In a fast-evolving digital world, cybersecurity threats have become more treacherous than ever. Doug Merritt, CEO of cloud security firm Aviatrix, warns that companies failing to adapt to today’s security landscape risk getting ambushed by hidden blind spots scattered throughout their networks.

Recent breaches at major companies such as AT&T, The North Face, and Cartier show just how capable cybercriminals have become—especially with the growing use of artificial intelligence. “The landscape is changing fast, and organizations must respond accordingly,” Merritt said.

Airlines and Insurers Among Prime Targets

Amy Bunn, an online safety advocate at McAfee, stressed that recent attacks on airlines and insurance providers are "a clear reminder of how prolific and sophisticated today’s cyberattacks are." Hawaiian Airlines, for example, experienced a data breach in late June that may have exposed the personal profiles of up to six million customers.

Airlines are particularly vulnerable because they store massive amounts of sensitive information in one place. But Bunn emphasized that no industry is safe. “From healthcare and finance to retail and tech, attackers are constantly scanning for weak points,” she said.

This wave of attacks wasn’t limited to Hawaiian Airlines. Australian carrier Qantas also suffered a breach just days later. Around the same time, the FBI posted on X that a known cybercrime group, “Scattered Spider,” was increasing its focus on the airline sector.

Insurance Industry Also in the Crosshairs

The insurance industry has also come under fire. Aflac recently disclosed that attackers may have accessed personal data of its U.S. customers. These types of attacks allow hackers to impersonate individuals or sell their personal information on the dark web, Bunn explained.

Cybercriminals seek out what she calls a “treasure trove” of consumer data, which can be turned into money through identity fraud or bulk sales on underground platforms.

Cloud Security: A Fundamental Shift Many Overlook

According to Merritt, a major blind spot lies in cloud security. He described it as a “paradigm shift” that most organizations have yet to fully understand. In the past, company data was contained within private, secure networks. But today, much of it moves through the public internet, exposing it to threats.

As organizations transition to cloud environments, many are leaving 50% to 80% of their infrastructure exposed, Merritt said. These vulnerabilities stem from three big shifts in how computing operates—especially in how apps and systems now interact over open networks instead of protected ones.

The New Security Battlefield

The traditional model of cybersecurity—where a few entry points were defended—is no longer enough. Today, companies must secure thousands, sometimes even hundreds of thousands, of access points, many of which are internet-facing and easy targets for hackers.

“This is the new battlefield,” Merritt said. “Organizations must move fast to address weaknesses in cloud security if they want to stay ahead of bad actors.”

Consumers Must Take Responsibility Too

The responsibility doesn’t lie with companies alone. Bunn reminded users that "staying safe online isn’t just up to companies.” Even if your account wasn’t part of a breach, your data could still be used in phishing or identity theft scams.

Her advice: use strong, unique passwords, enable two-factor authentication, and be wary of unexpected messages asking for personal details. Simple actions like these can go a long way in reducing risk.