals as the barrier to entering into cybercrime decreases with AI-powered tools.

Of course, the more capable and experienced attackers will also benefit from AI. They will use it to identify system vulnerabilities, bypass security defenses, and craft more precise social engineering attacks.

How to Prevent Ransomware Attacks

Given how quickly ransomware is evolving, preventing attacks requires a multi-faceted approach that combines technology, education, and proactive measures. Tom and Venicia break down this approach.

1. Keep Your Systems Updated

When it comes to anything cybersecurity-related, this is the first crucial step. Keep all your systems and programs updated and patched if you want to stand any chance of protecting against known vulnerabilities.

Tom says that there’s a new vulnerability “basically each week,” so having a process in place to update regularly and patch systems is essential.

Venicia adds that something as simple as a basic software update can go a long way toward protecting your data from ransomware. This update will limit its ability to spread through your network, thus reducing the impact of the attack.

2. Invest in Quality Training

Having the most advanced protection systems in place will do you no good if you don’t have well-trained employees.

These employees must learn to recognize potential cyberattacks that could introduce malware into your organization’s system (e.g., phishing emails). Of course, the next step is to respond effectively to the attack. Though each organization has its own set of rules in place, the proper response typically involves disconnecting from the network and contacting IT support.

3. Implement Defensive Systems

Humans are undoubtedly the first line of defense against cyber threats. However, they can’t do it alone. That’s why implementing advanced Endpoint Detection and Response (EDR) solutions is crucial. Tom explains that these systems will help you identify and, more importantly, mitigate a threat on time.

However, he also adds that you must restrict user permissions within the system. This way, even if a single component is compromised, the ransomware won’t take down the entire network.

4. Implement Network Segmentation

As you can see, a huge part of mitigating ransomware attacks is ensuring they don’t affect the entire network. That’s where network segmentation can also help.

As Tom explains, with network segmentation, the malicious actor in control of your network won’t be able to do “lateral movements.” In other words, even if they do manage to penetrate your network, they won’t be able to spread within it.

So, network segmentation is a critical part of the multi-layer approach every organization should adopt when it comes to cybersecurity.

5. Collaborate With Others

Remember – you aren’t the only one experiencing cyberattacks. In Venicia’s words, “ransomware has a global impact.”

That’s why organizations in the private sector are constantly encouraged to “talk to each other,” as Tom puts it. Of course, there’s always the issue of confidentiality, but Tom explains that this, too, can be resolved with a “closed circle of trust.”

Also, organizations in the private and public sectors are encouraged to share relevant information with institutions such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).

In Europe, there’s also something called The No More Ransom Project. This Europol initiative has existed for years, hosting decryption keys for different types of ransomware. It has helped numerous individuals and organizations decrypt their systems and avoid paying the ransom.

Of course, this won’t always be possible, as the attackers typically keep changing the encryption keys. However, anything that helps organizations avoid paying the ransom is worth trying.

Why?

Because paying the ransom often won’t solve any problems.

As Tom explains it, you’re dealing with criminals, after all. So, they will often double the ransom after you pay the initial amount, having realized that you have the money. Or, they’ll simply take the money and run without giving you the decryption keys.

So, ongoing threat intelligence sharing should be among the top priorities for an organization, as it allows them to evade the last-resort scenario of paying the ransom.

6. Invest in Backups and Disaster Recovery

According to Venicia, backups and disaster recovery have a massive role to play in combating ransomware. She says that the primary reason organizations choose to pay the ransom is because they don’t have any backups in place. In other words, they don’t have an alternative way to get their data back.

That’s precisely what Tom has experienced working with many small and medium-sized businesses.

He says that these businesses usually don’t have disaster recovery procedures and data backups because they find them to be too expensive. Other times, they’ll say they didn’t have the time to deal with these measures. But whatever the excuse may be, one thing’s for sure – having no backups leaves you vulnerable to losing your data permanently in a ransomware attack.

According to Tom and Venicia, here’s what an ideal proactive approach to cybersecurity would look like.

Step No. 1 – Have regularly scheduled backups and ensure they’re stored in different environments, including offline ones. Tom suggests the 3-2-1 data backup strategy – have three copies of your data on two different mediums (e.g., hard drives and DVDs) with one copy off-site (a different physical location).

Step No. 2 – Regularly test your backups to see whether they’re able to handle different scenarios.

