Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

By now, you’ve likely heard about Magecart attacks — or maybe even experienced one firsthand. Over the last few years, digital skimming has become a go-to tactic for cybercriminals targeting websites and web applications. Major organizations like Macy’s, Ticketmaster, the American Cancer Society, P&G’s First Aid Beauty, British Airways, and Newegg have all made headlines due to these breaches. But most victims don’t make the news.

Loyalty fraud prevention has become a major industry threat, with loyalty-linked accounts having become digital assets of converging value – storing points, payment credentials, and verified identity data. That makes them irresistible targets for attackers with both the motive and means to exploit them. Phishing, credential stuffing, spoofed login portals, and personalized impersonation scams are just the beginning.

In the face of increasingly sophisticated cyber threats, the chief information security officer, or CISO, is responsible for ensuring the organization's data is secure. CISOs ensure that proper security strategies, policies, and technologies are working to meet their goals of mitigating risk, maintaining regulatory compliance, and upholding customer trust. A CISO helps align security initiatives with business goals, enabling growth while minimizing disruptions and vulnerabilities.

If you’ve been in cybersecurity longer than five minutes, you know one thing: legacy SOC architecture isn’t just showing its age — it’s creaking under the weight of today’s threats. Cybersecurity analyst Francis Odum nailed it when presenting at Torq’s SKO 2025: “Legacy SOAR assumed everything starts in the SIEM. Now, teams connect automation directly to EDR, email, and identity systems.”.

There’s a silent frustration building inside security teams today. It’s the fatigue of defending critical data with tools that can’t keep up. The friction of investigating endless false positives. The anxiety of not knowing what sensitive data is actually doing across your environment. And the sinking realization that despite massive investments, DLP tools are failing at the one thing they were designed to do–prevent data loss.

Enterprise AI adoption is accelerating rapidly, with organizations deploying large language models and AI agents to access sensitive corporate data and automate critical business processes.

You’ve likely invested in traditional security tools that monitor failed logins or privilege requests—but more advanced threats use legitimate credentials to hide. If attackers bypass authentication protocols or hijack stolen tokens, they can roam freely under the radar. That’s why behavioral detection in an XDR solution is crucial. It does not just look at logs — it looks at patterns.

Social engineering attacks continue to be among the most effective methods for delivering malware and compromising systems. Among these, a concerning trend has emerged and rapidly gained traction: "ClickFix" and "FakeCAPTCHA" campaigns. These sophisticated attacks exploit users' familiarity with everyday verification systems while leveraging clipboard manipulation techniques to deliver malicious payloads—all without exploiting a single technical vulnerability.

Every inline deployment introduces a tradeoff: enhanced inspection versus increased risk of downtime. Inline protection is important, especially for APIs, which are now the most targeted attack surface, but so is consistent uptime and performance. This is where a fail-open architecture comes in.

Andrew Storms, VP of Security at Replicated, has spent three decades on the frontlines of cybersecurity. From building Unix systems in the early ‘90s to leading incident response and AI security strategies today, he has seen the CISO role evolve from back-office function to boardroom mainstay. In this spotlight, he shares the lessons that shaped his thinking, why storytelling is a critical CISO skill, and how API security is no longer optional.