Cybersecurity Roundup: Partnerships, Funding, and Emerging Threats – January 20, 2026 (Allurity, Infosys, Armis, Huawei/ZTE, Greece–Israel Anti-Drone Cooperation)

Today’s cybersecurity storylines converge on two clear, connected currents: (1) nation-state and cross-border defense cooperation is deepening to address hybrid threats that mix physical and cyber domains — exemplified by Greece and Israel agreeing to cooperate on anti-drone systems and cybersecurity — and (2) Europe continues to accelerate moves aimed at tightening supply-chain trust in critical telecommunications, with regulatory pressure to phase out high-risk vendors like Huawei and ZTE. At the same time, industry signals matter: a leadership appointment at Allurity, brand growth at Infosys, and Armis’ customer win with Italian grocer Multicedi emphasize how private sector capability and reputational momentum are reshaping the market for cyber resilience services. These developments together underscore a market where geopolitics, technology supply chains, and enterprise security investments are tightly intertwined.

Introduction — framing today’s themes

The modern threat environment is a braided river of kinetic and digital dangers: drones and swarms operate at the physical edge while malware, identity compromise, and supply-chain manipulation flow in the networks that bind societies together. Today’s headlines show that governments and private providers are moving simultaneously to block supply-chain risk at the regulatory level, fortify national and regional defenses through partnerships, and push the commercial market toward verified resilience services. These are not independent moves — they are complementary elements in a larger geopolitical and market response to a world where digital dependencies carry strategic weight.

Across the five stories that form the backbone of this briefing, three repeated motifs appear:

1. Partnerships for layered defense. Security is increasingly built through alliances — bilateral defense pacts, vendor-ecosystem relationships, and managed security partnerships that combine threat intelligence, device visibility, and incident response.

2. Regulation as risk mitigation. Policy is moving from guidance to mandate: the EU’s push to exclude “high-risk” telecom suppliers signals a strategic preference for trusted supply chains and may ripple into procurement, vendor valuations, and network architecture decisions.

3. Market differentiation through capability and trust. Leadership moves and customer wins illustrate that vendors who can credibly claim strong governance, technical depth, and sector experience will capture growth as organizations prioritize cyber resilience and compliance.

This briefing examines each story, explains why it matters to CISOs and security teams, and offers practical implications for procurement, architecture, and risk management. SEO keywords woven through: cybersecurity, cyber resilience, data breach prevention, supply chain security, 5G security, anti-drone systems, threat intelligence, vendor risk, and incident response.

1) Greece–Israel cooperation on anti-drone systems and cybersecurity: merging kinetic and cyber defenses

What happened: Greek Defence Minister Nikos Dendias announced that Greece will cooperate with Israel on anti-drone systems and cybersecurity after talks with his Israeli counterpart in Athens. The cooperation focuses explicitly on countering drone swarms, unmanned subsea vehicles, and improving readiness to intercept cyber threats.

Source: U.S. News (provided), reporting corroborated by Reuters and AP.

Why it matters (short): This is a concrete example of how states are integrating kinetic-defense technologies (anti-drone/air defense) with cyber capabilities. For national security planners and enterprise CISOs operating in the region (or with assets there), it means increased focus on converged risk assessments that account for both physical unmanned systems and the networks that control, command, or monitor them.

Detailed analysis and implications

1. Convergence of defense domains.
   The modern battlefield blurs physical devices (drones, UUVs — unmanned underwater vehicles) and the networked control plane that governs them. An anti-drone strategy that ignores cyber hardening is half a strategy: many drone swarms are vulnerable to GPS spoofing, command-and-control interception, or firmware manipulation. Cooperation with Israeli defense and cyber firms — given Israel’s dense defense-tech cluster and operational experience — suggests Greece will prioritize integrated solutions that couple sensors, electronic warfare, and digital threat detection. For enterprises, this is a reminder to integrate operational technology (OT) and IoT risk models into enterprise threat playbooks.

