Securing Comms Infrastructure: Tackling AI-Driven Threats and Legacy Risks

Today’s cybersecurity landscape is no longer defined by loud, perimeter-shattering attacks, but by quiet, persistent threats lurking within the network. For service providers, the challenge is clear: how do you secure an infrastructure that never sleeps?

I recently had the opportunity to discuss the top cybersecurity threats for communications and media providers with a panel of experts during our virtual event, "Jockeying for Security: Top Threats." I sat down with Chris Rodriguez (Splunk Security Strategist), Matt Olson (Splunk Global Industry Strategy, Service Provider Industry), and Brady Davis (Lead Security Consultant, SP6) to explore how organizations can stay ahead of today’s unprecedented technological shifts and increasing threat sophistication.

The following is a condensed version of our conversation on the top cybersecurity threats for service providers, focusing on the critical challenges and actionable strategies for today’s security teams.

What would you say is the top cybersecurity concern for service providers today?

Chris: It’s hard to pick just one, but if I had to narrow it down out of the hundreds of threats out there, I would narrow it down to two. The first is anything affecting service availability and uptime. When we look at the CIA triad—confidentiality, integrity, and availability—none is more important in the communications and media industry than availability. That is the business. Dropped calls, degraded 5G services, or interruptions to live streaming directly impact the bottom line and customer reputation.

Secondly, the speed and scale of new AI-driven threats are high on the list of top concerns. Vulnerability management and getting a handle on how AI is being adopted and used in organizations presents a significant opportunity and risk as well.

Matt: I concur, and I see this in three parts. First, the impact of AI is providing massive leverage for the discovery of zero-day exploits. It effectively democratizes the ability to find these vulnerabilities. It’s interesting that projects like Glasswing* provide an opportunity to get ahead of these threats, helping us identify, address, and remediate vulnerabilities proactively.

Second, while zero-day exploits are being discovered at an accelerated rate, where are they hitting? For service providers, the concern lies in the sheer scale and variety of infrastructure—particularly the 'legacy tail.' While new platforms and advanced technologies are often patched rapidly, the legacy environment is a different story. I recently spoke with a provider managing millions of CPEs and endpoints spanning diverse builds. Remediating that legacy exposure is incredibly daunting; even after identifying the issues, the actual execution of remediation remains a significant challenge.

Third, and most concerning, is the Advanced Persistent Threat (APT). While we may see an explosion of zero-day incidents and a rapid response, the truly worrisome part is what remains after you’ve closed the door. What threats are already living within your infrastructure? These often stay off the radar until a major event occurs. In my mind, that is the most dangerous threat, because it has the potential to impact society at large—not just individual businesses and infrastructure.

How should detection strategies evolve to catch "quiet threats"?

Brady: We are moving away from the era of "loud" attacks where alerts were blasting down the door. Today’s threats are much more sophisticated. They aren't just port scanning; they’re blending in.

Our detection tools must leverage these same technologies to define our organization’s 'baseline normal.' This baseline must account for the reality that threat actors may already be present. We need to incorporate as much historical data as possible, including things like data lakes, so we can do behavioral analysis and use machine learning techniques. Relying on simple alerts, like '15 failed authentications in 15 minutes,' doesn’t cut it anymore; that’s usually just someone’s script error, not a breach. Security teams must mature beyond event-based detection and move toward anomaly-driven analysis. We must identify the mathematical outliers that are impossible to spot in raw data alone.

Matt: That raises a good point: this requires more sophisticated, context-aware analysis, which must leverage AI and machine learning to manage the sheer volume and complexity of the data.

Chris: The threat extends beyond the services provided to consumers. In the last couple of years, we’ve heard about compromises at telcos, law enforcement wiretapping and others.

Matt: The infrastructure itself is a target. Threat actors are tapping into conversations and analyzing metadata to determine who is communicating with whom—that is incredibly sensitive, powerful information. Furthermore, in cases such as SIM swapping, the phone serves as a primary source of identity, this opens the door to a vast array of financial crimes.

Chris: This ties back to our discussion on vulnerability management. For instance, in many major attacks like Salt Typhoon, the initial access point was unpatched vulnerabilities in legacy routing equipment. Legacy network equipment often provides the initial access point. From there, we are now seeing hundreds of zero-day vulnerabilities that can be strung together in seconds using AI models like Mythos.

If our audience takes one thing away today, what should they start working on immediately?

Chris: Adopt a mindset of "agentic trust and governance." Trust starts with the data. If you can’t trust your data, you can’t trust the outcomes your AI agents are producing. Use your security platforms to establish a single source of truth based on data integrity.

Matt: I agree. Governance models must extend into the agentic realm. We also need a holistic approach to security management. You cannot silo application security, network security, and OT. Bad actors are chaining together zero-days across these boundaries; your defense must be just as integrated.

Brady: If you don’t have it already, you need a full inventory of everything in your environment. It’s daunting, but you cannot secure what you cannot see. Know every device, every piece of software, and every service account. If you can’t account for it, it shouldn’t be in your network. "Assumed breach" shouldn't just be a pen-testing exercise; it should be the baseline for your daily operations.

Summary: The Path Forward

The cybersecurity landscape for communications and media is shifting from "loud" perimeter breaches to quiet, persistent threats hidden within legacy infrastructure. As AI-driven exploits accelerate, service providers must move beyond siloed, event-based security toward a holistic, AI-powered approach. By prioritizing data integrity, maintaining a rigorous inventory of all assets, and establishing strong governance for both human and agentic workflows, organizations can better identify subtle anomalies and protect their infrastructure at machine speed.

Take the Next Step in Your Security Journey

Ready to dive deeper into the threats facing your organization?

• For industry-specific insights: Download our new ebook, The Top 10 Cybersecurity Threats in Communications and Media, to get a comprehensive look at the risks unique to your sector.
• For a broader perspective: If you are looking for insights across all industries, you can download our Top 50 Cybersecurity Threats ebook to stay ahead of the global threat landscape.
• To speak with our partner SP6: Click “Contact Us” on their website
• To listen to the full discussion: Register for the on-demand Jockeying for Security: Top Threats event.