For many organizations, 2026 feels like “just another year.” That is, until you see how rapidly cyberattacks are changing. This is not only because attackers are becoming smarter, but also because our technology and rules are evolving. Machines are becoming more digital and therefore more vulnerable, scams are becoming more convincing thanks to GenAI, and the question “What if it goes down for a while?” is slowly changing to “What if it goes down tomorrow?”

Are you also curious about our Cybersecurity Review of 2025, in which we look back on the most notable cybersecurity issues?

Below are the four trends that are expected to make a difference in 2026.

Machinery Regulation 2027: cyber becomes machine safety

The EU Machinery Regulation (Regulation (EU) 2023/1230) will apply from January 20, 2027, replacing the Machinery Directive from 2006. This makes 2026 the last full year of preparation.

Many people are surprised to learn that this regulation explicitly addresses the reality of modern machines. Today’s machines do more than just perform mechanical tasks; they run software, connect to networks, receive updates, and communicate with other systems. The recitals cite the emergence of digital technologies, such as AI, the Internet of Things (IoT), and robotics, as the reason why there were gaps in existing legislation that are now being closed.

Even more importantly for OT (operational technology), the text includes requirements that directly affect cyber resilience. For instance, there is a crucial health and safety component regarding “protection against corruption” (i.e., manipulation or undesirable influence via links or external connections), and it even references EU cybersecurity certification as a means of demonstrating compliance with certain requirements. It has been made clear that “cyber” is no longer just IT, but also part of product and machine safety.

GenAI phishing: the scammer gets a copywriting agency

Phishing is already a major issue, but by 2026, it will primarily involve large-scale, high-quality phishing attacks. Generative AI has drastically lowered the threshold for creating credible text. Poor grammar and odd phrasing used to be warning signs, but now, attackers can generate neat, businesslike emails in perfect English tailored to the industry, role, and tone in a matter of seconds.

ENISA (the EU’s cybersecurity agency) still cites phishing as the dominant entry point for cyberattacks. In their Threat Landscape report, they mention phishing as a very common starting point for cyberattacks and note the growing trend of AI accelerating and refining this type of social engineering.

Furthermore, ENISA reports that AI-assisted phishing now constitutes a significant portion of global social engineering activity. In other words, AI is no longer just a “gimmick”; it is quickly becoming the norm.

Minimum Viable Company: downtime becomes the real expense

The fourth trend is not about a new hack, but about the question: what happens to your company if something does go wrong? More and more organizations are shifting from the idea of “we must prevent everything” to “we must be able to continue working if it does happen.” This fits in with the concept of the Minimum Viable Company (MVC): the smallest functioning company that can still deliver, invoice, communicate, and meet basic requirements while the rest recovers.

Consulting firms and resilience frameworks use MVC to emphasize that, in a crisis, it is not necessary to immediately return to full capacity. Rather, the focus should be on maintaining a minimal, safe business operation. MVC can now be seen as an important boardroom topic because cyberattacks, outages, and supply chain problems are increasingly becoming “normal” business risks. MVC helps you focus on core processes, critical infrastructure, essential personnel, and key data so that, in the event of an incident, you know what “must stay alive” and don’t get lost in priorities.

For SMEs, this is perhaps the most practical lesson for 2026: not because you suddenly become immune, but because you prevent a single incident from turning into weeks of downtime.

Finally, 2026 will be the year of making mature choices

If you add up the four lines, you see the pattern: cyber is shifting from an “IT problem” to a “business reality.” Machines and OT are becoming more prominent due to the Machine Regulation. Phishing is becoming more convincing and widespread thanks to GenAI. AI tools are becoming more productive, but also more sensitive when it comes to data. The winners are organizations that already know in advance what their “minimum business” looks like.

In that respect, it makes sense that more and more organizations are looking for tools and partners that make AI use manageable and can protect data flows. Zscaler, for example, explicitly positions Zscaler AI around secure AI use and data protection. OpenSight is also an official Zscaler partner and guides organizations in these kinds of processes, precisely where technology, policy, and practice come together.

