Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft SharePoint has a mature, well-structured security model. It gives organizations control over who can access sites, libraries, and documents, and for most day-to-day needs, it works well. But there is a fundamental limitation built into how SharePoint security works: it controls access based on role, not on the sensitivity of the content itself.

In 2025, universities in the United States and Australia found themselves squarely in the crosshairs of persistent and evolving cyber threats. Higher education institutions manage highly sensitive personal information, financial details, healthcare records, and research data, making them prime targets for sophisticated attackers, ransomware gangs, and even hacktivists. As cybercrime escalates globally, the education sector is facing some of its most disruptive and consequential breaches in years.

As Winter Storm Fern made its way across the US this weekend, children across the country were glued to phones, computers, or televisions as they tried to guess how long they would be out of school this week. Little do they know, however, the data, science, and lack thereof, that goes into that decision. School closures are the very public end of a complex and fast-changing dataset that is highly dependent on locality and can be wildly different on either side of a district line.

The regulatory and compliance landscape evolved rapidly in 2025, with changes key changes affecting cybersecurity, privacy, and protective security. This review breaks down key compliance changes, offering insights into new requirements and how to ensure compliance in 2026.

Data security in 2025 was less about reacting to breaches and more about surviving in a world where data is everywhere, attackers are faster, and trust is fragile. While the core goal of protecting sensitive information hasn’t changed, how organizations approach security has evolved significantly.

In today’s high-turnover work environment, we’re watching something unusual happen: record numbers of security cleared, experienced professionals are re-entering the job market. They’re leaving shuttered programs, reorganised agencies, downsized contractors, and sometimes entire departments caught in a budget reshuffle. Conventional wisdom says these people are an asset anywhere they land.

Data governance and protection are crucial in safeguarding sensitive information. Proper classification and data labeling are essential to ensure that the right people access the right information. Failure to implement these practices can result in data breaches, financial losses, and reputational harm. To help with this, Microsoft offers sensitivity labels that classify and protect data as part of the compliance and security capabilities of Microsoft Purview Information Protection in Microsoft 365.

Starting November 10, Phase 1 of the US Department of Defense’s CMMC 2.0 program went into effect, marking the start of a phased three-year rollout. Phase 1 begins with Level 1 and 2 self-assessments and culminates with the full implementation of program requirements in Phase 4. Organizations that fail to demonstrate compliance will not be eligible to bid on U.S. Defense contracts.

Earlier this week, The Australian broke the news that the Cyber Touhan hacking group stole classified plans for Australia’s new infantry fighting vehicles, a $7B AUD procurement program, in a massive cyber-attack targeting 17 Israeli defence contractors in the supply chain. The attack was carried out by targeting a downstream supplier, MAYA Technologies, exploiting vulnerabilities in their network and peripherals to gain access to sensitive data.

In response to evolving digital risks and growing concerns about data misuse, Australia has introduced a substantial privacy reform via the Privacy and Other Legislation Amendment Act 2024 (POLA Act) passed on December 10, 2024 Designed to modernise the country’s privacy framework and better align it with international standards like the General Data Protection Regulation (GDPR), the POLA Act marks a pivotal shift in how personal information is defined, managed, and protected.