Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.

Most cloud services today are available to customers based on what is known as the “shared responsibility model”. This applies to Microsoft 365 services and apps. Although Microsoft 365 data is stored in the cloud, this user data should be backed up by the customers. This blog post explains why you should back up Microsoft 365 data, backup features, challenges, and how to back up Microsoft 365 effectively.

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.

The AI SOC has arrived. According to the 2026 AI SOC Leadership Report, 94% of organizations are using AI in the SOC in some capacity. The question in 2026 is no longer whether to adopt AI-driven SOC automation, but rather how to do so. Is the architecture behind that adoption actually working?

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. “While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time,” Mandiant says.

New age mandates continue to emerge across the world. For product managers, compliance officers, and legal professionals responsible for implementing age assurance, understanding internationally recognized frameworks is essential. ISO 27566 and IEEE 2089 are the two leading internationally recognized standards for age assurance referenced by regulatory bodies creating guidelines for recent age mandates. While both standards address age assurance, they serve complementary purposes.

TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29 minutes. If you’re still scanning monthly, you’re defending a version of your infrastructure that doesn’t exist anymore. The time it takes for an attacker to move after a breach has dropped to just 29 minutes. In 2021, we talked about a “breakout time” of 100 minutes. Today?

Opti9 recently announced it has been approved as an authorized reseller for Anthropic models through Amazon Bedrock, further strengthening its ability to deliver secure, enterprise-grade AI solutions on Amazon Web Services (AWS). In October, AWS enabled its Solution Provider Partners to resell Amazon Bedrock, a fully managed service that provides access to a wide range of leading foundation models from top providers.