6 days ago
When Hackers Aren't Human: 3 Key Strategies To Combat A New Era Of Cyber Threats
Travis Runty, Head of Security - Public Cloud, Rackspace Technology.
getty
The rapid adoption of Internet of Things (IoT) and cloud-connected technologies has significantly expanded organizations' digital footprints, enhancing flexibility and unlocking new technological capabilities. But this growth has also exposed new risks, providing cybercriminals with more entry points and potential "surface areas" to exploit. Even more concerning, these cyber threats are no longer limited to human attackers, with AI-driven "bad bot" attacks now accounting for one-third of all internet traffic.
These bots expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations. Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics. AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defenses.
In response to these evolving vulnerabilities, IT teams must adopt a more holistic and proactive cybersecurity strategy, inclusive of strong AI assistance. Strengthening your SOC's readiness involves three key strategies:
One of the biggest challenges for most SOCs is repetitive and round-the-clock monitoring carried out by "threat hunters" or frontline defenders who are responsible for responding to attacks and identifying potential vulnerabilities before they can be exploited. As the volume of cyber threats continues to rise, so does the pressure on these teams.
Human error is more likely when IT professionals are overwhelmed by alerts and false positives, causing teams to become numb to the noise. A study by the Ponemon Institute found that 65% of SOC analysts are experiencing burnout due to increasing workloads, highlighting this urgent need for a shift in cybersecurity approaches.
This shift may require a change in how security professionals view their skills and ultimately change the layer in which they engage. No longer can SOCs be composed of security generalists who respond to every alert. Instead, they must adopt a triage-based model that leverages AI solutions to evaluate and correlate, and then (if appropriate) assigns team members to threats based on expertise.
To succeed, SOC leaders should create teams where each professional is proficient in managing the different types of threats at the host, platform or edge layer. This approach allows the organization to respond more efficiently to advanced threats they are facing while proactively strengthening their defenses against future risks.
Moreover, security can no longer be confined to the sole domain of one department. Instead, it should be embedded into the entire organization with security-minded professionals integrated into multiple teams to foster a more resilient and proactive security stance.
To address these new types of threats, SOCs also need to rethink the way they use technology, particularly regarding next-generation security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions.
Today's SIEMs excel at detecting and reporting security incidents and aggregating and consolidating log data to help security teams identify and investigate potential threats. Next-generation SIEMs are also predictive and adaptive and go beyond simple reporting to analyze patterns across multiple layers rather than isolated incidents, while also monitoring traffic patterns and data access in real time.
Before implementation, SOCs need to have a complete understanding of their technological assets, including endpoints, networks and other critical systems, which will be the key data sources leveraged. Although next-generation SIEMs offer advanced capabilities, they aren't tools that security teams can simply "turn on" and walk away. Ongoing support from trained team members or trusted partners will be essential to ensure effective management and performance.
While the rise of AI bots has brought about new cybersecurity challenges, AI is also a crucial defensive tool to protect organizations, detect threats faster and respond to breaches more efficiently. Many organizations are already leveraging AI as a cybersecurity tool. In a survey we conducted, 42% of IT leaders said they are integrating AI into their cloud strategies for use in advanced security and threat detection.
Organizations can encounter several challenges when integrating AI into their cloud strategies. One common issue is that AI solutions often start with low confidence in their outputs, leading to a high rate of false positives and false negatives. Additionally, if not properly tuned, these systems can overwhelm teams with excessive alerts, resulting in alert fatigue and the risk of missing critical events.
These challenges can be mitigated by building teams with the right mix of security and data science expertise to continuously monitor, tune and improve the models. However, these skill sets are in high demand and can be difficult to source.
Just as SOC teams need to be embedded across the entire organization, the seamless integration of AI-assisted threat detection, notification, enrichment and remediation is equally crucial. With the rise of edge computing, organizations must consider how they can extend security beyond centralized systems to where their data is most vulnerable. With attacks accelerating in pace and intensity, organizations cannot afford slow, laborious reporting structures. Well-rounded sensors must be deployed at the edge to detect and mitigate threats.
Finally, aggregation of these events empowers better-informed correlation but can also introduce additional noise. To overcome this, an effective approach to AI should focus on tuning models to your specific environment, integrating threat intelligence and applying context-aware filtering. This ensures your team is prioritizing the highest-confidence threats—maximizing their impact and reinforcing trust with customers and stakeholders.
Next-generation SOCs are increasingly investing in predictive threat modeling to anticipate risks and proactively refine their response strategies. This includes advanced tabletop exercises designed to surface effective behaviors and inform the creation of automated or guided runbooks—providing consistent, step-by-step protocols for managing incidents and routine operations.
We're also seeing the emergence of fully autonomous containment platforms capable of investigating and correlating threats across diverse data sources. These systems can validate security events through analytics, minimizing the need for manual intervention or direct tool management by cybersecurity teams.
Security transformation is a complex and unforgiving process, where even small gaps can lead to significant risks. To defend against AI-driven threats, SOCs must evolve. True security in the AI era depends on deep collaboration—where partners share insights, communicate seamlessly and evaluate information to stay ahead of attackers.
Strengthening your SOC's readiness involves three key strategies.
