Read our insights, reports and more

Industrial group BLRT recently learned that it must comply with Estonia’s new Cybersecurity Act, which entered into force this year. Based on the company’s experience so far, BLRT Group IT Director Marek Trautmann has a clear message: “Compliance should not be left to chance.”

On 1 January 2026, amendments to Estonia’s Cybersecurity Act entered into force, transposing the NIS2 Directive into Estonian law. According to the Estonian Information System Authority (RIA), this increased the number of companies and institutions required to comply with cybersecurity obligations from around 3,500 to nearly 6,500.

Grant Thornton Baltic announced on 1 April that it has proposed considering the partial privatisation of the Estonian Information System Authority (RIA) and, in cooperation, creating a new information system, MinuKüTS. The aim is to help companies finally understand which cybersecurity and information security requirements actually apply to them and what obligations they must fulfil.

In this article, we’ll explore how attackers are misusing trusted technologies - like OAuth and DKIM (more on these in a moment) - and why everyone should be cautious when a message or application requests access to user accounts.