Threat Intelligence and Horizon Scanning: How to identify emerging threats
How to integrate threat intelligence into your horizon scanning processes and identify emerging threats to your organisation.
The future can never be foretold with 100% accuracy. But we can plan for it. By monitoring historical patterns alongside the latest incidents, we can build up a picture of how events have unfolded in the past, understand ongoing developments and spot emerging threats, and assess how they may play out. In turn, this helps us build operational readiness and resilience to potential uncertainty and insecurity.
The most dangerous security situations can develop rapidly, requiring an equally rapid response and rapid decisions in the face of a quickly moving situation – but they rarely, if ever, occur in a vacuum. Understanding the potential causes or identifying potential flashpoints can help pre-empt threats by putting a mitigation plan in place ahead of time, adding certainty to decision-making in high-risk, fluid scenarios when these threats do occur.
Spotting these emerging threats is a key part of horizon scanning for security teams as they look to prepare for future challenges and risks to their operations. While predictive intelligence is a difficult and far from fool-proof endeavour, a regular process of scanning, analysing and synthesising information can help your team anticipate change and identify early warning signs if they have the right tools and data available to them.
What is Horizon Scanning?
Horizon scanning is a strategic and systematic process used to detect and evaluate possible future risks and opportunities that may impact an organisation or particular field. It involves actively monitoring and analysing emerging trends, technologies, events, and developments on the horizon, typically over a longer time frame. The goal of horizon scanning is not to predict the future with certainty but to gain insights into potential scenarios and challenges that may arise.
Essentially, horizon scanning helps organisations prepare for and navigate the uncertainties of the future. Most organisations with dedicated security and risk resilience teams will be employing horizon scanning as part of their operations.
How does horizon scanning help protect your operations?
As mentioned above, effective horizon scanning allows you to more easily identify and mitigate risks, including emerging threats. This in turn helps you more effectively implement pro-active security and risk management measures and become more resilient to change.
A well-informed process can help you stay ahead of evolving situations and allow you and your team to make better, more informed decisions, more efficiently allocate resources and act fast to protect your assets, and ultimately save time, money and, in some cases, lives, depending on the threat.
The emerging threats panel is a new feature on the Intelligence Fusion platform, allowing clients to easily track potential threats to be on the lookout for that have been identified by our analysts [Image source: Intelligence Fusion]
What are some of the challenges around horizon scanning?
Horizon scanning presents several challenges. Firstly, it can be time-consuming and resource-intensive, demanding substantial dedication of both time and resources from your team. Secondly, it’s often difficult to comprehensively identify and assess all potential risks and opportunities on the horizon, making it challenging to ensure a complete view of the threat landscape. Additionally, formulating a well-structured plan for responding to these potential risks and opportunities can be a challenging task, adding another layer of complexity to the process. Finally, as most change is incremental, it can be difficult to notice the subtle but important shifts that occur in the threat landscape.
These challenges collectively underscore the importance of a systematic and strategic approach to horizon scanning, and the need for it to be driven by easy to understand, accurate and comprehensive data.
Working with a company that can mitigate these challenges for you can be hugely beneficial to your team, and your organisation’s wider horizon scanning efforts.
As noted earlier, with enough experience and knowledge of a particular region, threat, or risk factor, an analyst will be able to pick up on specific incidents that might have a wider impact or knock-on effect on the landscape, and that should be monitored closely. As we have a team of dedicated intelligence analysts conducting intelligence gathering and threat mapping on our platform, it makes sense that we would harness this skill within our own analyst team, too.
This is why we’ve now launched a new feature on our platform called ‘Emerging Threats’. This panel will display ongoing incidents highlighted by our analysts as being something to be on the lookout for, whether it is the potential for conflict or heightened insecurity in a particular area, or a course of events that it could lead to. By alerting our clients to these emerging threats, we can assist in their horizon scanning process.
Here are two examples of this to illustrate how it works:
Clashes in Nagorno-Karabakh
On 5th September 2023 our analysts issued an emerging threat warning that clashes between Azerbaijani and Armenian forces were expected to increase in intensity and scale in the disputed Nagorno-Karabakh region. This was based on our analysts’ judgement and understanding of the region and wider geopolitical developments, as well as our monitoring of potential trigger points such as troop movements and small-scale clashes. Our analysts noted that ‘it is likely that the operation would be started by Azerbaijani forces in Nagorno-Karabakh itself in response to accusations of continual ceasefire violations.’
