Read our insights, reports and more

Grant Thornton Baltic announced on 1 April that it has proposed considering the partial privatisation of the Estonian Information System Authority (RIA) and, in cooperation, creating a new information system, MinuKüTS. The aim is to help companies finally understand which cybersecurity and information security requirements actually apply to them and what obligations they must fulfil.

Belinda Borodin, who works as Head of Information Security, has a heart that belongs to sport. When the office door closes behind her at the end of the workday, you will soon find Belinda in the gym, where she coaches a sport that is still relatively uncommon in Estonia. However, her passion for the field suggests that its growth in recognition and popularity may not be far off.

In this article, we’ll explore how attackers are misusing trusted technologies - like OAuth and DKIM (more on these in a moment) - and why everyone should be cautious when a message or application requests access to user accounts.

The field of information security seems like a labyrinth full of abbreviations lately: NIS2, DORA, ISO 27001, E-ITS, SOC 2. Therefore, I will briefly advise on how to navigate information security regulations, standards, audits, and certifications.

New regulations have come into effect or will soon come into effect in Estonia, which will impose a range of information security obligations on various sectors. Entrepreneurs are struggling to understand where to start and which direction to go.

The Estonian information security standard (E-ITS) is an Estonian-language standard compatible with the Estonian legal system and developed for ensuring protection for business processes and information systems used for fulfilling public functions.

The Digital Operational Resilience Act (DORA), which came into effect on January 17 this year, aims to prevent cyber threats and reduce the impact of incidents on businesses and the broader European financial sector.

Anyone who has to consider any aspect of cybersecurity at their company has probably heard the sonorous sounding terms NIS 2, DORA, E-ITS or even ISO 27001.

In November 2023, Grant Thornton Baltic was certified with ISO 27001:2022 by Bureau Veritas, confirming that we identify, assess and manage security risks relating to information systems on an ongoing basis and in accordance with the requirements outlined.

According to the draft of the new Cryptocurrency Market Act, the Financial Supervision Authority will become the supervisory authority, and the administrative burden on market participants will increase.