🤝 Operationalizing Compliance: 2025 Guide for MSPs and Enterprises

Operationalizing GRC isn’t rocket science, but it does require a structured approach that connects your policies, people, and technology in ways that actually work. Here’s how to embed compliance into your organization’s DNA and build compliance through processes. (Bonus: Operationalizing Compliance for MSPs!)

🧠 The Human Side of Compliance: Mental Health and Ethics

The future of compliance isn’t about better policies or smarter technology — it’s about recognizing that mental health and ethical decision-making are two sides of the same coin. When you support your people’s well-being and create an environment where they can actually succeed, you’re not just being nice. You’re protecting your compliance program and setting your organization up for long-term success.

Check out the latest episodes of our compliance-focused video podcast!

🚨 Insider Threats: Building a Culture of Trust and Security

Insider threats — risks posed by individuals within an organization — remain one of the most challenging aspects of modern compliance and cybersecurity. These threats can be malicious, negligent, or even inadvertent, but the consequences are often severe. Building a culture of trust and vigilance is essential for mitigating insider threats.

⚠️ Threat Updates

🔴 Threat Actors Use TikTok Videos to Distribute Malware (5/26/25)

Cybercriminals are leveraging AI-generated TikTok videos to spread malware, tricking users into running malicious commands under the guise of activating pirated software like Windows, Office, and CapCut. These campaigns deploy stealers such as Vidar and StealC, allowing attackers to harvest credentials and sensitive data from victims’ systems. Security experts warn that attackers are quick to weaponize trending social media platforms, urging organizations to educate users about social engineering tactics and monitor for suspicious downloads. » More Info

🔴 Marks & Spencer Hit by Major Supply Chain Cyberattack (5/26/25)

In April 2025, UK retail giant Marks & Spencer suffered a significant cyberattack traced to a third-party vendor compromise. The breach forced M&S to suspend online orders and gift card services, with ongoing disruptions to customer order tracking and card redemption. Attackers used social engineering to steal credentials from a trusted supplier, then moved laterally within M&S’s network, bypassing internal defenses. This incident highlights the growing risk of supply chain attacks and the importance of rigorous vendor risk management. » More Info

🗨️ Parting Words

"Privacy is not an option, and it shouldn’t be the price we accept for just getting on the Internet."

— Gary Kovacs, former CEO of Mozilla

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith can form the backbone of your profitable, low-lift compliance offering.