Because the risk panorama continues to evolve, essential infrastructure sectors face a rising wave of refined cyber threats. Conventional security methods that focus solely on indicators of compromise (IoCs) are proving inadequate in opposition to the dimensions and velocity of recent cyberattacks.
To handle at this time’s challenges, organizations should undertake a threat-informed protection method—one which shifts the main target from reactive responses to proactive, intelligence-driven security operations.
The rise of cybercrime-as-a-service
Immediately’s macro risk panorama is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) fashions. Cybercriminal networks now function like official companies, with specialised models devoted to actions corresponding to cash laundering, malware improvement, and spear phishing. This ecosystem lowers the barrier to entry for cybercrime, enabling low-skilled adversaries to launch extremely focused and disruptive assaults with minimal effort.
One of the vital regarding tendencies is the rise of reconnaissance-as-a-service, the place risk actors conduct in depth community mapping earlier than an assault. This intelligence is then packaged and offered to the very best bidder, growing the probability of profitable breaches. And with the weaponization of AI now in place, these reconnaissance efforts have turn out to be extra automated and exact, permitting cybercriminals to scale their operations at an unprecedented charge.
The convergence of IT and OT threats
Cybercrime has traditionally focused IT programs, whereas nation-state actors have targeted on disrupting operational expertise (OT) environments. Nevertheless, this division is quickly dissolving as financially motivated attackers acknowledge the excessive stakes concerned in OT disruptions. As a result of potential monetary and operational affect of assaults, manufacturing, vitality, and utilities have now turn out to be prime targets.
For instance, preliminary entry brokers (IABs) now infiltrate OT networks and promote entry to ransomware teams or different malicious actors. In keeping with risk intelligence information introduced on the Fortinet OT Summit 2025, cyberattacks concentrating on operational expertise within the vitality and utilities sector surged by 300% over 2024,[i] “with billions of threats detected throughout essential infrastructure sectors.” These attackers exploit weak security controls in legacy OT programs, leveraging reconnaissance information to refine their assault vectors.
AI-driven cyberattacks: A rising concern
The weaponization of AI has launched new assault methodologies. Whereas early cyberattacks relied on pre-programmed or automated algorithms—corresponding to scripted scanning, enumeration, and fundamental exploitation—at this time’s adversaries are beginning to use AI-driven, multi-stage assaults that may dynamically adapt in real-time. For instance, generative AI assists attackers in reconnaissance and social engineering. This shift from automation to true AI-driven assault chains means defenders should undertake equally refined protection mechanisms.
One alarming pattern is utilizing AI to craft extremely customized phishing campaigns in native languages, growing their effectiveness. Moreover, attackers now leverage AI for superior evasion methods, corresponding to mixing malicious actions with official system processes to keep away from detection. The subsequent part of AI-driven threats will seemingly contain real-time decision-making throughout assaults, making them much more troublesome to mitigate.
Operationalizing risk intelligence for protection
A threat-informed protection technique requires organizations to repeatedly combine risk intelligence into their security operations—not simply to know the risk panorama however to translate that understanding into energetic, adaptive protection. This idea, formalized by MITRE, emphasizes the cyclical integration of cyber risk intelligence, testing and analysis, and defensive measures to create a repeatedly bettering security posture.
Fortinet
The MITRE threat-informed protection (TID) mannequin illustrates how every part informs the subsequent: Intelligence drives testing, testing validates defenses, and the outcomes of these defenses refine future intelligence. This ongoing loop is central to constructing resilience in opposition to superior and protracted threats. In some ways, this method parallels the business’s shift towards steady risk publicity administration (CTEM).
Constructing on this mannequin, 4 key elements kind the operational spine of an efficient TID technique:
- Cyber risk intelligence: Curate and contextualize risk information to know adversary techniques, methods, and procedures (TTPs); marketing campaign tendencies; and potential dangers to your particular atmosphere.
- Testing and analysis: By purple teaming, blue teaming, and purple teaming, repeatedly simulate and assess real-world assault situations to uncover exposures and check detection and response mechanisms.
- Detection engineering: Adapt current defenses and construct new detection logic as attackers develop novel or evasive methods. This consists of engineering for visibility into OT-specific threats and cross-domain assault paths.
- Defensive measures and automatic response: Make use of AI and automation—by way of instruments like SOAR and EDR—to cut back response instances and guarantee coordinated, constant protection throughout IT and OT environments.
Collectively, these parts reinforce MITRE’s imaginative and prescient for threat-informed protection: a residing, dynamic security mannequin constructed on actionable intelligence, validated testing, and resilient defenses that evolve with the risk panorama.
Trade collaboration: A collective protection mannequin
No single entity can deal with the cyber risk panorama alone. Trade-wide collaboration is important to bettering collective defenses. Public-private partnerships, risk intelligence sharing, and joint initiatives—such because the Cyber Menace Alliance and Cybercrime Atlas—assist organizations keep forward of adversaries. Working intently with regulation enforcement companies, these initiatives have led to the takedown of main cybercrime operations and the arrest of 1000’s of cybercriminals.
Moreover, frameworks like MITRE ATT&CK for ICS present a standardized method to understanding OT-specific adversary behaviors. Organizations must be leveraging these insights to tailor their defenses in opposition to sector-specific threats.
Wanting forward: The way forward for OT security
The speedy convergence of IT, OT, and cloud environments presents each challenges and alternatives for cybersecurity professionals. As attackers proceed to refine their methods, defenders should embrace a proactive, intelligence-driven method.
Organizations can shift from a reactive security posture to a resilient, threat-informed protection technique by integrating AI-driven risk intelligence, automating incident response, and fostering business collaboration. Because the cyber battlefield evolves, the important thing to success lies in understanding the adversary, anticipating their strikes, and taking decisive motion earlier than an assault happens.
The worth of a threat-informed protection
It’s essential to keep in mind that threat-informed protection isn’t just an attention-grabbing idea however an important necessity in at this time’s cyber risk panorama. As assaults develop in sophistication, organizations should transfer from static security fashions to dynamic, intelligence-driven methods.
By operationalizing risk intelligence, embracing automation, and collaborating with business friends, essential infrastructure sectors can fortify and preserve their defenses to remain forward of rising threats.
Study extra about Fortinet’s FortiGuard Labs risk analysis and intelligence group.
[i]Fortinet OT Summit 2025, Derek Manky, “Menace-Knowledgeable Protection for Operational Expertise: Shifting from Info to Motion to Operationalize Menace Intel,” introduced March 2025. FortiGuard Labs risk intelligence information indicated a 300% enhance in OT-related cyberattacks in North America's vitality and utilities sector between Q1 and This fall of 2024.