2. Threat intelligence sharing and operational playbooks.
   When states partner, information sharing flows faster and exercises become more realistic. Expect joint exercises, shared threat intelligence, and possibly the co-development or procurement of counter-UAV (C-UAV) platforms that embed firmware attestation, secure provisioning, and hardened communication channels. That benefits civilian sectors — ports, energy, and critical infrastructure — that need coordinated incident response and clear escalation paths when physical assets are compromised.

3. Procurement and industrial policy.
   These deals typically create procurement preferences for firms with defense clearance, export licensing, and dual-use technical capabilities. Vendors should expect new RFPs emphasizing end-to-end security across hardware and software stacks, stronger auditing, and lifecycle management for embedded systems. For CISOs, procurement checklists should now include firmware provenance, secure boot, real-time integrity monitoring, and post-quantum readiness where applicable.

4. Regional signal.
   The Greece-Israel move is part of a larger pattern of smaller powers forming layered security pacts to offset asymmetric capabilities. This will likely accelerate demand for cross-domain security products (e.g., sensor fusion platforms, extended detection and response that covers OT/IoT, and secure C2 communications). Vendors that can demonstrate multidisciplinary operations experience — combining RF/electronic warfare, sensor networks, and cyber threat hunting — will be positioned well.

Actionable guidance for security leaders

• Update tabletop exercises to include physical-digital attack vectors (drone spoofing, supply-chain compromise of AV firmware, etc.).

• Review vendor SLAs and attestations for hardware-level security (secure enclave, signed firmware updates).

• Engage with local authorities and industry ISACs to understand how new bilateral defense cooperation might alter incident reporting expectations and cross-border legal considerations.

2) Brussels plans: forcing governments to block Huawei/ZTE from 5G and other critical infrastructure

What happened: The European Commission is proposing stricter rules to phase out “high-risk” telecom suppliers from critical infrastructure and to move beyond voluntary guidelines. The initiative would empower Brussels to compel national governments to exclude suppliers that pose systemic risk — widely interpreted to target Chinese vendors such as Huawei and ZTE — from critical parts of 5G and other network infrastructure. The proposal also contemplates extending protections to additional sectors like border scanners, water systems, and certain medical devices.

Source: Politico (provided), corroborated and expanded by AP and FT reporting.

Why it matters (short): A binding EU measure to exclude high-risk suppliers would rewrite procurement rules and accelerate network modernization plans — but with transitional costs. For CISOs and procurement heads, this creates a tight timeline for inventorying network assets, identifying embedded high-risk components, and planning replacement strategies that minimize disruption while satisfying new compliance expectations.

Detailed analysis and implications

1. Regulatory move from voluntary to mandatory.
   Historically, the EU has relied on recommendations and member-state discretion on telecom supply-chain risk. A centralizing move to make exclusions mandatory changes market dynamics: operators must accelerate vendor diversification, and EU-based vendors may see commercial tailwinds. That has direct security implications — mandatory replacements can create short-term operational risk (e.g., hurried migrations) but aim to reduce long-term systemic exposure to supply-chain compromise.

2. Supply-chain security as national security.
   Labelling suppliers as “high-risk” elevates supply-chain security into the national security sphere. This elevates the need for rigorous software bill of materials (SBOM) practices, verifiable hardware provenance, and robust firmware integrity checks. Enterprises should accelerate SBOM adoption and insist on regular independent security attestations from telecom equipment vendors.

3. Economic and operational trade-offs.
   Removing entrenched vendors from networks is expensive and logistically complex. Operators will need multi-year rollout plans with staged replacement, fallback compatibility, and tested interoperability. Short cuts or skipping end-to-end testing will increase the probability of outages or configuration errors that attackers could exploit. Security teams should push for transition plans that embed security testing, red-team validation, and staged failover.

4. Ripple effects across ecosystems.
   This policy could create market opportunities for alternative vendors, but also fragmentation risk: a patchwork of national rules could raise cross-border interoperability challenges. Moreover, the legislation’s scope beyond telecom (e.g., into medical devices and water systems) means organizations outside the traditional telco world must reevaluate vendor risk frameworks.

