Systems and methods for adjusting data protection levels based on system metadata

The invention claimed is: 1. A method for adjusting data protection levels based on system metadata, the method comprising: monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level; detecting that the cyberattack is in progress; while the cyberattack is in progress, identifying kernel control paths and hashes of software objects that will be affected by the cyberattack; configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level comprises greater access restrictions to the computing device than the first protection level. 2. The method of claim 1 , wherein the kernel driver is configured to follow restrictions of the second protection level for a threshold period of time, further comprising: reconfiguring the kernel driver to enable access to the identified kernel control paths and hashes of the software objects in accordance with the first protection level after the threshold period of time has elapsed. 3. The method of claim 2 , further comprising: training a machine learning algorithm, using a dataset of previous cyberattacks of varying attack timelines, to determine the threshold period of time based on a type of the cyberattack. 4. The method of claim 1 , further comprising: identifying a backup of the computing device that was performed prior to the cyberattack; and configuring the kernel driver to disable access to kernel control paths and hashes that are not included in the backup in accordance with a third protection level that comprises greater access restrictions to the computing device than the second protection level. 5. The method of claim 1 , wherein monitoring the computing device for the cyberattack comprises executing a machine learning algorithm configured to compare attributes of the computing device to cyberattack profiles and utilize a comparison threshold to evaluate whether the computing device is under attack. 6. The method of claim 5 , wherein the second protection level decreases the comparison threshold of the machine learning algorithm to detect additional irregularities in the computing device caused by the cyberattack and/or other cyberattacks. 7. The method of claim 1 , further comprising: performing a security action to stop the cyberattack; determining whether the identified kernel control paths and hashes of the software objects affected by the cyberattack have been normalized; and in response to determining that the identified kernel control paths and hashes of the software objects have been normalized, reconfiguring the kernel driver to enable access to the identified kernel control paths and hashes of the software objects in accordance with the first protection level. 8. The method of claim 1 , wherein the first protection level enables full permissions to access to all files in a directory of the computing device, the second protection level disables writing permissions to the files in the directory, and a third protection level disables reading and writing permissions to the files. 9. A system for adjusting data protection levels based on system metadata, comprising: a memory; and a hardware processor communicatively coupled with the memory and configured to: monitor a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level; detect that the cyberattack is in progress; while the cyberattack is in progress, identify kernel control paths and hashes of software objects that will be affected by the cyberattack; configure the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level comprises greater access restrictions to the computing device than the first protection level. 10. The system of claim 9 , wherein the kernel driver is configured to follow restrictions of the second protection level for a threshold period of time, and wherein the hardware processor is further configured to: reconfigure the kernel driver to enable access to the identified kernel control paths and hashes of the software objects in accordance with the first protection level after the threshold period of time has elapsed. 11. The system of claim 10 , wherein the hardware processor is further configured to: train a machine learning algorithm, using a dataset of previous cyberattacks of varying attack timelines, to determine the threshold period of time based on a type of the cyberattack. 12. The system of claim 9 , wherein the hardware processor is further configured to: identify a backup of the computing device that was performed prior to the cyberattack; and configure the kernel driver to disable access to kernel control paths and hashes that are not included in the backup in accordance with a third protection level that comprises greater access restrictions to the computing device than the second protection level. 13. The system of claim 9 , wherein the hardware processor is further configured to monitor the computing device for the cyberattack by executing a machine learning algorithm configured to compare attributes of the computing device to cyberattack profiles and utilize a comparison threshold to evaluate whether the computing device is under attack. 14. The system of claim 13 , wherein the second protection level decreases the comparison threshold of the machine learning algorithm to detect additional irregularities in the computing device caused by the cyberattack and/or other cyberattacks. 15. The system of claim 9 , wherein the hardware processor is further configured to: perform a security action to stop the cyberattack; determine whether the identified kernel control paths and hashes of the software objects affected by the cyberattack have been normalized; and in response to determining that the identified kernel control paths and hashes of the software objects have been normalized, reconfigure the kernel driver to enable access to the identified kernel control paths and hashes of the software objects in accordance with the first protection level. 16. The system of claim 9 , wherein the first protection level enables full permissions to access to all files in a directory of the computing device, the second protection level disables writing permissions to the files in the directory, and a third protection level disables reading and writing permissions to the files. 17. A non-transitory computer readable medium storing thereon computer executable instructions for adjusting data protection levels based on system metadata, including instructions for: monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level; detecting that the cyberattack is in progress; while the cyberattack is in progress, identifying kernel control paths and hashes of software objects that will be affected by the cyberattack; configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level comprises gr