Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
58 articles found · #solution
West Pharmaceutical (4 May 2026): why immutable, isolated backups are vital (DORA)
On 4 May 2026, West Pharmaceutical suffered a ransomware attack with data theft and encryption, halting manufacturing and shipping. Here is the backup architecture that prevents prolonged outages and meets DORA.
Instructure/Canvas: 275M users at risk — 24/7 SOC to meet NIS2 Art. 23
ShinyHunters breached Instructure/Canvas, threatening up to 275M records. How a managed SOC/SIEM enables 24h qualification and ILR notification under NIS2 Art. 23.
ENISA 2026: Exercise Methodology to Operationalize DORA Article 24
ENISA releases a cybersecurity exercise methodology with ready-to-use kits. In practice: DORA Article 24–aligned tabletop tests to speed decision-making and reduce ransomware impact.
FlowerStorm (KrakVM) evades email filters and the NIS 2 stakes
The FlowerStorm phishing kit runs obfuscated JavaScript in KrakVM to intercept MFA. Here is how an email gateway, DMARC/SPF/DKIM, and a 24/7 SOC help meet NIS 2 in Luxembourg.
CSSF — Circular 25/893: tightened ICT alerting and reporting under DORA
The CSSF tightens ICT incident classification and notification under DORA via eDesk. Here is how an EDR/XDR stack enables timely detection, qualification, and reporting with harmonized deadlines.
CSSF 25/883 amends 22/806: continuous cloud oversight
On 9 April 2025, the CSSF adjusted 22/806 via 25/883 to align ICT outsourcing with DORA. Here’s how a robust CSPM prevents cloud leaks and demonstrates compliance.
ChipSoft ransomware: why immutable, isolated backups are non-negotiable
The ChipSoft (HiX) attack disrupted hospital services and exposed data. Here’s how immutable backups and an isolated backup network meet DORA/NIS 2 and prevent prolonged outages.
Okta/SSO hit by vishing: how FIDO2 blocks MFA bypass
In January 2026, Okta/Entra accounts were breached via vishing and AiTM proxies capturing OTP/push in real time. Phishing-resistant FIDO2/WebAuthn meets GDPR Article 32 requirements.
AZ Monica crippled by ransomware: why immutable backups matter
Belgium’s AZ Monica hospital shut down its servers after a cyberattack. Here’s how immutable, isolated backups enable fast recovery aligned with DORA/NIS 2.
French Council of State — Beaucaire (Apr 30, 2024): the CNIL bar for IAM
France’s Council of State confirms CNIL’s password guidance as state of the art to assess GDPR Article 32. Robust IAM governance enables compliance by design.
CNIL vs Free/Free Mobile (€42M): a 24/7 SOC is now essential under NIS 2
Following the €42M fine against Free/Free Mobile, weak VPN auth and failed detection show why a 24/7 SOC is critical for GDPR and NIS 2 (24-hour alert).
Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h
Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).