It’s the start of a new year, which means it’s a good time to revisit your Priority Intelligence Requirements (PIRs). Part of this means having conversations with stakeholders across your organization to get a sense of what issues they are concerned with so you can understand how to direct your collection and production requirements for the year and make sure they are getting the intelligence and analysis they need to keep your organization safe. This also means it’s a good time to pause and consider the year ahead from a general cyber threat intelligence perspective. 2024 presents some unique challenges that require some flexibility of thought and getting comfortable with being uncomfortable given the uniquely dynamic threat environment we are entering. For instance, with half of the world’s population living in countries that will hold a nationwide election this year, a global landmark, we can expect to see a flood of misinformation and disinformation campaigns.i These elections are also likely to drive inter- and intra-national political tensions that will be targets of further exacerbation by these disinformation campaigns.
We’re also in an era where Artificial Intelligence advancements are moving quickly and being adopted by both threat actors and cyber defenders as soon as they are released. This means the threat environment can change quickly, both for the better and for the worse… and while there are some ways we can expect to see these changes play out (e.g., increased obfuscation capabilities in malware, etc.), there are undoubtedly some developments that will be surprising and are extremely difficult to predict at this point in the year. The problem is compounded when you start to try and take a more strategic threat intelligence outlook past the next 12 months. With so many variables in play this year, particularly geopolitically and technologically, making a prediction of what companies may face in 2025 with a high level of confidence is challenging to say the least.
So as we consider Priority Intelligence Requirements for this year, it’s critical to examine the broader themes of where we can expect changes to occur, what are the indicators we’d expect to see for those changes and set our PIRs around those. It’s also important to take a step back and consider how widely some of these changes will impact every organization… the stakes of the next year are high enough that no company can assume that they are too small to be affected by geopolitical developments or disruptive technology. Every company should take the time to consider second and third-order effects that may impact their market, their security, or their customer base. As such, we’d like to offer a few suggestions on general PIR topics to consider leveraging (adjusting to your specific needs, of course) for the upcoming year to help focus your collection and analysis:
- Geopolitical Developments
- Mis/Disinformation Campaigns
- International Tensions
- Cyberespionage Campaigns
- Heightened political divisions within countries
- Indications of disruptive technology
- New AI-driven tactics, techniques, and procedures
- New Vulnerabilities
- AI-driven social engineering
- Mitigations and Countermeasures
PIRs designed to keep a focus on those areas of expected disruptive change over the next year can be tailored to your needs. Reflecting on these topics, how they might intersect with your unique circumstances, and incorporating them into your intelligence plans can also help your organization ask the right questions that will allow for advanced indications and warning of larger trends or changes in the threat environment that may impact your business. Identifying the questions we don’t have the answers for and monitoring for data that can help us answer them will allow for analysts to continue providing appropriately caveated assessments in a year where the threat environment is unpredictable, and it will be more important than ever for analysts to get comfortable being uncomfortable.
