Abner Almeida ☁️

To me this is what is going to make proactive security so difficult for MSPs in 2026? My solution 👇 It’s the widening gap between what the market demands and what the balance sheet allows, pretty obvious I guess but also frustrating given how specialised security is. As MSPs set out strategy for the year, many smaller MSPs are facing a hard to face fact. Customers need a 24/7 SOC as a baseline requirement, not a premium add-on. But the math of building one in-house has become nearly impossible without it being too expensive for the smaller businesses to want to pay. What's the Profitability Killer? Wage Inflation The single biggest obstacle today is unsustainable wage inflation for specialised talent. In 2026, the median salary for a Senior Cybersecurity Analyst has hit £57,000 (and upwards of $145,000 in the US). To run a legitimate 24/7/365 operation, you need a minimum rotation of 5 to 6 analysts to cover nights, weekends, and holidays. When you add up the payroll, benefits, and management overhead, you are looking at a £350k+ ($800k+) annual commitment before you even spend a penny on your tech stack. For an MSP with fewer than 50 staff, absorbing that cost often means one of two things: - Destroying your margins to keep the lights on in the SOC. - Sacrificing quality by trying to cover 24/7 with a skeletal, burnt-out team. The "Strategic Supervisor" Model The most successful MSP leaders I’m talking to have realised that owning the outcome for the client is more important than owning the overhead. The breakthrough in 2026 isn't just about "outsourcing"; it’s about using technology to redefine your team's role. By leveraging a SOC partner, you don't lose your seat at the table, you actually pull it closer. The Partner handles the 24/7 "eyes-on-glass" and the 90% of noise that AI and automation now filter out. Your Team acts as the Strategic Supervisors. They are the ones who understand the client’s specific business context, handle the high-level remediation, and turn security data into business strategy. They actually fix stuff like the customer wants you to, has paid for. This approach allows your engineers to stop staring at false positives at 3 AM and start focusing on what actually drives your valuation—deepening client relationships and delivering high-value architecture. Is your 2026 strategy built on hiring for specialized roles, or are you looking at partnerships to protect your margins? I'd love to hear how other founders are balancing the "Build vs. Partner" debate this year. #MSP #CyberSecurity #Leadership #BusinessStrategy #SOC2026 #ManagedServices

20

1 Comment

Silicon UK reports on the recently launched LevelBlue software supply chain research. Highlights include 67% of European organizations investing in enhanced software supply chain security, with only 23% prioritizing engaging with software suppliers about security credentials. https://lnkd.in/g2JhnaF6

3

Afternoon all, I was speaking with my SailPoint team this morning and one of my colleagues shared an interesting customer conversation. As of 30th Sept, Microsoft enabled Claude within their Copilot Studio suite for all customers. This is already raising concerns across the FSI sector, particularly in the UK, as it appears to conflict with financial services regulations and controls due to how Claude handles and blends customer data with external data sources. We are hearing early noise from legal teams within a few organisations who see this as a potential compliance pain point. is this the same for anyone in my financial services connection base or other verticals, potentially? We have some valuable conversations at present around AI Agents, Data Access Security (DAS), and helping customers secure, lock down, and govern their data and AI strategies. I will post some content in the comment box for you to review.

10

2 Comments

Colt Data Breach: Ransomware Group Auctions Stolen Files UK telecom provider Colt Technology Services has confirmed a ransomware attack carried out by the emerging WarLock group. The breach, linked to a Microsoft SharePoint vulnerability (CVE-2025-53770), forced Colt to shut down several internal systems on August 12, 2025, including its Colt Online customer portal and Voice API platform. While Colt stressed that customer infrastructure remains unaffected, the attackers claim otherwise. WarLock has begun auctioning over 1 million stolen documents—including employee payroll data, customer contracts, financial records, network architecture, and software development files—on dark web marketplaces. Security researcher Kevin Beaumont estimates the leak contains hundreds of gigabytes of sensitive data. This incident underscores a growing trend of telecoms being targeted across Europe, highlighting the urgent need for rapid patching, proactive monitoring, and stricter access controls for internet-facing systems. Telecoms remain a high-value target where downtime and data exposure can have widespread consequences. #CyberSecurity #TelecomSecurity #Ransomware #DataBreach #Colt #WarLock #InfoSec #CloudSecurity #NetworkSecurity #DarkWeb #ThreatIntelligence #CyberAttack #DataProtection #PatchManagement #IncidentResponse #NIS2