5. Geopolitical dimensions and vendor responses.
   Vendors labeled as “high-risk” will push back diplomatically and legally, arguing discrimination and trade concerns. Expect litigation, bilateral negotiation, and — pragmatically — a period during which operators and regulators negotiate transition costs and timelines. Meanwhile, threat actors may exploit transitional complexity to probe and attack hybrid environments.

Actionable guidance for security leaders

• Conduct a rapid supplier inventory focused on firmware, baseband, and embedded components; tag items that could fall under “critical infrastructure” rules.

• Build a prioritized replacement roadmap with vendor alternatives and staged deployment tests.

• Insist on SBOMs, signed firmware, and third-party attestation for new telecom and critical-system procurements.

• Coordinate with legal and regulatory teams to model compliance timelines and cost impact.

Bottom line: The EU’s move from voluntary guidance to enforceable exclusion for high-risk suppliers is a turning point. It aligns policy with a risk-reduction mindset (protect the crown jewels) but introduces short-term operational risk that must be managed through meticulous planning and security-first procurement.

3) European cybersecurity group Allurity appoints Henrik Brinkhagen as CEO of ID North

What happened: European cybersecurity group Allurity announced the appointment of Henrik Brinkhagen as CEO of ID North, a regional identity and security services business unit. The leadership change signals organizational focus on identity, access management, and regional Go-To-Market for managed identity services.

Source: PR Newswire.

Why it matters (short): Leadership changes matter when they signal strategic priorities. Appointment of a CEO for a unit focused on identity shows Allurity betting on identity-centric security services as a growth vector — resonant with the broader industry shift toward identity as the new perimeter.

Detailed analysis and implications

1. Identity as control plane.
   Identity and access management (IAM), privileged access management (PAM), and identity governance (IGA) have become the primary control planes for modern cybersecurity. The appointment suggests Allurity intends to scale identity services — managed IAM, identity lifecycle automation, and identity threat detection — to meet growing enterprise demand. For customers, this likely means bundled offerings that combine threat detection with identity orchestration.

2. Managed services and regional focus.
   Europe’s regulatory landscape (GDPR, NIS2) and regional compliance needs make localized, well-regulated managed services attractive. A CEO for ID North points to targeted growth in Northern European markets where organizations prefer providers attuned to local compliance and language needs. Expect Allurity to lean on managed identity services that offer compliance reporting and local data residency options.

3. Partnership opportunities.
   Organizations should watch for Allurity’s potential partnerships with IAM platform vendors, MFA providers, and threat intelligence firms. Managed identity stacks that combine continuous authentication, adaptive access, and identity threat detection can be compelling — especially for mid-market customers that lack large in-house security teams.

4. Market signal to investors and buyers.
   Leadership hires often precede business development pushes, acquisitions, or product launches. If Allurity invests in identity automation and identity analytics, competitors may respond with their own bundling strategies, driving consolidation in the managed identity and MSSP markets.

Actionable guidance for security leaders

• Evaluate managed identity service offerings with an eye to compliance features and data locality.

• Demand proof of continuous authentication and identity behavior analytics in vendor demos.

• Consider piloting outsourced identity operations where internal teams lack resources, but ensure SLAs and incident playbooks are tight.

Bottom line: Identity is the linchpin of modern security architecture. Allurity’s leadership move is consistent with an industry that increasingly prioritizes identity-centric controls and managed services as a pragmatic route to scale.

4) Infosys: fastest-growing IT services brand with 15% CAGR in brand value — what it means for cybersecurity procurement

What happened: PR Newswire reported that Infosys has been identified as the fastest-growing IT services brand globally with a CAGR of 15% in brand value. While the announcement centers on brand valuation and business performance, the implications extend into IT sourcing and security: large IT services providers like Infosys play an outsized role in digital transformation, cloud migration, and large-scale secure engineering programs.

Source: PR Newswire.

Why it matters (short): As global consultancies and IT integrators grow in brand value and market reach, they become critical cyber supply-chain nodes. Their security posture, governance, and the controls they impose on client implementations materially affect systemic risk.

