The future of threat intelligence

Predictive analytics must be an essential component of companies’ cyber resilience strategies, says Kevin Brown, managing director at BT Security

Sign Up

Get the New Statesman\'s Morning Call email.

The pervasiveness of technology – more and more products and services are becoming digital, with that transition sped up by lockdown measures against the coronavirus pandemic – has led to a massive expansion in the quantity of data we create and transmit. In both our personal and professional lives, we are accessing and creating more data than ever before. As the Internet of Things (IoT) becomes more inclusive, it is important to note that with convenience come new risks to mitigate. 

New technologies present a challenge for cyber security organisations that rely on having oversight of as much data as possible, and the ability to analyse, contextualise and act upon it quickly. While older technologies placed a limit on the quantity and pace of data they had to deal with, in 2020 those limits are now being stretched. Consider, for example, that BT’s Assure Cyber Security Platform was receiving around 100,000 events per second in mid-2017. That has now increased to around two million events per second.

As so-called attack surfaces expand, particularly within the context of the home-working revolution catalysed by Covid-19, companies must become more cyber resilient. Organisations need full sight of the scope of threats they may be facing. At BT Security, we are constantly investing to evolve and improve the platforms that we use to assimilate and analyse data, so that we can spot these threats. We are utilising advancements in artificial intelligence (AI) and automation tools to enable faster proactive detection and analysis of anomalies, and the immediate implementation of proven techniques to prevent and disrupt attacks. 

These have been supported by our R&D team, which has spent many years developing innovations which allow us to rapidly analyse real-time data and to build predictive models that forecast and anticipate threats. All of this allows us to automatically put defences in place before cyber attacks happen, and is a strategy that we are employing to protect customers. 

We are also constantly learning from the insights that we gain from protecting our network and our customers across 180 countries. For example, the past few months have seen a surge in extortion-focused distributed denial of services (DDoS) and ransomware attacks as criminals look to capitalise on the changes 2020 has brought. The graph (Figure 1) gives an example of how cyber criminals adapt to and exploit changing conditions, with the quantity of DDoS attacks rapidly increasing as much of the world moved to remote working.

Our insight also allows us to see how cyber trends don’t proceed in a linear fashion. For example, the “Emotet” malware first surfaced in 2014, and has continually evolved and adapted.

Emotet initially was spread via spam emails, before developing to propagate “intelligently” to other devices on the same network – creating a huge risk for businesses. Despite the many protections that have been put in place against this malware, it is still devising variations that create new issues.

In the modern world, it is vital that organisations are able to forecast the cyber challenges they will face and able to prepare in advance for an attack. Cybersecurity must transition into cyber resilience – which is proactive, rather than reactive. Companies’ cyber strategies are no longer the preserve of IT departments. Cyber resilience must start in the boardroom and trickle down to the individual, particularly as working from home continues. 

Organisations need to maintain and update their defences, leveraging AI and automation where possible, but all the while briefing employees on those changes. Cyber resilience is not an option for businesses going forward; it is a necessity.

For more information, please visit:

Free trial CSS