ChannelLife UK - Industry insider news for technology resellers
Story image

Turning uncertainty into a power: How threat hunters can benefit from productive paranoia

Thu, 24th Oct 2024

The world is filled with uncertainty. Each day, we wake up unaware of the events that will unfold. Despite meticulous planning, unpredictability remains a constant in our lives, often welcomed for the novelty and experiences it brings. However, ambiguity can also cast a shadow, especially in the recent years of economic, geopolitical, and business instability, challenging organizations' ability to plan effectively. In boardrooms worldwide, agility has become the new mantra.

In security operations (SecOps), uncertainty is not just an occasional challenge but the norm. With an ever-evolving threat landscape and an expanding corporate cyber-attack surface, predicting the future becomes an impossible task. But rather than fearing the unknown, SecOps teams should embrace it. By combining advanced generative AI (GenAI) technology with human intelligence, organizations can cultivate resilience against any potential threat. This concept, which I term "productive paranoia," enables proactive measures against advanced threats and containment of risks before they escalate.

The Pulse of European IT Professionals
To gain insight into the mindset of European IT professionals, Corelight recently commissioned research amongst 300 IT Decision Makers (ITDMs) with responsibility for cybersecurity across the UK, France, and Germany. Currently, remote and virtual working environments top the list of challenges for ITDMs (51%), with supply chain threats trailing at 33%. However, these positions will invert over the next year, with supply chain risk rising to 67% and remote work concerns dropping to 50%. This constant flux fosters anxiety that cyber-adversaries are always a step ahead. Half of the respondents (49%) cite playing catch-up with the latest threats as their biggest challenge, and an even greater number (68%) highlight a lack of access to threat intelligence as a critical issue.

Given that IT teams are responsible for mitigating over half of security breaches (54%), it's no surprise that 86% of ITDMs report increased pressure on their teams since 2020.

In an environment where change is the only constant and threat actor innovation is accelerating, unease is a natural reaction. Over half (54%) of European ITDMs confess that fear of new attacks and unknown threats keeps them awake at night—this figure rises to 63% in companies with 100-249 employees. Yet, there is a clear drive to address this anxiety. Over three-quarters (78%) of respondents aim to build resilience against new and unknown threats. However, the fast-changing threat landscape (44%) and a shortage of skilled security team members (41%) are significant barriers.

Embracing Fear of the Unknown
What constitutes the perfect security formula to tackle current and future threats? Surprisingly, only one in ten cite "proactive paranoia," likely due to its negative connotations. However, this philosophy, when understood as "vigilance" and "objective analysis," can be powerful. Zero Trust security is an excellent example of harnessing productive paranoia positively and structurally.

Respondents believe the ideal security approach is a blend of people and technology. Nearly half (45%) already employ dedicated threat hunters, with risk-based threat hunting and hunting based on threat intelligence being the most popular strategies (both 60%). Threat hunting epitomizes productive paranoia, proactively seeking out threats that may have slipped through initial defenses.

But humans can't manage everything alone. As threat volumes surge and malicious actors deploy automated tools, threat hunters need assistance. Although the average number of specialists per organization is four, these individuals spend less than three days a week actively hunting for threats. This is where AI, specifically GenAI, steps in, enhancing threat hunter productivity by reducing human error and enabling analysts to craft sophisticated search queries rapidly. Once results are returned, GenAI can also summarize large data volumes, preventing analyst overload.

It's no surprise that 89% of respondents are either using GenAI or planning to integrate it into their solution stacks. When asked about the biggest impact on improving security scenarios by 2033, the most popular answer was "AI & automation for threat hunting and prevention" (50%).

Taking Action
European ITDMs are understandably enthusiastic about enhancing SecOps capabilities with GenAI. They believe the technology will help mitigate attacks based on past tactics (75%), improve threat detection (71%), and shorten the breach cycle (63%). However, they also recognize the need to mitigate potential GenAI risks and enhance in-house skills.
Respondents indicate plans to implement several initiatives in the coming year:

  • Training to hunt threats with and without GenAI to avoid over-reliance on the technology (68%)
  • Validating GenAI output, especially for threat detection algorithms (58%)
  • Hiring talent to incorporate GenAI capabilities into solutions (62%)
  • Guarding against external tampering of GenAI algorithms (59%)
  • Guarding against AI-generated false information (60%)

The world may be filled with uncertainty, but by enhancing and upskilling in-house talent with AI and automation, IT leaders can turn their paranoia about the future into a strategic advantage. It's time to put the plan into action.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X