Compliance on BSG Blog — Cybersecurity Insights

EU Radio Equipment Directive 2025: RED & EN 18031 Guide

Sun, 23 Nov 2025 14:36:33 +0000

From 2025, the European Union is raising the bar for cybersecurity in every connected device that uses radio technologies. If your product communicates via Wi-Fi, Bluetooth, cellular, Zigbee, LoRa, or any other radio interface, its path to the EU market now runs through a new compliance regime: RED cybersecurity requirements, the EN 18031 harmonised standards, and the Delegated Regulation (EU) 2022/30.

TLPT: Threat Led Penetration Testing Explained

Fri, 20 Jun 2025 10:00:00 +0000

Threat Led Penetration Testing (TLPT), also known as threat-led pentesting, is the gold standard for realistic cybersecurity validation. TLPT combines the latest threat intelligence, red teaming tactics, and business risk analysis to simulate attacks that your organization is most likely to face. Unlike generic pentesting, TLPT tests not just your systems for vulnerabilities, but also your ability to detect, respond to, and contain those attacks in real time.

EUVD Database: Europe’s CVE Alternative Explained | BSG

Wed, 14 May 2025 11:11:06 +0000

As the MITRE-run CVE program faces operational challenges, Europe has quietly launched a significant alternative. The European Vulnerability Database (EUVD), developed by ENISA, officially went live in April 2025.

Though some viewed it as a reaction to MITRE’s instability, the EUVD was long in the making. Its creation was mandated under the NIS2 Directive (Articles 62–63), adopted in 2022, which required ENISA to develop a vulnerability database serving the EU digital ecosystem.

CVE Under Threat: What You Need to Know

Wed, 16 Apr 2025 17:01:36 +0000

The Common Vulnerabilities and Exposures (CVE) program is one of the most critical pillars of modern cybersecurity. Without it, organizations around the world would struggle to identify, track, and prioritize vulnerabilities in software and hardware. But as of April 16, 2025, this essential system is facing a major disruption: the expiration of MITRE’s federal contract to operate the CVE program. Here’s what’s happening—and why you should care.

2024 EU Cybersecurity Insights

Mon, 09 Dec 2024 11:55:52 +0000

The 2024 EU Cybersecurity Report provides a detailed overview of the Union’s digital security challenges, key areas for improvement, and actionable strategies for stakeholders. As threats grow in complexity, this report highlights critical findings, emerging trends, and strategic recommendations to bolster the EU’s cybersecurity posture.

Enhancing Cybersecurity to Align with NIS2 Directive

Mon, 02 Dec 2024 16:11:58 +0000

The European Union’s NIS2 Directive, reinforced by ENISA’s 2024 Implementation Guidance, sets a comprehensive standard for [cybersecurity](https://bsg.tech/cyber-security/) across critical and digital service providers. For business leaders, adopting these practices ensures regulatory compliance and builds organizational resilience.

Understanding the NIS2 Directive and ENISA’s Guidance

The NIS2 Directive mandates robust cybersecurity measures for entities across sectors such as cloud computing and online platforms. ENISA’s guidance provides actionable steps to implement these measures effectively, emphasizing risk management, incident handling, and supply chain security.

Empowering Cybersecurity Governance: NCSC’s Board Toolkit

Sun, 01 Dec 2024 12:07:28 +0000

Cybersecurity is no longer just a technical issue; it’s a critical business risk that directly impacts organizational stability, reputation, and financial health. As digital dependency increases, so does exposure to cyber threats, from data breaches to ransomware attacks and supply chain vulnerabilities. For board members, addressing cybersecurity is not optional—it’s essential.