Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the face of increasingly sophisticated cyber threats, the chief information security officer, or CISO, is responsible for ensuring the organization's data is secure. CISOs ensure that proper security strategies, policies, and technologies are working to meet their goals of mitigating risk, maintaining regulatory compliance, and upholding customer trust. A CISO helps align security initiatives with business goals, enabling growth while minimizing disruptions and vulnerabilities.

Loyalty fraud prevention has become a major industry threat, with loyalty-linked accounts having become digital assets of converging value – storing points, payment credentials, and verified identity data. That makes them irresistible targets for attackers with both the motive and means to exploit them. Phishing, credential stuffing, spoofed login portals, and personalized impersonation scams are just the beginning.

By now, you’ve likely heard about Magecart attacks — or maybe even experienced one firsthand. Over the last few years, digital skimming has become a go-to tactic for cybercriminals targeting websites and web applications. Major organizations like Macy’s, Ticketmaster, the American Cancer Society, P&G’s First Aid Beauty, British Airways, and Newegg have all made headlines due to these breaches. But most victims don’t make the news.

These requirements target the browser layer — where scripts execute on the end user’s side, not in your cloud or backend infrastructure.

The evolution and growing impact of cyberthreats are increasingly impacting the economic and social fabric. From attacks on business infrastructures to political disinformation campaigns and ransomware targeting critical environments such as hospitals or transportation networks, the impact is no longer just technical; it’s systemic.

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

Modern websites have become increasingly reliant on third-party applications and open source tools to deliver functionality and enhance the user experience. However, this reliance introduces both security and privacy risks, as external code can act as a vector for sophisticated attacks, such as Magecart and web skimming. Without visibility into these apps and tools, organizations are left vulnerable to undetected threats, unauthorized data access, and regulatory violations.

A recent survey and report cosponsored by Tanium and conducted by the Enterprise Strategy Group, now part of Omdia, uncovered data that some may find surprising—perhaps even alarming.

In 2010, the Australian Signals Directorate (ASD) developed a set of prioritised threat mitigation strategies to provide cybersecurity guidance to government agencies and organisations. Over time, eight of those strategies proved to be the most effective and were formalised into the Essential Eight (E8) framework, officially published in 2017.