Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The real challenge for MSPs isn’t growth, it’s scaling effectively. As MSPs increase their client base and expand their service portfolios, managing multiple tools, consoles and vendors becomes progressively more complex, impacting operational efficiency and margins. In many cases, this isn’t the result of poor decision-making, but rather the evolution of the business.

Permission creep rarely looks dangerous at first. It starts as a temporary fix, such as granting an admin role to unblock a deployment. Over time, those temporary decisions become permanent standing permissions. The result is an AWS estate littered with high-privilege roles that sit idle for months, expanding your attack surface without anyone actively noticing. It takes organizations an average of 277 days to identify and contain a breach.

Across the Webex link is the 3PAO team sent to pass judgment on your adherence with FedRAMP 20x. Like all auditors, they're diligent, professional, and particularly unnerving when they’re trying to be disarming. It’s the first interview where you explain what the product does.

Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI. Over the last 15 years, he has authored standards, guidance and best practices with ISO, NIST, and other governing bodies. Smith strives to create actionable resources for organizations seeking to minimize technological risk and increase value to customers.

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2 has emerged as one of the most widely recognised frameworks for demonstrating product security assurance.

On March 12, 2026, Veeam released fixes for multiple high and critical severity vulnerabilities in their Backup & Replication product that could allow remote code execution (RCE), privilege escalation, and credential theft. Arctic Wolf has not identified publicly available proof-of-concept exploits for these vulnerabilities, nor have we observed any exploitation.

Security leaders are being squeezed from both sides. On one side, threat actors are scaling operations with AI automation, using it to craft more convincing social engineering attacks, accelerating reconnaissance, and improving lateral movement. On the other side, defenders are drowning in telemetry, suffering under staffing constraints, and facing the harsh reality that threat actors don’t keep business hours.

On March 11, 2026, U.S. medical technology company Stryker Corporation disclosed a cyber attack that disrupted its global internal networks and Microsoft systems, leaving thousands of employees unable to access corporate systems and devices inoperable. In its SEC filing, Stryker stated it has no indication of ransomware or malware, considers the incident contained, and is assessing the full impact, with no timeline provided for full restoration.

Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank account numbers, passwords, credit card numbers, intellectual property, or trade secrets.

LexisNexis Legal & Professional is a global provider of legal, regulatory, and business information used by lawyers, corporations, governments, and academic institutions. A division of RELX Group based in London, the company was founded in 1970 and is headquartered in Atlanta, Georgia. LexisNexis operates 40 offices worldwide with approximately 11,000 employees, serving customers in more than 180 countries.