Blog
/
/
October 9, 2022

Piloting Airline Cyber Security With Artificial Intelligence (AI)

Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
09
Oct 2022
The airline industry is constantly exposed to cyber threats. Darktrace has some tips to help airline professionals bolster their cyber-security efforts.

A Thin Margin for Error

The airline industry has long been known for its thin profit margins, and the high costs of unexpected downtime. 2010’s Eyjafjallajökull eruption in Iceland and the resulting six-day airspace ban across Europe cost airlines $1.7 billion, just a taste of the impact that would come ten years later as a result of the pandemic. The industry collectively amassed more than $180 billion in debt in 2020, and some predictions suggest that by 2024 the industry's debt could exceed its revenue.

Given the impact that further sustained downtime could have on an already ailing industry, airlines are having to take cyber security seriously. Last year’s Colonial Pipeline ransomware attack in the US led to a six-day shutdown of pipeline operations – the same length of time that flights were grounded by the Eyjafjallajökull eruption. But while the industry hasn’t seen a volcanic eruption on that scale in over twelve years, ransomware attacks are striking airlines weekly. Just this year a ransomware attack on SpiceJet left hundreds of passengers stranded at airports across India, despite being contained relatively quickly.  

Fraud, Fines and Safety Risks

It isn’t just ransomware which is concerning many in the industry. Data breaches remain one of the biggest threats to airlines, organizations which are responsible at any one time for the personal and financial information of millions of customers. In 2019, British Airways had the data of 380,000 customers stolen, including addresses, birth dates and credit card information, and was fined £20 million (reduced from £183 million due in part to the impact of the pandemic) by the UK’s Information Commissioner’s Office (ICO), the largest issued fine in the ICO’s history. The European airline EasyJet is currently facing a class-action suit seeking £18 billion in damages after failing to properly disclose the loss of 2,208 customers’ credit-card information in 2020. 

Airlines are also losing out to card and air mile fraud, with thousands of fraudulent loyalty program accounts being sold on the dark web, as well as the usual roster of attacks including phishing and insider threats which affect businesses of every size and industry. The airlines themselves are not being complacent. In a 2021 report by SITA, 100% of airlines surveyed named cyber security as a key investment for the next three years. Making sure that those investments count will be the next challenge.

There are few industries for which safety and security measures are so important, and while no impact on flight safety as a result of a cyber-attack has yet been reported, agencies like Eurocontrol are already urging caution. Airlines and airports should look at smarter ways to proactively protect their digital environments. 

As attacks grow faster and less predictable, organizations are increasingly turning to preventative AI security measures. For airlines, which operate with broad attack surfaces and plenty of valuable data, using tools which can identify and monitor every asset and potential attack path in an organization and take the necessary steps to secure them is the best way to stay ahead of attackers.

Securing Airspace, Securing Cyberspace

As a recreational pilot myself, I understand the extent of the safety measures that go into every flight: the flight plans, pre-flight checks and all of the long-practiced, deep-embedded knowledge. It is this comprehensive and meticulous approach which ought to be reflected in organizations’ cyber security efforts – whether they be airlines, airports or any other type of business. The parallels between the processes of flying and running a digital organization safely give us a helpful way to understand what proper, AI-driven cyber security can do for any organization, airlines included.

Cleared for Takeoff 

For the pilot, safety measures start long before they’re sat in the cockpit. Flight planning, which includes planning heading and bearing, taking things like elevation, terrain, and weather conditions into consideration, must be completed in addition to plenty of pre-flight checks. The checklist the pilot works through when performing a walk around and pre-flight inspection will often be ordered so that they work in a circle around the perimeter of the whole plane. These checks prevent potential threats, covering everything from water having mixed with the fuel to birds making nests inside the engine cowling.

Darktrace PREVENT, released in July 2022, serves a similar purpose. The AI autonomously identifies and tests every single user and asset that makes up a business in order to spot potential vulnerabilities and harden defenses where necessary. Like a walk around, PREVENT/Attack Surface Management examines the full range of external assets for threats. Then, by identifying and testing potential attack pathways and mitigating against weak points and worst-case scenarios, PREVENT/End-to-End takes steps to win the fight before an attack has been launched. 

