There are likely to be a number of cybersecurity challenges for organizations in 2026 that will effect businesses in every sector.  These challenges include a growing threat arena, an increased complexity of requirements, and a shrinking pool of qualified personnel to perform essential information security functions.  In addition, all of this is occurring at a

Cyber insurance has become a larger part of the cybersecurity risk management process for businesses. This is due to the rising potential impacts of cyber threats to sensitive data.  As a result, cyber liability insurance market is changing rapidly.  These changes include reduced coverage limits, increased premium, and requirements for adequate security controls for cyber

Cybersecurity trends for 2025 show multiple areas of concern in a time of growing risks.  A Cybersecurity Assessment Report from Bitdefender reveals findings from 1,200 cyber professionals that define key areas for improvement.  These areas include reduction of attack surfaces, complexity of disparate tools, c suite perceptions, and cyber professional burnout. Reporting Incidents In the

The U.S. Secret Service dismantled a network of devices in New York city that posed a significant telecom threat.  This equipment could have potentially disabled cellphone towers facilitating anonymous communications for criminal activities.  This operation was particularly urgent due to the ongoing United Nations General Assembly meeting with world leaders.  Equipment at Various Sites Across

The Defense Federal Acquisition Regulation Supplement (DFARS) implementing the Cybersecurity Maturity Model Certification (CMMC) program has been finalized.  This rule, available on the Federal Register, will become effective November 10, 2025. This action by the Department of Defense (DoD) (now the Department of War) will make CMMC compliance a contractual requirement on all solicitations and

A Department of Defense (DoD) class deviation has postponed the CMMC compliance requirement originally set for October 1, 2025. This requirement, effective as of September 3, 2025, notifies contracting officers that they are not to use the DFARS 252.204-7021 contract clause in new solicitations and contracts.  This class deviation will remain in effect until the

Microsoft has been using Chinese engineers to assist with the maintenance of the Department of Defense’s (DoD) cloud systems, supervised by U.S. personnel known as “digital escorts.”  This arrangement, which dates back decades, involved using U.S. citizen Microsoft employees with security clearances to oversee work being done on highly sensitive databases.  In many cases these

The National Institute of Standards and Technology (NIST) is developing control overlays for securing Artificial Intelligence (AI) systems to help organizations manage cybersecurity risks associated with various AI use cases, including generative AI and predictive AI.  These overlays are designed to help organizations manage cybersecurity risks associated with various AI applications. The NIST AI control

C-suite cybersecurity responsibilities include promoting a security culture, aligning cyber and business strategies, and provision of resources.  This requires involvement by all executives not the Chief Information Security Officer (CISO).  The prevention of a cybersecurity incident should be a key element in business strategy because of loss of operations, financial loss, and damage to organizational

The Bureau of Industry and Security (BIS) has issued new guidance for Advanced Computing ICs in an effort to prevent diversion of electronics that could be implemented in Weapons of Mass Destruction (WMD).  The BIS also updated Supplement No. 3 to Part 732 “Know Your Customer” Guidance and Red Flags to provide a due diligence

DoD Acquisition nominee Michael Duffy plans to review Cybersecurity Maturity Model Certification (CMMC) implementation in an effort to balance a need for security and excessive regulation.  Duffy also recognized the need for affordability for the Defense Industrial Base (DIB) to maintain cybersecurity best practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Duffy

Recent studies have shown that organizations are not ready for CMMC.  The Aware but not Prepared report from Redspin states that only half of the Defense Industrial Base (DIB) are even moderately prepared for a Level 2 certification.  Despite a five year roll out for the final rule from the Department of Defense (DoD) DIB

The Department of Defense (DoD) has released its Cybersecurity Maturity Model Certification (CMMC) final rule.  This rule will now require contractors to verify that required security measures have been implemented for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  These requirements will are to be implemented in early to mid-2025 when verification of security