Step No. 3 – Implement a disaster recovery plan that outlines the steps for different types of incidents. Of course, these incidents shouldn’t only cover ransomware. Earthquakes, floods, and even meteor strikes should be considered in your plan. The last part might seem silly to you. In fact, it also sounded silly to Tom and his colleagues. That is, at least, until a meteor struck Russia in 2013. So, you never know!

The Importance of Cybersecurity Specialists

Most of the strategies for combating ransomware require one thing – a skilled cybersecurity specialist to execute them. This is also what most companies lack, which is why they easily fall victim to cyberattacks.

That’s why programs like the Enterprise Cybersecurity Master’s program at OPIT are essential for the future of cybersecurity. This program helps train the next generation of cybersecurity professionals to defend organizations against the so-called “Ransomware Armageddon” and any other cyber threat that might emerge.

Related posts

Agenda Digitale: Generative AI in the Enterprise – A Guide to Conscious and Strategic Use
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 6 min read

Source:


By Zorina Alliata, Professor of Responsible Artificial Intelligence e Digital Business & Innovation at OPIT – Open Institute of Technology

Integrating generative AI into your business means innovating, but also managing risks. Here’s how to choose the right approach to get value

The adoption of generative AI in the enterprise is growing rapidly, bringing innovation to decision-making, creativity and operations. However, to fully exploit its potential, it is essential to define clear objectives and adopt strategies that balance benefits and risks.

Over the course of my career, I have been fortunate to experience firsthand some major technological revolutions – from the internet boom to the “renaissance” of artificial intelligence a decade ago with machine learning.

However, I have never seen such a rapid rate of adoption as the one we are experiencing now, thanks to generative AI. Although this type of AI is not yet perfect and presents significant risks – such as so-called “hallucinations” or the possibility of generating toxic content – ​​it fills a real need, both for people and for companies, generating a concrete impact on communication, creativity and decision-making processes.

Defining the Goals of Generative AI in the Enterprise

When we talk about AI, we must first ask ourselves what problems we really want to solve. As a teacher and consultant, I have always supported the importance of starting from the specific context of a company and its concrete objectives, without inventing solutions that are as “smart” as they are useless.

AI is a formidable tool to support different processes: from decision-making to optimizing operations or developing more accurate predictive analyses. But to have a significant impact on the business, you need to choose carefully which task to entrust it with, making sure that the solution also respects the security and privacy needs of your customers .

Understanding Generative AI to Adopt It Effectively

A widespread risk, in fact, is that of being guided by enthusiasm and deploying sophisticated technology where it is not really needed. For example, designing a system of reviews and recommendations for films requires a certain level of attention and consumer protection, but it is very different from an X-ray reading service to diagnose the presence of a tumor. In the second case, there is a huge ethical and medical risk at stake: it is necessary to adapt the design, control measures and governance of the AI ​​to the sensitivity of the context in which it will be used.

The fact that generative AI is spreading so rapidly is a sign of its potential and, at the same time, a call for caution. This technology manages to amaze anyone who tries it: it drafts documents in a few seconds, summarizes or explains complex concepts, manages the processing of extremely complex data. It turns into a trusted assistant that, on the one hand, saves hours of work and, on the other, fosters creativity with unexpected suggestions or solutions.

Yet, it should not be forgotten that these systems can generate “hallucinated” content (i.e., completely incorrect), or show bias or linguistic toxicity where the starting data is not sufficient or adequately “clean”. Furthermore, working with AI models at scale is not at all trivial: many start-ups and entrepreneurs initially try a successful idea, but struggle to implement it on an infrastructure capable of supporting real workloads, with adequate governance measures and risk management strategies. It is crucial to adopt consolidated best practices, structure competent teams, define a solid operating model and a continuous maintenance plan for the system.

The Role of Generative AI in Supporting Business Decisions

One aspect that I find particularly interesting is the support that AI offers to business decisions. Algorithms can analyze a huge amount of data, simulating multiple scenarios and identifying patterns that are elusive to the human eye. This allows to mitigate biases and distortions – typical of exclusively human decision-making processes – and to predict risks and opportunities with greater objectivity.

At the same time, I believe that human intuition must remain key: data and numerical projections offer a starting point, but context, ethics and sensitivity towards collaborators and society remain elements of human relevance. The right balance between algorithmic analysis and strategic vision is the cornerstone of a responsible adoption of AI.

Industries Where Generative AI Is Transforming Business

As a professor of Responsible Artificial Intelligence and Digital Business & Innovation, I often see how some sectors are adopting AI extremely quickly. Many industries are already transforming rapidly. The financial sector, for example, has always been a pioneer in adopting new technologies: risk analysis, fraud prevention, algorithmic trading, and complex document management are areas where generative AI is proving to be very effective.

