🎇 Blacksmith InfoSec: Celebrating a Stellar 2025 in the Channel

This year we’ve been focused on turning compliance into real MSP growth: publishing new guides, simplifying tools, and earning recognition for the way we help partners operationalize security and compliance.

Raising the bar on guidance

We’ve released in‑depth 2025 guides that reframe compliance as a repeatable, revenue‑generating service instead of a checklist. From MSP compliance playbooks to pieces on privacy laws and killing legacy authentication, we’ve worked to translate complex requirements into steps you can roll out with clients right away. We also rolled out the Get NIST-y podcast, and are excited to share all of the new episodes we’ve got in production.

Making tools and communication work harder

We’ve leaned into the “last year of spreadsheets” idea, showing how to move to workflow‑driven compliance tools and sharing an ultimate guide to the MSP compliance tooling landscape. We also outlined how to run an MSP cybersecurity newsletter that builds trust, helping you explain risk and controls in language your clients actually understand.

Being recognized for impact

Along the way, we’ve been honored with multiple 2025 MSP Influencer Awards, including a Vendor Excellence Award in Governance & Compliance. Channel coverage has highlighted how we combine methodology, platform, and partnership to help MSPs deliver stronger governance and security outcomes.

Heading into 2026

As we look to 2026, we’re building on this foundation of practical guidance, smarter automation, and tight MSP collaboration. The goal remains the same: make it easier for you to operationalize compliance, prove value to clients, and stay ahead of what’s coming next.

Unlocked – Your insider access to digital safety.

Support this publication by checking out Unlocked, your weekly insider access to the latest breaches, cyber threats, and security tips from the experts at Everykey.

⚠️ Threat Updates

🔴 Third‑Party API Breach Exposes 5.8M US Consumers

Bleeping Computer reports on a major breach at U.S. credit reporting and identity‑verification provider 700Credit, where attackers abused a vulnerable third‑party API integration to siphon card and personal data for at least 5.8 million people over several weeks. The incident underscores how tightly coupled API ecosystems can quietly expose regulated financial data even when core systems appear locked down. Financial services firms and their vendors should harden API authentication, continuously monitor for anomalous query patterns, and validate that data‑sharing agreements map to technical least‑privilege in connected platforms. » More Info

🟠 Healthcare Breaches Shrink in Count, Not in Impact (12/2025)

By mid‑December, healthcare attacks had impacted more than 42 million individuals in 2025, fewer victims than the historic 2024 Change Healthcare fallout but still a massive exposure footprint for hospitals and providers. Analysts warn that AI‑assisted phishing and vendor compromises are driving more targeted intrusions, trading “one mega‑breach” for many high‑impact incidents that disrupt care and erode patient trust. Healthcare organizations should treat cyber as core risk management, tighten vendor oversight, and pair phishing controls with tested downtime and recovery playbooks. » More Info

​

🗨️ Parting Words

“May your days be merry, bright, and securely backed up.”

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!