Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In an increasingly interconnected digital world, supply chain security has become a critical concern for European organizations, policymakers, and national defense agencies alike. With adversaries exploiting software dependencies, contractors, and managed service providers (MSPs), the cybersecurity risks embedded within supply chains have never been more significant.

Over the past few years, many countries have made considerable efforts to bolster cybersecurity preparedness. These efforts are understandable when put into a geopolitical context: global relationships in the past five years have been among the most tumultuous in decades, cybersecurity threats are more sophisticated than ever, and the world is increasingly reliant on digital technologies.

If your SaaS platform collects, processes, or stores EU residents’ data, GDPR compliance is essential to avoid regulatory issues, legal escalations, and operational interruptions. ‍ Due to GDPR’s comprehensive nature, ensuring compliance can be challenging—especially without adequate guidance. ‍ This guide provides granular information to help you start working toward GDPR compliance as a SaaS platform owner. We’ll cover: ‍

The EU’s NIS2 directive came into force on October 17, 2024. Notis Iliopoulos, VP MRC. Obrela explores the latest cyber resilience Directive’s pros and cons and suggests an alternative route the UK government might consider in developing its cybersecurity framework post-Brexit. The NIS2 Directive, which builds upon the original Network and Information Systems (NIS) Directive, aims to enhance the cybersecurity posture of critical sectors across the European Union.

The European Union’s AI Act, set to be enforced in 2025, is set to transform how businesses approach artificial intelligence. Designed to regulate AI development and deployment, the Act aims to ensure ethical, safe, and transparent AI usage. However, many organisations still struggle with compliance.

Organisations must adopt robust compliance strategies to align with the EU AI Act’s stringent requirements. This involves implementing effective data governance frameworks, ensuring data quality and integrity, and leveraging advanced data security solutions.

The Digital Operational Resilience Act (DORA) is the EU’s answer to ensuring digital operational resilience in financial services. This wide-reaching regulation applies to over 22,000 financial entities and Information and Communication Technology (ICT) service providers operating within the EU. But what does achieving compliance with the EU’s vision for resilience in digital financial operations look like?

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly.

Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.