Detailed analysis and implications

1. Scale and systemic importance.
   When a single IT services firm is the engine behind many organizations’ cloud migrations, app modernization, and managed services, its security hygiene becomes a systemic factor. Brand growth often correlates with larger client footprints and deeper entanglement in critical systems — which raises the bar for their internal security practices and third-party risk controls. CISOs should treat large integrators with the same scrutiny reserved for telecom vendors or platform providers.

2. Sourcing decisions: competence, not just cost.
   Growth in brand value is a proxy for market trust and capability. But for security procurement, marketing accolades are not substitutes for evidence: insist on independent audits (SOC 2/3, ISO 27001), secure SDLC attestations, and code and infrastructure scanning pipelines. Where Infosys or another major integrator is selected, contractually require visibility into their DevSecOps processes, vulnerability management cadence, and subcontractor risk management.

3. Opportunity for security-centric partnerships.
   Large integrators that are building cloud and digital stacks often partner with best-of-breed security firms or build in-house security practices. This presents an opportunity for CISOs to design co-managed models where the integrator handles scale, while an internal security team—or a trusted vendor—retains control over security policy enforcement, configuration baselines, and incident response plans.

4. Reputational and incident fallout risks.
   As integrators grow, any public breach or misconfiguration affecting one large integrator can have outsized PR and legal consequences. Procuring organizations should negotiate breach notification clauses, tabletop exercise obligations, and clear liability allocations. Moreover, reputation gains (brand value increases) can also mean increased targeting by adversaries, making proactive testing and continuous monitoring essential.

Actionable guidance for security leaders

• Treat major integrators as systemically important suppliers: require SBOMs, secure configuration baselines, and vendor-controlled patching windows.

• Insist on vendor transparency for third-party code, subcontractors, and offshore development centers — these are common vectors for risk.

• Negotiate for joint incident response exercises and run live-fire simulations that include the integrator, cloud provider, and internal SOC.

Bottom line: Brand growth at IT services firms like Infosys amplifies their influence and responsibility in the security ecosystem. Organizations must raise their procurement and oversight standards accordingly.

5) Armis helps Italian grocery retailer Multicedi strengthen cyber resilience — the customer story that illustrates broader commercial dynamics

What happened: Armis announced a deployment to help Italian grocery retailer Multicedi strengthen cyber resilience across its retail estates. The engagement centers on device visibility, asset discovery, and threat detection for connected devices — classic Armis strengths in IoT/OT security for retail and supply chains.

Source: BusinessWire.

Why it matters (short): Retailers are among the most IoT-dense enterprises — point-of-sale terminals, inventory scanners, HVAC controllers, digital signage — making them attractive targets for ransomware, payment fraud, and supply-chain disruption. Customer wins like this illustrate the commercial demand for solutions that provide full asset visibility and targeted threat detection for nontraditional endpoints.

Detailed analysis and implications

1. Visibility-first approach is winning.
   Asset visibility is the foundational security control for IoT/OT environments. Armis’ business model — continuous device discovery and behavior monitoring — shows that many organizations still lack a unified inventory of connected devices. For retailers, visibility translates to the ability to quickly isolate compromised POS terminals, identify anomalous device behavior, and reduce dwell time for attackers.

2. Retail chains and operational continuity.
   Grocery and retail depend on always-on operations. Security solutions that can integrate with network segmentation, automate containment, and provide actionable forensics help preserve uptime while enabling measured incident response. For supply-chain resilience, knowing which devices are critical and ensuring they have patched firmware and limited remote management access is essential.

3. Threat detection tailored to device behavior.
   IoT devices exhibit different telemetry and signals compared to servers. Behavioral baselines, protocol-aware detection, and device-specific playbooks are required. Vendors that combine device context (manufacturer, model, firmware) with network telemetry provide more precise alerts, reducing false positives and enabling faster remediation.

4. The role of managed detection in SME retail.
   Many retailers lack in-house SOCs. Managed detection and response for IoT/OT is a pragmatic route to operationalize these capabilities. Vendors winning retail engagements typically offer flexible deployment models, central dashboards for multi-site operations, and automated containment workflows.