Maintaining Good Visibility

When you’re piloting a plane, first and foremost you need a way to detect key variables. Your fundamental flight instruments in the cockpit are known as the six pack:

1. Airspeed Indicator
2. Attitude Indicator or Artificial Horizon 
3. Altimeter
4. Turn Coordinator 
5. Heading Indicator
6. Vertical Speed Indicator

These six instruments provide the critical information needed by any pilot to safely fly the aircraft. While additional instruments are required to conduct flights In low-visibility or ‘Instrument Meteorological Conditions’ (IMC) conditions, these will be essential when getting out of dangerous situations such as inadvertently flying into cloud.

Understanding an environment and adapting to its changes is also fundamental to Darktrace DETECT: an AI-driven technology which focuses on building a comprehensive knowledge of an organization’s environment in order to spot threats the moment they appear. Because it understands what is ‘normal’ for the organization, Darktrace DETECT is able to correlate multiple subtle anomalies in order to expose emerging attacks – even those which have never been seen before. Like those essential flight instruments, DETECT offers visibility into otherwise obscure regions of the environment, and ensures that any potential problems are spotted as early as possible. 

Mayday, Mayday

In aviation and security, moving quickly once a threat has been detected is critical. When an engine stalls at 3,000 feet above ground level, you don’t have time to get the training books out and start figuring out what to do. Pilots are taught to “always have an out” and be ready to use it.

In aviation, an effective response relies for the most part on the knowledge and quick reactions of the pilot, but in cyber security, AI is making response faster and more effective than ever. Darktrace RESPOND uses DETECT’s contextual understanding in order to take the optimum action to mitigate a threat. Adaptability of this response is crucial: a single cyber-attack can come in any number of configurations, and Darktrace RESPOND is able to tailor its actions appropriately. Attacks today move too fast for human teams to be expected to keep up, but with AI taking actions at machine speed organizations can remain protected. 

Always Learning

One of the best pieces of advice a pilot can take is to always be learning. Every flight is an opportunity to learn something new and become a better and safer pilot.

Darktrace DETECT, RESPOND, and PREVENT are all driven by Self-Learning AI, a technology which not only builds but continuously evolves its understanding of each business. This means that as an organization grows, adding more users, assets, or applications, its Darktrace coverage grows too, using each new data point to enhance its understanding and the accuracy of its actions and detections. Darktrace’s separate technologies also learn from each other. Each of the three product families continuously feeds data into the others, helping to enhance their capabilities and improving their ability to keep organizations secured against threats. 

As cyber-attacks proliferate and increase in sophistication, they will continue to target organizations like airlines, which have large attack surfaces and copious amounts of customer data, and which cannot afford to weather sustained downtime. But with AI offering effective, proactive measures and clear-sky visibility, security teams can be confident in their ability to fight back.

Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Author
Tony Jarvis
VP, Field CISO

Tony Jarvis is VP, Field CISO at Darktrace. Tony is a seasoned cyber security strategist who has advised Fortune 500 companies around the world on best practice for managing cyber risk. He has counselled governments, major banks and multinational companies, and his comments on cyber security and the rising threat to critical national infrastructure have been reported in local and international media including CNBC, Channel News Asia and The Straits Times. Before joining Darktrace, Tony previously served as CTO at Check Point and held senior advisory positions at FireEye, Standard Chartered Bank and Telstra. Tony holds a BA in Information Systems from the University of Melbourne.

Book a 1-1 meeting with one of our experts
Share this article

More in this series

No items found.

Blog

/

OT

/

March 28, 2025

Darktrace Recognized as the Only Visionary in the 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms

Default blog imageDefault blog image

We are thrilled to announce that Darktrace has been named the only Visionary in the inaugural Gartner® Magic Quadrant™ for Cyber-Physical Systems (CPS) Protection Platforms. We feel This recognition highlights Darktrace’s AI-driven approach to securing industrial environments, where conventional security solutions struggle to keep pace with increasing cyber threats.

