The recent AI Action Summit in Paris exposed deep divisions between nations on how best to regulate and govern the systemic risks posed by AI technologies.
This lack of consensus means that a global agreement on international security and governance models is unlikely to emerge any time soon. As the international community strives to address this issue and initiate a viable worldwide defensive structure, this current impasse threatens to impact the security posture of private and public sector organisations everywhere.
The rapid advancement of new technologies such as AI and quantum computing means it is difficult to project exactly what potential cyber risks these will pose. What is certain, however, is that countless new security risks will arise.
Against this backdrop, it is becoming increasingly important for organisations to work together, share insights, and engage in a collaborative and collective defence strategy.
The rise and rise of AI
AI-related risk has become a top discussion topic, and with good reason. Today’s cyber criminals are leveraging Generative AI (GenAI) tools to create highly sophisticated phishing campaigns, streamline how they search for vulnerabilities, generate malware code, and more. Now industry analysts predict that security leaders will need to start preparing for the emergence of agentic AI cyber threats in the next two to five years.
In parallel, the past 12 months have seen governments and industry bodies introduce new mandates around cybersecurity resilience. These regulations demand that organisations adopt a proactive approach to risk management. One that includes robust threat intelligence, operationalised defence strategies and cross-sector collaboration.
For some sectors, such as financial services, this will involve sharing cyber threat intelligence with national and country-specific emergency response teams as well as participating in industry specific information sharing services.
The benefits of real-time cyber defence information sharing
Keeping AI models secure and finding and fixing cyber weaknesses before malicious hackers can exploit them is just part of the challenge. Today’s organisations face an increasingly complex threat landscape and can no longer afford to react after the fact.
In today’s interconnected world, no organisation can afford to go it alone. As a result, threat intelligence sharing has gone from being a ‘nice to have’ to becoming a mission-critical necessity for those organisations that want to enable a highly resilient cybersecurity programme.
By exchanging cyber threat information, organisations can boost their awareness of the current cyber threats impacting various sectors and gain a deeper understanding of the modus operandi of attackers – their techniques, tactics and procedures.
Armed with these insights organisations will be able act fast and ensure they are able to detect, respond to and recover from similar cyber threats.
Fostering an effective collective defence collaboration
Trusted collaboration, whether through Information Sharing and Analysis Centres (ISACs), government agencies, or private-sector partnerships, is a highly effective way to enhance the defensive posture of all participating organisations.
For this to work, however, organisations will need to establish operationally secure real-time communication channels that support the rapid sharing of threat and defence intelligence. In parallel, the community will also need to establish processes to enable them to efficiently disseminate indicators of compromise (IoCs) and tactics, techniques and procedures (TTPs), backed up with best practice information and incident reports.
These collective defence communities can also leverage the centralised cyber fusion centre model that brings together all relevant security functions – threat intelligence, security automation, threat response, security orchestration and incident response – in a truly cohesive way.
Providing an integrated sharing platform for exchanging information among multiple security functions, today’s next-generation cyber fusion centres enable organisations to leverage threat intelligence, identify threats in real-time, and take advantage of automated intelligence sharing within and beyond organisational boundaries. Using these single platform-based systems, security teams in multiple organisations will be able to seamlessly collaborate and coordinate their actions.
Adopting a proactive approach to security
In addition to engaging in threat intelligence sharing and collaborative efforts that boost the cyber resilience of all, today’s organisations need to be able to predict, prevent and proactively respond to cyber threats in real time.
No easy task when internal security teams have to evaluate a wide array of data sources, sifting through everything from user behaviour analytics through to system logs and network traffic to pinpoint what constitutes a genuine concern.
Streamlining how security teams manage and correlate threat data from multiple internal and external sources with security events, today’s modern threat intelligence platforms (TIPs) accelerate threat analysis and investigation while making it easier to exchange threat intelligence with internal and external stakeholders.
Alongside automating how organisations ingest and correlate threat data with security events, TIPs enable organisations to adopt a more proactive and highly targeted threat prevention and mitigation approach. They also facilitate the seamless two-way exchange of threat intelligence with trusted external sharing communities such as ISACs. All of which serves to further enhance these defensive collaborations.
Better together: building a safer, more secure future
For today’s organisations, staying compliant and one step of cyber attackers increasingly depends on adopting a proactive approach to cyber security. That includes engaging in collective defence programmes and cross-sector collaborations that elevate the ability of all stakeholder organisations to withstand cyber threats
In this brave new world, gaining real-time visibility of potential threats and sharing this intelligence in a timely way is becoming a must have for hardening defences and taking informed steps to block malicious activity. For organisations that want to orchestrate their defences in real-time, the automated and secure sharing of actionable threat intelligence represents the way forward.
About the Author
Dan Bridges is Technical Director – International at Cyware. Cyware helps enterprises transform security operations while breaking through silos for threat intelligence sharing, collaboration, and automated threat response. Its unique Cyber Fusion solutions enable lean security teams to proactively stop threats, connect the dots on security incidents, dramatically reduce response time, and reduce analyst burnout from repetitive tasks. Cyware improves security outcomes for enterprises, government agencies, and MSSPs, and provides threat intelligence sharing platforms for the majority of ISAC/ISAO information sharing communities globally.
