Blacksmith InfoSec and Liongard Announce Strategic Integration
At Blacksmith InfoSec, we’ve always believed that real security outcomes should drive compliance. That’s why we’re thrilled to announce our latest integration with Liongard, a move that transforms how Managed Service Providers (MSPs) approach compliance audits. This integration empowers MSPs to automate user-centric security audits across Microsoft 365, Google Workspace, and any system connected via Liongard […]
Demystifying CMMC for MSPs
The Cybersecurity Maturity Model Certification (CMMC) has become a central compliance requirement for organizations in the U.S. defense supply chain. For Managed Service Providers (MSPs), understanding CMMC is essential — not only to support clients but also to ensure their own operations align with evolving Department of Defense (DoD) expectations. This article breaks down what […]
Understanding Security Policies for MSPs and IT Professionals
Security policies are the backbone of an organization’s information security program. These policies are shaped not only by internal business needs but also by a complex landscape of federal and state regulations. Security policies define how information assets are protected, who is responsible for safeguarding them, and the standards by which compliance is measured. For […]
A Practical Guide to Choosing the Right Frameworks for Your Organization
Navigating compliance in 2025 feels like standing in front of a wall of acronyms — SOC 2, HIPAA, PCI DSS, NIST CSF, CIS Controls, CMMC — each promising to solve your security and regulatory challenges. For managed service providers and IT organizations, this abundance of frameworks creates a paradox of choice that can paralyze decision-making […]
Mid-Year Cyber Threat Landscape Review: What’s Changed in 2025
As we reach the halfway point of 2025, the cybersecurity realm has undergone dramatic shifts that demand immediate attention from security professionals worldwide. The first six months of this year have revealed unprecedented changes in attack methodologies, threat actor sophistication, and the integration of artificial intelligence into cybercriminal operations. This comprehensive review examines the most […]
MSP Compliance in 2025: The Ultimate Guide for Managed Services Providers
In an era defined by relentless cyber threats and increasingly stringent regulations, Managed Services Providers (MSPs) find themselves at the heart of a digital battleground. The frequency and sophistication of cyberattacks continue to surge, while governments and industries worldwide impose tighter compliance requirements to safeguard sensitive data and critical infrastructure. This dual pressure — cyber […]
Cybersecurity Acronyms: Let’s Talk SOC, SOAR, XDR and More
Some might say cybersecurity has an acronym problem. For the average person, it can seem like everyone in the industry got together and decided to make things as confusing as possible. You can’t go to a single meeting without someone throwing around SOC, SOAR, XDR, and a dozen other letter combinations that make your head […]
What Is an Advanced Persistent Threat (APT) in Cybersecurity?
An advanced persistent threat (APT) is a sophisticated, long-term cyberattack in which an intruder establishes an undetected presence within a network to steal sensitive data or disrupt operations over an extended period. Unlike typical cyberattacks — which are often opportunistic and short-lived — APTs are carefully planned, highly targeted, and executed by skilled (and often […]
How MSPs Can Prepare for Evolving US Privacy Laws in 2025
Privacy in the United States is evolving at a breakneck pace, and 2025 is shaping up to be a landmark year. With at least eight new state privacy laws coming into effect, managed service providers (MSPs) are facing a surge of new compliance obligations — not just for their own operations, but for every client […]
Ransomware in 2025 and the Rise of Multiple Extortion
Ransomware has undergone a dramatic transformation over the past decade. In its early days, ransomware attacks followed a relatively simple playbook: threat actors would infiltrate a network, encrypt critical files, and demand a ransom payment in exchange for the decryption key. This “single extortion” model relied on the victim’s inability to access their own data, […]