A milestone for CPS security

It's our opinion that the first-ever Gartner Magic Quadrant for CPS Protection Platforms reflects a growing industry shift toward purpose-built security solutions for critical infrastructure. As organizations integrate IT, OT, and cloud-connected systems, the cyber risk landscape continues to expand. Gartner evaluated 17 vendors based on their Ability to Execute and Completeness of Vision, establishing a benchmark for security leaders looking to enhance cyber resilience in industrial environments.

We believe the Gartner recognition of Darktrace as the only Visionary reaffirms the platform’s ability to proactively defend against cyber risks through AI-driven anomaly detection, autonomous response, and risk-based security strategies. With increasingly sophisticated attacks targeting industrial control systems, organizations need a solution that continuously evolves to defend against both known and unknown threats.

AI-driven security for CPS environments

Securing CPS environments requires an approach that adapts to the dynamic nature of industrial operations. Traditional security tools rely on static signatures and predefined rules, leaving gaps in protection against novel and sophisticated threats. Darktrace / OT takes a different approach, leveraging Self-Learning AI to detect and neutralize threats in real time, even in air-gapped or highly regulated environments.

Darktrace / OT continuously analyzes network behaviors to establish a deep understanding of what is “normal” for each industrial environment. This enables it to autonomously identify deviations that signal potential cyber threats, providing early warning and proactive defense before attacks can disrupt operations. Unlike rule-based security models that require constant manual updates, Darktrace / OT improves with the environment, ensuring long-term resilience against emerging cyber risks.

Bridging the IT-OT security gap

A major challenge for organizations protecting CPS environments is the disconnect between IT and OT security. While IT security has traditionally focused on data

protection and compliance, OT security is driven by operational uptime and safety, leading to siloed security programs that leave critical gaps in visibility and response.

Darktrace / OT eliminates these silos by providing unified visibility across IT, OT, and IoT assets, ensuring that security teams have a complete picture of their attack surface. Its AI-driven approach enables cross-domain threat detection, recognizing risks that move laterally between IT and OT environments. By seamlessly integrating with existing security architectures, Darktrace / OT helps organizations close security gaps without disrupting industrial processes.

Proactive OT risk management and resilience

Beyond detection and response, Darktrace / OT strengthens organizations’ ability to manage cyber risk proactively. By mapping vulnerabilities to real-world attack paths, it prioritizes remediation actions based on actual exploitability and business impact, rather than relying on isolated CVE scores. This risk-based approach enables security teams to focus resources where they matter most, reducing overall exposure to cyber threats.

With autonomous threat response capabilities, Darktrace / OT not only identifies risks but also contains them in real time, preventing attackers from escalating intrusions. Whether mitigating ransomware, insider threats, or sophisticated nation-state attacks, Darktrace / OT ensures that industrial environments remain secure, operational, and resilient, no matter how threats evolve.

AI-powered incident response and SOC automation

Security teams are facing an overwhelming volume of alerts, making it difficult to prioritize threats and respond effectively. Darktrace / OT’s Cyber AI Analyst acts as a force multiplier for security teams by automating threat investigation, alert triage, and response actions. By mimicking the workflow of a human SOC analyst, Cyber AI Analyst provides contextual insights that accelerate incident response and reduce the manual workload on security teams.

With 24/7 autonomous monitoring, Darktrace / OT ensures that threats are continuously detected and investigated in real time. Whether facing ransomware, insider threats, or sophisticated nation-state attacks, organizations can rely on AI-driven security to contain threats before they disrupt operations.

Trusted by customers: Darktrace / OT recognized in Gartner Peer Insights

Source: Gartner Peer Insights (Oct 28th)

Beyond our recognition in the Gartner Magic Quadrant, we feel Darktrace / OT is one of the highest-rated CPS security solutions on Gartner Peer Insights, reflecting strong customer trust and validation. With a 4.9/5 overall rating and the highest "Willingness to Recommend" score among CPS vendors, organizations across critical infrastructure and industrial sectors recognize the impact of our AI-driven security approach. Source: Gartner Peer Insights (Oct 28th)

This strong customer endorsement underscores why leading enterprises trust Darktrace / OT to secure their CPS environments today and in the future.

Redefining the future of CPS security

It's our view that Darktrace’s recognition as the only Visionary in the Gartner Magic Quadrant for CPS Protection Platforms validates its leadership in next-generation industrial security. As cyber threats targeting critical infrastructure continue to rise, organizations must adopt AI-driven security solutions that can adapt, respond, and mitigate risks in real time.