Healthcare and life sciences are taking advantage of AI advances in drug discovery, advanced diagnostics, and the analysis of large amounts of clinical data. Sectors such as retail, logistics, and education are also adopting AI to improve their processes and offer more personalized experiences. In light of this, I would say that no industry will be completely excluded from the changes: even “humanistic” professions, such as those related to medical care or psychological counseling, will be able to benefit from it as support, without AI completely replacing the relational and care component.

Integrating Generative AI into the Enterprise: Best Practices and Risk Management

A growing trend is the creation of specialized AI services AI-as-a-Service. These are based on large language models but are tailored to specific functionalities (writing, code checking, multimedia content production, research support, etc.). I personally use various AI-as-a-Service tools every day, deriving benefits from them for both teaching and research. I find this model particularly advantageous for small and medium-sized businesses, which can thus adopt AI solutions without having to invest heavily in infrastructure and specialized talent that are difficult to find.

Of course, adopting AI technologies requires companies to adopt a well-structured risk management strategy, covering key areas such as data protection, fairness and lack of bias in algorithms, transparency towards customers, protection of workers, definition of clear responsibilities regarding automated decisions and, last but not least, attention to environmental impact. Each AI model, especially if trained on huge amounts of data, can require significant energy consumption.

Furthermore, when we talk about generative AI and conversational models , we add concerns about possible inappropriate or harmful responses (so-called “hallucinations”), which must be managed by implementing filters, quality control and continuous monitoring processes. In other words, although AI can have disruptive and positive effects, the ultimate responsibility remains with humans and the companies that use it.

Read the full article below (in Italian):

Read the article
Medium: First cohort of students set to graduate from Open Institute of Technology
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 4 min read

Source:

  • Medium, published on March 24th, 2025

By Alexandre Lopez

The first ever cohort will graduate from Open Institute of Technology (OPIT) on 8th March 2025, with 40 students receiving a Master of Science degree in Applied Data Science and AI.

OPIT was launched two years ago by renowned edtech entrepreneur Riccardo Ocleppo and Prof. Francesco Profumo (former minister of education in Italy), who witnessed the growing tech skills gap and wanted to combat it directly through creating a brand-new, accredited academic institution focused on innovative BSc and MSc degrees in the field of Technology.

The higher education institution has grown since its initial launch. Having started with just two degrees on offer — BSc in Modern Computer Science and an MSc in Applied Data Science and Artificial Intelligence — OPIT now offers two bachelor’s and four master’s degrees in a range of areas, such as Computer Science, Digital Business, Artificial Intelligence and Enterprise Cybersecurity.

Students at OPIT can learn from a wide range of professors who combine academic and professional expertise in software engineering, cloud computing, AI, cybersecurity, and much more. The institution operates on a fully remote system, with over 300 students tuning in from 78 countries around the world.

80% of OPIT’s students are already working professionals who are currently employed at top companies across many industries. They are in global tech firms like Accenture, Cisco, and Broadcom and financial companies such as UBS, PwC, Deloitte, and First Bank of Nigeria. Some are leading innovation at Dynatrace and Leonardo, while others focus on sustainability and social impact with Too Good To Go, Caritas, and the Pharo Foundation. From AI and software development to healthcare and international organizations like NATO and the United Nations Mine Action Service (UNMAS), OPIT alumni are making a real difference in the world.

OPIT is working on the development of the expansion of our current academic offerings, new courses, doctoral programs, applied research, and technology transfer initiatives with companies.

Once in the program, students have flexible options to complete their studies faster (by studying during the summer) or extend their studies longer than the standard duration. Every OPIT degree ends with a “capstone project”, providing them with real-life experiences in relevant businesses and industries. Some examples of capstone projects include “AI in Anti-Money Laundering: Leveraging AI to combat financial crime,” or “Predictive Modeling for Climate Disasters: Using AI to anticipate climate-related emergencies.”

The graduation on March 8th marks a pivotal moment for OPIT.

“The success of this first class of graduates marks a significant milestone for OPIT and reinforces our mission: to provide high-quality, globally accessible tech education that meets the ever-evolving demands of the job market,” said Riccardo Ocleppo, founder of OPIT.

“In just two years, we have built a dynamic and highly professional learning environment, attracting students from all over the world and connecting them with leading companies.”

Read the full article below:

Read the article