Articles

The Rise of Adversary-in-the-Middle Attacks and How to Stay Protected

"Man-in-the-middle" attacks aren't new. What's changed is how consistently attackers can now bypass MFA by stealing session tokens in real time. This technique is often referred to as...

ITSM: A practical guide to IT service management

Most organizations rely on IT services every day, even when nobody calls them "services." Email and collaboration platforms, identity and access tools, endpoint management, line of business applications,...

Beyond Copilot: Why AI Readiness Is an Executive Issue in 2026

AI pilots were a smart first move. Most mid market firms have already tested Copilot, used ChatGPT for drafts and summaries, or experimented with a few small automations. In 2026,...

Benchmarking IT Support

IT Benchmarking: KPIs, Metrics & Strategy Guide IT benchmarking answers a straightforward question with real budget, performance, and risk implications: How is IT performing compared to where it...

Preparing for an SEC Cybersecurity Examination: A Guide for RIAs

Cybersecurity risk is becoming harder for RIAs to separate from regulatory risk. Verizon's analysis found that ransomware attacks rose 37% from 2024 to 2025, while vulnerability exploitation grew...

What the Claude Mythos Incident Means for Cybersecurity

Recent reporting about Anthropic’s Claude Mythos model has raised understandable questions for business leaders and IT teams. Mythos is an unreleased AI model developed for advanced cybersecurity work...

The Critical First Hour: Responding to a Financial Services Cyberattack

The financial services industry is one of the top targets of cyberattacks, second only to manufacturing, according to Verizon. Yet, attacks on financial services firms all too often...

Business Continuity Plan: Complete Guide, Steps & Examples

Disruptions do not wait for a convenient time. A ransomware event, internet outage, cloud service failure, severe weather incident, or vendor issue can stop work fast. When that happens, the...

Why Most Tabletop Exercises Fail Before They Start

Many organizations run cybersecurity tabletop exercises expecting clarity. Instead, they uncover confusion. The problem usually is not what happens in the room. It starts earlier, in the assumptions baked into the objective,...

Cybersecurity Tabletop Exercise: Complete Guide, Scenarios & Templates

For an uncomfortable number of organizations, it's only when a crisis hits that leaders learn whether their incident response plan works. By then, it's too late to, for...

When Legal and Regulatory Requirements Trigger Cybersecurity Assessments

Many organizations conduct cybersecurity assessments only after regulatory pressure or legal obligations arise. That's because compliance requirements frequently trigger formal evaluations of cybersecurity practices and risk exposure. But...

7 Signs Your Company Needs a Cybersecurity Assessment

Requests from legal or compliance teams often stem from a few key scenarios. A vendor may require proof of security controls before signing a contract, an auditor might...

Ransomware and Other Cyberattacks on Cities: What to Do Before, During, and After

Recently, Foster City declared a local state of emergency after a ransomware-related cyberattack forced the city to take its network offline, disrupting email and phones and limiting services...

Cybersecurity Assessments: What, Why, How & When

The relentless pace of cyberattacks shows no signs of letting up. The fastest eCrime breakout time—the speed at which an attacker moves from initial access to lateral movement—dropped...

Best AI Tools for Lawyers: 2026 Comparison

Key Takeaways AI tools for lawyers span everything from legal research and contract review to document drafting and case management. Mainstream AI tools like ChatGPT and Claude can...

Cybersecurity for Law Firms: Best Practices Guide

Law firms manage some of the most sensitive information in the business world. Client confidences. Intellectual property. Merger strategies. Litigation plans. Financial records. That mix of privileged data...

Practical Applications of AI in Law Firms: A Managed IT Perspective

AI is already present in the legal technology stack, whether a firm has made a formal “AI decision” or not. Microsoft 365, document platforms, and security tools increasingly...

Practical Guidance for Investment Firms: Staying Compliant While Adopting AI

Artificial intelligence is already being used in investment firms. So the compliance risk isn’t whether AI is being used. It’s whether AI is properly controlled and supervised. In...

AI in Law Firms: Key Takeaways from Cooley’s “Foundational Concepts” Breakout at K2L 2026

AI is no longer a future-state conversation for law firms. It is already embedded in the tools teams use every day, from email and document management to eDiscovery...

CPRA Compliance Checklist: Requirements, Steps & Ongoing Management

The California Privacy Protection Agency (CPPA) has the authority to hold businesses accountable for data privacy gaps, and it's using that authority. The CPPA has moved beyond advisory...

AI Readiness Assessment Explained: Definition, Scope, and Purpose

Many AI initiatives start the same way: someone identifies a promising tool, runs a pilot, secures budget approval, and then discovers the infrastructure can't support it, the data...

Phased Approach to AI Implementation Success

Organizations rushing to adopt AI tools all too often discover that technology alone doesn’t guarantee success. Without proper assessment, security controls, and governance frameworks, AI initiatives can actually...

Developing Your AI Strategy: A Steering Committee Is the Foundation

AI is a business transformation, not just another piece of software or a standalone technology initiative. In regulated and security-sensitive industries, it also changes how data is handled,...

Xantrion’s 25-Year History: How Managed IT Evolved With Regulation, Risk, and AI

In 2000, Anne Bisagno and Tom Snyder founded Xantrion with a clear vision: building a people-focused IT services company. Twenty-five years later, our growth tracks the same pressures...

What Is CPRA? Understanding the California Privacy Rights Act

The California Privacy Rights Act (CPRA) is California’s data privacy law that expands consumer rights and imposes stricter obligations on businesses regarding the collection, use, and protection of...

Manufacturing Regulatory Compliance: A Complete Guide

Manufacturing regulatory requirements represent a moving target for food and beverage companies, automotive suppliers, and other makers and builders. Regulations shift. Enforcement changes. Penalties change. Along with fines,...

Understanding Regulatory Compliance in Healthcare: A Complete Guide

Healthcare organizations deal with more regulations than almost any other industry. Unlike other industries, where you may focus on a single set of rules, healthcare regulatory compliance involves...

Middle Market Priorities for 2026: Why Compliance, Automation, and AI Are Top of the List

Middle-market organizations occupy an interesting space. They are too large to fly under the regulatory radar but too small to have the deep resources of enterprise-level companies. And...

Xantrion’s Most-Read Cybersecurity Posts of 2025: What Resonated with Readers

What cybersecurity topics kept you coming back in 2025? The numbers tell a clear story. IT leaders, security professionals, and business decision-makers were searching for straightforward answers to...

Benefits of Managed IT Services for Your Business

Businesses of every description are reporting a significant shift in their IT needs. While the cybersecurity talent shortage remains acute, 59% of surveyed organizations now report widening skills...