We believe this recognition reinforces our commitment to innovation and our mission to secure the world’s most essential systems. This recognition reinforces our commitment to innovation and our mission to secure the world’s most essential systems.

® Download the full Gartner Magic Quadrant for CPS Protection Platforms

® Request a demo to see Darktrace OT in action.

Gartner, Magic Quadrant for CPS Protection Platforms , Katell Thielemann, Wam Voster, Ruggero Contu 12 February 2025

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Continue reading
About the author
Pallavi Singh
Product Marketing Manager, OT Security & Compliance

Blog

/

AI

/

March 28, 2025

Survey Findings: AI Cybersecurity Priorities and Objectives in 2025

Default blog imageDefault blog image

AI is changing the cybersecurity field, both on the offensive and defensive sides. We surveyed over 1,500 cybersecurity professionals from around the world to uncover their attitudes, understanding, and priorities when it comes to AI cybersecurity in 2025. Our full report, unearthing some telling trends, is available now.  

Download the full report to explore these findings in depth

It is clear that security professionals know their field is changing fast, and that AI will continue to influence those changes. Our survey results show that they are aware that the rise of AI will require them to adopt new tools and learn to use them effectively. Still, they aren’t always certain about how to plan for the future, or what to invest in.

The top priorities of security stakeholders for improving their defenses against AI-powered threats include augmenting their existing tool stacks with AI-powered solutions and improving integration among their security tools.

Figure 1: Year-over-year changes to the priorities of securitystakeholders.

Increasing cybersecurity staff

As was also the case last year, security stakeholders are less interested in hiring additional staff than in adding new AI-powered tools onto their existing security stacks, with only with 11% (and only 8% of executives) planning to increase cybersecurity staff in 2025.

This suggests that leaders are looking for new methods to overcome talent resource shortages.

Adding AI-powered security tools to supplement existing solutions

Executives are particularly enthusiastic about adopting AI-driven tools. Within that goal, there is consensus about the qualities cyber professionals are looking for when purchasing new security capabilities or replacing existing products.

  • 87% of survey respondents prefer solutions that are part of a broader platform over individual point products

These results are similar to last year’s, where again, almost nine out of ten agreed that a platform-oriented security solution was more effective at stopping cyber threats than a collection of individual products.

  • 88% of survey respondents agree that the use of AI within the security stack is critical to freeing up time for security teams to become more proactive, compared to reactive

AI itself can contribute to this shift from reactive to proactive security, improving risk prioritization and automating preventative strategies like Attack Surface Management (ASM) and proactive exposure management.

  • 84% of survey respondents prefer defensive AI solutions that do not require the organization’s data to be shared externally

This preference may reflect increasing attention to the data privacy and security risks posed by generative AI (gen AI) adoption. It may also reflect growing awareness of data residency requirements and other restrictions that regulators are imposing.

Improving cybersecurity awareness training for end users

Based on the survey results, practitioners in SecOps are more interested in improving security awareness training.

This goal is not necessarily mutually exclusive from the addition of AI tools. For example, teams can leverage AI to build more effective security awareness training programs, and as gen AI tools are adopted, users will need to be taught about data privacy and associated security risks.

Looking towards the future

One conclusion we can draw from the attitudinal shifts from last year’s survey to this year’s: while hiring more security staff might be a nice-to-have, implementing AI-powered tools so that existing employees can work smarter is increasingly viewed as a must-have.

However, trending goals are not just about managing resources, whether headcount or AI investments, to keep up with workloads. Existing end users must also be trained to follow safe practices while using established and newly adopted tools.

Security professionals, including executives, SecOps, and every role in between, continue to shift their identified challenges and priorities as they gear up for the coming year in the Era of AI.

State of AI report

Download the full report to explore these findings in depth

The full report for Darktrace’s State of AI Cybersecurity is out now. Download the paper to dig deeper into these trends, and see how results differ by industry, region, organization size, and job title.  

Continue reading
About the author
The Darktrace Community
Your data. Our AI.
Elevate your network security with Darktrace AI