Actionable guidance for security leaders

• Prioritize full asset discovery before pursuing advanced threat detection. You can’t protect what you can’t see.

• Implement micro-segmentation for device classes (POS, inventory scanners, HVAC, kiosks) to limit lateral movement.

• Demand device-level forensics and firmware tracking from vendors to accelerate patching and vendor escalations.

Bottom line: Multicedi’s deployment of Armis is a microcosm of the retail sector’s push to tame IoT complexity. For enterprises with distributed physical assets, visibility and behavior-centric detection are nonnegotiable.

Cross-cutting implications: what these stories mean together

Taken together, the five items in today’s briefing tell a single overarching story: security is now a geopolitical, commercial, and operational priority that requires coordinated responses across states, markets, and vendor ecosystems. Here are the dominant cross-cutting themes and practical implications.

A. Geopolitics shapes procurement and architecture

• The EU’s move to make exclusions mandatory transforms procurement law into a security instrument. Vendors and operators must design for replaceability and modularity: architectures that separate control planes, support multivendor interoperability, and enable graceful vendor rotation will be advantaged.

• Bilateral defense cooperation (Greece–Israel) demonstrates how regional alliances translate into joint procurement strategies and shared threat intelligence. Enterprises that operate across borders need to monitor geopolitical changes and revise risk assessments accordingly.

B. Identity and visibility are foundational controls

• Allurity’s focus on identity and Armis’ visibility wins underscore a simple but powerful rule: identity and asset visibility are the prerequisites for higher-order security. Organizations should prioritize identity governance and device inventory before deploying advanced analytics or expensive threat feeds.

C. Regulation accelerates market consolidation and differentiation

• Mandatory exclusions and compliance regimes elevate the value of vendors who can provide verifiable supply-chain security and compliance evidence. This will drive consolidation around firms with strong audit trails, transparent governance, and demonstrated engineering rigor.

D. Operationalizing resilience requires the right contracts and playbooks

• Integrators like Infosys are central to large digital transformations. Their brand growth means many organizations will rely on them for core migrations and implementations. Legal teams must ensure SLAs, breach notification terms, and joint incident response playbooks are explicit — so that operational changes don’t create ambiguity in crisis.

E. Threat actors exploit transition periods

• Transitions — replacing telecom suppliers, rearchitecting identity systems, or migrating operational systems — are windows of vulnerability. Attackers probe during migrations. Security leaders must require staged testing, continuous monitoring, and fallback procedures to mitigate transition risk.

Practical checklist for CISOs and security teams (prioritized)

Use this checklist as a pragmatic translation of today’s news into action items.

1. Inventory & classification

   • Build an up-to-date SBOM and hardware inventory for network and critical systems. Tag any components supplied by vendors that could be designated “high-risk.”

   • Catalog IoT/OT devices and their firmware/firmware update mechanisms.

2. Identity & access controls

   • Ensure multi-factor authentication and passwordless strategies are deployed for admin access.

   • Implement identity lifecycle automation and privileged access controls. Consider managed identity services where internal capability is limited.

3. Procurement & contracting

   • Require SBOMs, signed firmware, and independent audit reports (SOC 2, ISO 27001) from vendors.

   • Add clause for staged migration testing, breach notification timelines, and coordinated tabletop exercises with integrators and managed vendors.

4. Architecture & segmentation

   • Design networks to allow rapid vendor replacement (modular, microsegmented).

   • Apply strict segmentation for IoT/OT and POS networks with enforced egress/ingress rules.

5. Threat intelligence & partnerships

   • Join relevant ISACs / sector alliances and push for bilateral sharing where geopolitics affect operations.

   • Evaluate vendors’ ability to integrate shared intelligence into detection rules.

6. Incident response & transition playbooks

   • Run live-fire tabletop exercises that include integrators and critical vendor representatives.

   • Create transition-risk playbooks for vendor replacement phases.

