Making the unknown ‘known’ with AI-powered threat intelligence

544 Views

We live in uncertain times.

When we consider the “known unknowns” – like war, financial crises, and of course, cyber disruptions – as events that we can conceive, the likelihood and severity of them remain shrouded in uncertainty. The realm of cybersecurity, like many aspects of our interconnected world, is characterised by a constant dance with that unknown.

Take the recent CrowdStrike incident, for example. An unexpected flaw in its own software was responsible for taking down systems all over the globe, with critical infrastructure hit the hardest. From airports and hospitals to utilities and data centres, the event underscored how devastating a single, unexpected incident can be to global operations.

Critical infrastructure is the lifeblood of modern society, and it now sits at a particularly vulnerable juncture. It’s a sector that’s no stranger to disruption, with the likes of utilities organisations experiencing over a 200% increase in attack attempts throughout 2023. Yet, current cybersecurity measures and regulations are insufficient to combat the growing complexity of these threats. There’s now a need to do more with less.

Understanding the dilemma

So, how can critical infrastructure organisations actually achieve more with less?

To answer this, we first need to understand why it’s required. Aside from the never-ending string of cyberattacks, like the data breach of payroll information at the Ministry of Defence or the more recent attacks on 19 different UK railway stations where users were met with a screen about terror attacks in Europe, the sector is grappling with a deluge of challenges. These challenges often lead to attacks that could have been prevented.

For instance, the sector is littered with organisations still using legacy technology, unpatched bugs and badly configured internet connections, resulting in bad actors being able to attack decades-old vulnerabilities. The prevalence of AI has made this even easier, supercharging cyberwarfare to the point where 62% of those working in the UK utilities sector say that their organisation has stalled or stopped digital transformation projects from the threat of cyberwarfare. Without those digital upgrades, organisations only become more vulnerable.

Yet the issue becomes more critical when you consider that UK data centres have recently been granted Critical National Infrastructure (CNI) status, arguably painting a larger target on the sector’s back. The UK’s Cabinet Office, and respective Devolved Administrations, are responsible for providing overarching governance and cross-sector policy guidance. While this move is intended to enhance the protection of sensitive data and ensure the resilience of these facilities against cyber threats, over half (52%) of UK IT leaders believed the previous government could not defend its citizens and enterprises against an act of cyberwarfare.

This challenge is only heightened by the unprecedented volume of data that could now be at a greater risk. It must remain secure. After all, data is the lifeblood of modern business and, when it comes to cybersecurity, many already find it overwhelming to analyse and process information, with some using up to eight different sources to collect data relating to threat intelligence. The sheer volume makes it nearly impossible to identify anomalies or potential threats without advanced tools.

Moreover, these threats can come from anywhere. From North Korean hackers targeting critical infrastructure for military gain to 17-year-olds hacking TfL to access customer data. It’s no wonder that almost half (46%) of IT leaders working in UK transportation organisations believe cyberwarfare is now just as damaging as physical warfare. The frequent breaches we witness are often avoidable, but in the chaos of cyberwarfare, prioritising resources remains a complex challenge for many. If proactive action is not taken, more critical organisations will regrettably fall victim.

Using AI to uncover the unknown

AI-powered threat intelligence provides the proactive edge needed to safeguard this sector, transforming the way threats are detected and mitigated before they escalate into full-blown crises.

Cybersecurity must function like a network of strategic defence layers – starting with the fundamentals, like applying the latest updates or enforcing multi-factor authentication (MFA) – while also constantly scanning for entry points and vulnerabilities. Rather than waiting for breaches to happen, AI offers the capability to identify and neutralise threats before they can exploit weaknesses in the system. With predictive AI models, the security teams can flip the narrative, turning the tables on cybercriminals and moving from reactive measures to a proactive defence strategy.

Through a blend of AI and machine learning (ML), organisations can deploy predictive technologies that scour both surface and dark web spaces for indicators of impending attacks. These systems provide real-time situational awareness by making the “unknown known” through AI-driven intelligence to monitor threat actors’ chatter and methods.

AI-powered systems not only detect threats but also serve as precision tools for threat hunting through advanced solutions such as Natural Language Processing (NLP). Predictive AI can tailor ‘honeypots’ to the specific attack surfaces of the sector, turning potential hotspots into traps for bad actors. These honeypots enable security teams to observe malicious behaviour without risking the integrity of core operations, effectively turning the attacker’s own tactics against them.

But detecting threats is just the first step. AI also plays a vital role in vulnerability management, mapping the entire landscape of a network to reveal every entry point and potential blind spot. From there, AI-powered threat prioritisation helps infrastructure teams focus their efforts on the most dangerous vulnerabilities first by predicting which threats are most likely to be exploited. This proactive defence mechanism helps reduce unnecessary alerts and manual processes of sifting through different data sources, while making sure that resources are allocated to the most urgent risks.

What the future holds

Cybercriminals are becoming more creative, and AI is a powerful tool that can be leveraged to outpace them. By embedding AI into the fabric of cybersecurity defences, critical infrastructure can become as resilient as the essential services it provides. Bad actors are embracing the use of AI, so it’s about time we do the same to mitigate the threat.

The digital safety of critical infrastructure depends on anticipating the next move, not just responding to it. By adopting AI-powered threat intelligence, we can move from reactive to proactive cyber defences, keeping operations secure and resilient. This simply ensures that the “known unknowns” – those unpredictable yet inevitable threats that can cripple essential services – don’t become catastrophic realities.