Amid AI-Powered Cyberattacks, Critical Need For Connected Security Operations: Splunk Report

With new threats such as artificial intelligence-powered attacks, organisations must be prepared and confident in protecting themselves and their customers. The need is to build a unified security operations centre that combines human expertise with AI advancements.

However, a new report by Splunk that surveyed over 2,000 security leaders shows the mounting challenges faced by SOCs and uncovers the pain points that mire down organisations and open their doors to threats.

Alarmingly, 46% of respondents said they spend more time maintaining tools than defending the organisation, while only 11% trust AI completely for mission-critical tasks. Furthermore, 66% experienced a data breach in the past year, making it the most common security incident.

When SOC workflows aren't operating at their peak, it creates major barriers to effective threat detection and response. The report highlights areas of inefficiencies that create risk for organisations:

As much as 59% say tool maintenance is the main source of inefficiency, 78% say security tools are dispersed and disconnected, and 69% say such tools create challenges.

The report showed that 57% of organisations are losing valuable time investigating data management gaps, 59% have too many alerts, and 55% have to address too many false positives.

High stress levels, chronic understaffing and burnout are taking a toll and put talent retention and long-term team stability at risk.

Findings show that 52% organisations say their team is overworked, 52% say job stress has prompted them to think about leaving cybersecurity altogether, and 42% face unrealistic expectations by leadership.

Organisations see how AI can alleviate operational and staff shortage problems, as 59% have moderately or significantly boosted their efficiency with AI. Over half (56%) have prioritised AI application to security workflows this year, while 33% plan to fill skills gaps with AI and automation.

The top three tasks that gen AI is helping across SOCs include threat intelligence analysis (33%), querying security data (31%), and writing/editing security policies (29%).

Adopting a unified approach for threat detection and response leads to tighter collaboration, bringing more context and speed to investigations.

Sharing information across security and observability isn't fully embraced yet, but those who have made the leap report noteworthy advantages. Specifically, 78% of respondents cited faster incident detection and 66% noted quicker remediation as moderate to transformative benefits.