7. Governance & reporting

   • Align board reporting with geopolitical and supply-chain risk exposures. Include scenario modelling of mandatory vendor exclusions and possible replacement timelines.

What vendors and investors should watch

• Vendors should invest in transparent supply-chain attestations (audited SBOMs, secure firmware pipelines) and product modularity. Offer migration tools and professional services that make vendor rotation less risky and costly.

• Investors should evaluate security vendors’ ability to demonstrate enterprise readiness: compliance certifications, depth of professional services, and defensible IP around detection for IoT/OT and identity security.

• Private equity and M&A: expect consolidation in identity and IoT security markets, as enterprises seek single-pane solutions to manage identity and device sprawl.

Forecast: how these trends will evolve over 12–24 months

1. Acceleration of vendor trust markets.
   Tools that validate hardware provenance and firmware integrity will move from boutique to mainstream. Expect standardized attestation frameworks to emerge and become procurement must-haves.

2. Policy contagion beyond the EU.
   If the EU enacts mandatory exclusions, other jurisdictions (e.g., Canada, Australia) may consider similar measures or align procurement standards to avoid cross-jurisdictional fragmentation.

3. Hybrid incidents increase.
   Attacks that combine physical disruption (drones, tampered devices) with digital extortion or data theft will grow. Hybrid incident playbooks and joint civil–military coordination will become more common.

4. Managed security buys for SMEs.
   SMEs and retailers will increasingly buy managed detection for IoT/OT and managed identity services, as the complexity of doing it in-house becomes prohibitive.

5. Talent and skills crunch in identity and IoT security.
   Demand for specialists in identity engineering and IoT device security will outstrip supply — vendors with automated tooling and strong managed services will win market share.

A cautionary note on execution risk

Good policy and ambitious procurement are necessary but not sufficient. The practical challenge is execution — replacing entrenched components, rewiring identity flows, and integrating device visibility across legacy estates are hard, expensive, and time consuming. Shortcuts or underfunded transition plans will introduce their own risk. The optimal approach is incremental, measurable, and tied to defined security outcomes (reduced mean time to detection, reduced attack surface, reduced lateral movement).

Closing — an op-ed reflection

The five items we took apart today — from Greece’s military ties with Israel to Brussels’ hardline posture on telecom suppliers, from leadership appointments and brand momentum to a retail customer deployment — are more than isolated headlines. They are evidentiary threads of a larger tapestry: a world reorganizing its digital supply lines, reimagining identity as the new perimeter, and demanding verifiable resilience. The market will reward clarity and engineering discipline. Regulators will test commercial flexibility. Adversaries will probe the seams.

For security leaders, the core takeaway is straightforward: treat your supply chain, identity plane, and nontraditional endpoints as strategic priorities — and plan migrations as security exercises, not just procurement events. Do this well, and you reduce systemic exposure; do it poorly, and transition windows will be the noisier, costlier moments when attackers make headlines.

Quick reference: the five original stories this briefing was based on

• Greece–Israel cooperation on anti-drone systems and cybersecurity — reported Jan 20, 2026. (Source: U.S. News; corroborated by Reuters and AP).
• Brussels plans to force governments to block Huawei/ZTE from 5G (EU proposals to phase out high-risk telecom suppliers). (Source: Politico; corroborated by AP and Financial Times).
• Allurity appoints Henrik Brinkhagen as CEO of ID North (PR Newswire).
• Infosys fastest-growing IT services brand with 15% CAGR in brand value (PR Newswire).
• Armis helps Italian grocery retailer Multicedi strengthen cyber resilience (BusinessWire).

Recommended reading / next steps for security teams

1. Convene a cross-functional workshop (security, procurement, legal, ops) to inventory telecom and critical-system suppliers. Use the checklist above.
2. Prioritize identity and asset discovery pilots in the next 30–60 days. Consider managed pilots if internal staff are overstretched.
3. Engage in ISACs and bilateral intelligence sharing where practical; participate in industry-specific resilience exercises.
4. Review vendor contracts for incident clauses and ensure integrators are contractually bound to participate in tabletop exercises and runbooks.