14 days later, on 19th September, Azerbaijan announced an ‘anti-terror operation’ in Nagorno-Karabakh, with wide-scale fighting taking place, including small arms and indirect fire, over multiple days. The fighting has led to the displacement of thousands of people.
Tensions in Kosovo's Mitrovica District
On 21st September 2023, our analysts issued an emerging threat warning for potential unrest leading up to, during and after the forthcoming Mayoral elections across Mitrovica District, Kosovo. Kosovan PM Albin Kurti had stated that elections will occur in Autumn 2023 – this followed unrest before and after previous elections had been held in April/May 2023.
Having observed patterns of behaviour from both sides of the tensions, including the Serbian government, our analysts were able to spot that these patterns were beginning to repeat themselves; previously, Serbia had encouraged ethnic Serbs to boycott the elections, deployed its military to the border with Kosovo, and issued statements that ethnic Serbs were under threat from Kosovo. Serbian President Vucic had recently begun to resume making these claims, at the same time that tensions were likely to increase again with the forthcoming elections.
Three days after our emerging threat warning of increased tensions was issued, multiple casualties were reported following a shootout at the Bajska Monastery in Mitrovica, when a group of armed men in military style uniform blocked the entrance to the village with heavy vehicles and began firing at the police units that arrived with an arsenal of firearms.
The fallout from the incident is still ongoing, with claims and counterclaims made by the respective governments of both Kosovo and Serbia over who is responsible. Within our emerging threat incident, our analysts have continued to add linked incidents, including reported Serbian troop deployments on the border, and the reinforcing of the NATO Kosovo Force.
How to use threat intelligence for horizon scanning
Horizon scanning can enhance your organisation’s ability to anticipate and mitigate potential risks, but it can also be time-consuming and challenging to do effectively. Utilising trustworthy threat intelligence helps you simplify the process.
Start by gathering relevant threat intelligence data. This can include information on current threats, geopolitical events, industry-specific trends, and emerging technologies. Utilise various sources such as threat feeds, government reports, industry publications, and open-source intelligence. Alternatively, utilise a dedicated resource to support or cover this step for you – Intelligence Fusion’s threat intelligence platform has more than 1,000,000 historic data points in its incident repository, with approximately 20,000 new incidents mapped by our intelligence analysts every month. Our intelligence gathering is also shaped by our clients’ needs, with a complementary intelligence collection plan as part of their onboarding, which is updated whenever these requirements change. This means that the data we collect is meeting the priorities of your operations.
Analyse the collected data to categorise and prioritise threats based on their potential impact and likelihood of occurrence. Consider both internal and external threats, including physical security threats, supply chain risks, geopolitical instability, and regulatory changes. Note any historical patterns or trends of activity – with a deep enough understanding of the threat landscape you will be able to determine the key risks to your operations, or potential local or regional flashpoints.
Then, integrate the threat intelligence data into your horizon scanning process. Ensure that the threat intelligence is regularly updated to stay current with evolving risks. Align the identified threats and risks with your organisation’s strategic objectives. Assess how each threat may affect your business operations, assets, and goals. This step helps in prioritizing threats that are most relevant to your organisation.
Use the threat intelligence to develop various scenarios that depict how these threats could manifest in the future. Consider both best-case and worst-case scenarios to prepare for a range of possibilities. Then, conduct a thorough risk assessment for each scenario. Evaluate the potential impact on your organisation’s assets, reputation, financial stability, and compliance. Assess the likelihood of each scenario occurring.
You should then develop response plans for the most critical and likely scenarios. These plans should outline the actions to take if a specific threat materialises. Ensure that response plans are well-documented, communicated to relevant stakeholders, and regularly updated.
Finally, implement a system for continuous monitoring of both threat intelligence and the effectiveness of your response plans. Adjust your strategies and plans as new information becomes available and as your organisation’s objectives evolve.
By integrating threat intelligence into your horizon scanning process, you can proactively identify and address potential risks and opportunities, thereby enhancing your organisation’s resilience and ability to adapt to an ever-changing environment.
The Emerging Threats feature is a new addition to the Intelligence Fusion platform, adding an easy to understand and quick to use element of predictive intelligence to our world-class existing threat intelligence offering.
Whether you’re new to our product or a client who’s been with us for years, if you want to take a closer look and learn more about how it works and how to use it, book some time to speak with a member of the team now.