Would you like to know where your company will stand in 2026? Then it would be wise to conduct a risk assessment of your company.

See also our Cybersecurity Review 2025, in which we discuss the most notable cybersecurity issues in a white paper.

The digital threats that businesses face today are greater and more varied than ever before. Hackers are constantly developing new methods, from sophisticated phishing campaigns and ransomware to deepfake attacks and social engineering. The question is no longer whether your organization will be attacked, but when.

Although technical measures such as firewalls and antivirus software are important, they are only part of the solution. Cybercriminals are increasingly targeting the human factor: employees who click on the wrong link or respond to a suspicious request.

That’s why cybersecurity awareness is essential!

What does cybersecurity awareness mean?

Cyber awareness goes far beyond simply knowing that ‘hackers exist’. It is about developing a security-conscious workplace culture, in which employees:

• Recognize and understand risks (phishing, malware, social engineering).
• Know how to act safely in everyday situations.
• Staying alert even when the workload is high or the attack is subtly packaged.

Awareness is therefore not a one-off training course or checklist, but an ongoing process of learning and application.

The dangers of not paying attention to cybersecurity

Many organizations still underestimate the impact of untrained employees. Some facts:

• Human error accounts for 74% of all data breaches (according to recent security reports).
• Phishing remains the most popular method of attack: a single click can grant access to entire corporate networks.
• The financial damage caused by a single incident can quickly amount to tens of thousands of euros, not to mention the potential reputational damage and fines under the GDPR.

As you can see, even the strongest IT environment can be undermined by a single inattentive employee.

Why one cyber security awareness training is not enough

Many companies invest in an annual e-learning or one-off workshop. The problem?

• Information fades quickly without repetition.
• Cyber threats are constantly evolving, so what was relevant last year is now obsolete.
• Employees become less alert when there are no regular triggers.

Awareness only works if it is part of the company’s DNA: short, relevant and repeated training, supplemented with practical simulations such as phishing tests.

The role of OpenSight and KnowBe4

At OpenSight, we believe that an organization can only be truly secure if people are part of the defence. That is why we work together with KnowBe4, the global market leader in security awareness.

What makes this approach unique?

• Access to a library full of training content, available in multiple languages and styles.
• Gamification and campaigns that really appeal to employees (like this year’s 80s arcade theme).
• Reports and metrics that show where risks lie and how they are reduced through training.

With this combination, we make security awareness fun, understandable and effective.

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month worldwide. We are seizing this opportunity to raise awareness among organizations concerning the role their employees play. In collaboration with KnowBe4, OpenSight is organizing a free webinar in which we will take a closer look at:

• How to create support among management and employees.
• The latest cyber threats and how criminals operate.
• Practical ways to improve awareness structurally.

Cybersecurity is never “done”

As cybercrime never stops, neither can cybersecurity awareness. A one-off training course can create a false sense of security. In contrast, continuous programs build a human firewall that keeps pace with the times.

Would you like to know how you can achieve this in your organisation?
Register for our webinar during Cybersecurity Awareness Month and discover how you can structurally embed awareness in your corporate culture.

Why small businesses need to work on their cyber security now (and how to get started)

Cybercriminals have already stopped putting all their work into the big guys. Small businesses are now the ideal target. why is this? Because they are often just a little less well prepared. No extensive IT department. No 24/7 security monitoring. And often in possession of just enough technology to be vulnerable, but not enough to shield that vulnerability.

Sound familiar? Then this checklist is definitely for you too.

We provide 10 practical tips to help you boost your cyber resilience today. They are practical, proven and specially tailored to the challenges faced by smaller organizations. Good cyber security is not a luxury — it’s a necessity. It’s a prerequisite for doing business safely.

1. First, take a critical look at your current security

A good defence starts with an overview. Do you know where your sensitive data is stored? Who has access to it? What would happen if a laptop went missing or someone walked into the office without ID?

These kinds of fundamental questions form the basis for a secure digital infrastructure.