14

Password reuse poses a significant risk that many organisations overlook. Through recent investigations, it has become evident that users continue to utilise the same or very similar passwords across multiple accounts. This practice not only jeopardises their personal credentials but also exposes businesses to potential threats, especially if corporate addresses and similar credentials are used on non-work-related platforms. Fortunately, there is a proactive approach to mitigate this risk. Check Point offers a complimentary assessment to evaluate your exposure, providing valuable insights into your current vulnerabilities and exposures. This assessment empowers you to proactively address any security gaps before they escalate into detrimental incidents. For more information on this solution, you can access the Solution Brief here: [Link to Check Point's External Risk Management Assessment](https://lnkd.in/egfFCXDf) If you are interested in safeguarding your business against these risks, feel free to reach out to me directly. #CheckPoint #ERM #NotJustFirewalls (Source: [BBC News Article](https://lnkd.in/eR7jSr2Z))

6

Britain's National Cyber Security Centre recently issued a lukewarm verdict on passkeys as an authentication solution. On the Root Causes Podcast, Jason Soroko and I explore the problems with WebAuthn, including account recovery, spotty availability, inconsistent implementation, and lack of Linux support.  Audio: Video: https://lnkd.in/g6uHKii6

30

3 Comments

With stricter cyber regulations looming across the UK and Europe, asset visibility and user behaviour monitoring have become board-level priorities. Platforms like BeamSec and Apexa iQ® surface high-risk behaviours that traditional SOC tools often miss. These hidden threats can quietly expose organisations to significant risk. Curious how BeamSec and ApexaiQ uncovers what others overlook? Let’s connect. Sreeram Thiagarajan Lokesh Aggarwal #AssetAssurance #HumanRiskManagement #MSSP #SOC

14

Security and firewall improvements. Most businesses don’t realise how exposed they are until something goes wrong. ELF Productivity Ltd didn’t want to wait for something to go wrong. They made a decision to strengthen their systems, improve their security, and properly review their firewall setup before it became a problem. That mindset makes all the difference. When we first started working together, their systems had grown over time. Different changes. Different fixes. No clear structure behind it. That’s where the risk creeps in. Over time, we’ve helped them: ✅ Strengthen their firewall properly ✅ Tighten up security policies ✅ Improve visibility across their systems ✅ Build a more structured, proactive IT Support model The word they used in this video was maturity. That’s the bit that matters. Not shiny tools. Not tech jargon. Not ticking a compliance box. Maturity means: You know what you’ve got. You know it’s protected. And you’re not constantly reacting to the next issue. If you’re honest, how confident are you in your current IT Support when it comes to security and firewall management? If the answer is “I’m not 100% sure”, that’s usually a sign something needs looking at. Have a watch of the video. They’ve shared their experience. If you want similar improvements in your security and firewall setup, message me. Worth a chat if you’re rethinking your IT Support. #ITSupport #CyberSecurity #GreaterManchester #BusinessGrowth

14

4 Comments

85%+ reduction in alerts needing manual investigation 90% faster investigations for escalated alerts 25%+ engineering capacity reclaimed by minimising triage duties https://lnkd.in/eNdF4K9r #CISO #SOC #incidentresponse

23

1 Comment

🚀 Big news from Semperis We’ve taken another major step forward in identity resilience with the acquisition of MightyID. 👉https://lnkd.in/gqiFGSuU This strengthens Semperis’ ability to help organisations recover fast and clean from identity-based attacks and outages — not just for on-prem Active Directory, but now across cloud IAM platforms like Okta and Ping as well. As identity becomes the new control plane for modern enterprises, resilience — not just prevention — is critical. Excited about what this means for customers running hybrid and multi-cloud identity environments 💪 #CyberResilience #IdentitySecurity #IAM #CloudSecurity #Semperis #MightyID

14

Veeam Data Cloud Vault ensures data backups are always safeguarded. Veeam eliminates the headaches of unpredictable cloud cost models and Xodeac Consulting Ltd. can help you get started! Learn the 9 must-haves for offsite cloud storage with this infographic. https://stwb.co/eeuzuel

1

X-Force Threat Intelligence has identified a new loader malware that we have dubbed QuirkyLoader. https://lnkd.in/e2xyZpKY Some key attributes: - Loader malware - Delivery via spam email archive attachments - Leverages DLL side-loading - Compiled using Ahead-Of-Time (AOT) compilation - Actively distributing well-known malware families like Agent Tesla, AsyncRAT and Remcos - Impacted countries observed to date: Taiwan and Mexico TL;dr: QuirkyLoader is a new loader malware that is actively distributing well-known malware families like Agent Tesla, AsyncRAT and Remcos. The threat actor initiates a multi-stage infection using malicious emails containing an archive file. By leveraging DLL side-loading, the malware executes its core DLL module, which is consistently written in .NET and compiled ahead-of-time to disguise its nature. This module then decrypts and injects the final payload, demonstrating a sophisticated method for delivering various malware threats. #xforce #xfti #threatintelligence #ibmsecurity #ConsultingatIBM

43