2. Passwords should not be a weak link

Poor passwords are digital open doors. Make sure your employees use strong, unique passwords. Set up multi-factor authentication (MFA) and update passwords regularly. You may also wish to consider additional security measures such as biometrics, badges, or tokens. The more layers of security, the better.

3. Follow your data like a shadow

Data is the beating heart of your business. From customer information to quotations. Map out where your data lives (locally, in the cloud, on mobile devices) and protect it with modern endpoint security. Smart tools recognize threats in real time and intervene automatically.

4. Encrypt everything of value

Ensure that all your data (including data in transit and stored data) is encrypted. This will keep it unreadable, even if it falls into the wrong hands.

5. Don’t assume that the cloud will take care of everything

Although the cloud is convenient, it is not inherently secure. You are still responsible for what happens in your cloud environment. So make sure you secure your accounts, APIs and containers. In short: secure everything.

6. Working from home? Set up a VPN

Working remotely is the new normal. But you don’t want your data travelling with you over unsecured networks in cafés or trains. A VPN encrypts traffic and makes remote access a lot more secure.

10. Train your people and repeat this regularly.

Technology helps, but people make the difference. Make sure your team knows what phishing looks like, why they should lock their screen and what ‘zero trust‘ means in practice. Repeat. Repeat. Repeat.

Can’t quite figure it out?

We are here to help. Cybersecurity doesn’t have to be complicated — as long as you know where to start. If you want to go beyond this checklist, OpenSight can help. We offer everything from risk scans and training sessions to advanced cloud security and real-time monitoring, helping you to grow without worry.

Schedule a no-obligation consultation with our specialists for more information.

Cyber threat grows. Are you prepared?

The digital world is changing at lightning speed and with it the landscape of cyber threats. From ransomware to sophisticated phishing and zero-day attacks, the risks to organisations are increasing by the day. Small and medium-sized enterprises (SMEs) in particular are an attractive target for cybercriminals, as there is often less investment in modern security.

IT managers and CISOs face an obvious challenge: how do you build a resilient IT environment that not only detects attacks, but also recovers from them quickly? The answer lies in smart integrations, like the one between Commvault and CrowdStrike. That is something OpenSight is happy to help you with.

What makes this cybersecurity integration unique?

The combination of Commvault Cloud and CrowdStrike Falcon® provides organizations with a powerful, integrated solution for cyber detection, incident response and data loss recovery. This collaboration is not just a technical link, but a strategic defense tool that directly contributes to your cyber resilience.

1. Early detection of threats

CrowdStrike’s real-time threat intelligence recognises even the most sophisticated attacks early. Think fileless malware or lateral movements of an attacker within your network. You often don’t see these with traditional antivirus or EDR tools.

2. Insight into contaminated and clean data

Commvault uses this threat intelligence to quickly identify which systems and data have been compromised, and which are still ‘clean’. This way, you know immediately what can be safely restored, without reactivating ransomware during a restore.

3. Fast, controlled recovery processes

Cleanroom Recovery lets you test cyber recovery plans safely in a simulated environment. This ensures that your organization is truly prepared for an attack.

Why choose OpenSight?

As a certified partner of both Commvault and CrowdStrike, OpenSight offers unique additional value:

• Expertise in implementation of both platforms and their integration.
• Customized guidance, from strategic advice to technical implementation.
• Proactive monitoring and optimization of your cyber resilience environment.
• Short lines and clear communication, we are your brainstorming partner.

We work with SMEs, healthcare institutions, educational organizations and companies in industry on a daily basis. We understand your challenges and deliver solutions that fit your budget and ambitions.

Cyber resilience starts with the right choices

Do you want to not only survive a cyber attack, but emerge stronger? Then integrating Commvault and CrowdStrike is the smart choice. And OpenSight is the right partner to make that choice a reality.

Don’t let your organization be caught by surprise. Take the step today towards a robust, future-proof cybersecurity strategy.

Schedule a free strategy session with our experts and find out how your organization will become truly resilient to cyber threats in 2025.

Would you like more and in-depth information on this Commvault and Crowdstrike integration? Then download the Solutions Letter at the bottom of this page.

Last week, two of our key vendors further strengthened their collaboration. We from OpenSight are pleased to see the integration and consolidation continue within our commited vendors.

Commvault en Crowdstrike

Commvault, a leading player in data protection and cyber resilience for hybrid cloud environments, has announced a strategic partnership with CrowdStrike to integrate their advanced cyber security platform, Falcon. This collaboration is aimed at improving cyber threat detection and ensuring rapid recovery, thereby providing businesses with better protection against modern cyber attacks.

By using CrowdStrike’s comprehensive threat intelligence and security data, combined with Commvault’s cloud-first capabilities, this integration provides joint customers with an additional layer of security. This is achieved through real-time threat insights, faster detection and remediation processes.

Strengthening the Cybersecurity Ecosystem

This partnership with CrowdStrike reflects Commvault’s ongoing commitment of expanding its cyber security ecosystem. The company is actively working with leading security providers to develop comprehensive solutions to detect, mitigate and recover from cyber attacks. By integrating their respective strengths, Commvault and CrowdStrike aim to provide companies with a solid defence against cyber threats, enabling them to recover quickly and mitigate damage.

If you want to know more about this integration, feel free to contact us.

Last month was another one of those days, there was a global disruption caused by a bug in software. Unfortunately, the error turned out to be so severe that Windows machines went into a blue-screen of death (BOSD). So even though CrowdStrike had fixed the issue within 90 minutes and stopped pushing the faulty update, the damage had been done. I sympathise with the IT departments that had to deal with this as this must have caused massive chaos. This incident, where problems with CrowdStrike security software led to computer system failures worldwide, highlights the need for a robust Disaster Recovery (DR) plan. This article discusses the importance of a good DR plan and highlights the essential steps: inventory, plan, test, learn and repeat.

Inventory: understand what you need to protect

The first step in creating an effective DR plan is taking an inventory. This involves making a complete and detailed list of all critical IT assets within your organization.

This includes servers, network equipment, software applications, data storage and even physical locations. Understanding which systems and data are critical to your core processes helps prioritize protection measures, as well as develop a plan.

When taking inventory, it is important to also identify dependencies between systems. This means understanding how different components of your IT infrastructure are connected and how a failure in one system can impact other systems. It’s advisable here to look especially at the organization’s core processes and, from that perspective, determine how to get these processes back up and running when things go wrong.

Plan: develop a strategic DR plan

With a thorough inventory, you can move on to the planning phase. A strategic DR plan should include clear procedures for different disaster scenarios, such as natural disasters, cyber attacks, hardware failures and human error. It is essential to assign specific responsibilities to team members and ensure that everyone knows what is expected of them in case of an emergency.

A good DR plan also includes a communication plan. This plan should describe how to communicate internally and externally during and after a disaster. The CrowdStrike incident highlights the importance of transparent communication to prevent panic and keep customers and partners informed of the recovery measures taken.

Learn: draw lessons from every incident

After every test or actual disaster, it’s important to carry out an evaluation and learn from the experience. This process includes analyzing what went well, what did not go well and what improvements can be made. Learning from incidents and tests helps to continuously improve and adapt your DR plan to new threats and technologies.

Repeat: continuous improvement and updating

Developing a DR plan is not a one-off task. It is an ongoing process that needs to be repeated and updated regularly. Technologies evolve, new threats emerge and business needs change. By regularly reviewing and updating your DR plan, you can ensure that you are always prepared for the latest challenges.

The CrowdStrike incident highlights how vulnerable even the most sophisticated IT systems can be and how important it is to have a robust and up-to-date DR plan. By taking inventory, planning, testing, learning and repeating, you can minimize the impact of disasters and ensure the continuity of your business processes. The IT chain is only as strong as its weakest link!

Of course, it is good to keep in mind that despite CrowdStrike causing this catarostrophic incident, they still prevented more downtime for customers than they caused.

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.