Cybersecurity, explained for regulated businesses

What is DORA?

The EU Digital Operational Resilience Act: 5 pillars, ESA penalties up to €10M, and what Swedish financial entities must do now.

Swedish law

What is Cybersäkerhetslagen?

Sweden's NIS2 transposition (SFS 2025:1506). All kommuner in scope from January 2026, regardless of size.

What is shadow AI?

Employees using ChatGPT, Claude, Gemini for work without approval, uploading confidential documents and client data daily.

What is agentic AI security?

AI agents acting autonomously (browsing, executing code, sending emails) create a new, largely unmonitored attack surface.

What is ransomware?

How it works, real Swedish municipal incidents, and how eBuilder's SOC detects and contains it.

What is phishing?

The most common attack entry point. AI now generates phishing at scale, making every employee a target.

What is a SOC?

Inside eBuilder's own SOC: what analysts watch, how alerts are triaged, and what happens at 2am when something fires.

What is MDR?

Fast median response vs the industry average. Deployed Monday, active by Thursday. Sweden-based SOC.

Compliance & frameworks 13 topics

What is DORA?

The EU Digital Operational Resilience Act: 5 pillars, ESA penalties up to €10M, and what Swedish financial entities must do now.

Swedish law

What is Cybersäkerhetslagen?

Sweden's NIS2 transposition (SFS 2025:1506). All kommuner in scope from January 2026, regardless of size.

What is NIS2?

The EU network and information security directive: 18 sectors, Article 21 risk measures, and management liability.

What is ISO 27001?

eBuilder is certified. What the standard requires, how the audit works, and why your security partner's certification matters.

What is the EU AI Act?

AI governance obligations for 2026. Risk categories, documentation requirements, and what security teams must do.

What is GDPR in cybersecurity?

Article 32 security obligations, 72-hour breach notification, and Schrems II implications for Swedish cloud data.

Testing

What is TLPT?

Threat-Led Penetration Testing: DORA's mandatory advanced red team requirement under Article 26.

What is cyber risk management?

How to quantify risk in a way boards understand. Cybersäkerhetslagen now requires board-level oversight.

Third-party risk management

Supply chain incidents quadrupled in 5 years. DORA and Cybersäkerhetslagen require systematic vendor risk assessment.

What is the NIST CSF?

Identify, Protect, Detect, Respond, Recover: each function mapped to an eBuilder service.

Advisory

What is a CISO?

What a CISO does and why most Swedish kommuner cannot afford a full-time one. Cybersäkerhetslagen requires board-level oversight.

Regulatory incident reporting

Three timelines: GDPR (72h), NIS2 / Cybersäkerhetslagen (24h + 72h + 1 month), DORA (4h for major incidents).

Risk

What is cyber insurance?

What it covers, what it excludes, and why cyber insurers now require 24/7 MDR monitoring as a coverage condition.

AI security No competitor coverage 12 topics

What is shadow AI?

Employees using ChatGPT, Claude, Gemini for work without approval, uploading confidential documents and client data daily.

What is agentic AI security?

AI agents acting autonomously (browsing, executing code, sending emails) create a new, largely unmonitored attack surface.

What is a prompt injection attack?

Attackers embed malicious instructions in data that AI systems process, affecting copilots, agents, and code assistants.

What is MCP security?

Model Context Protocol connects AI assistants to tools. MCP tool poisoning is an active 2026 attack vector.

What is dark AI?

AI models with safety guardrails removed, including WormGPT and FraudGPT, sold on criminal forums to generate attacks without constraints.

What is AI-powered phishing?

AI generates perfectly written, personalised phishing emails at scale using scraped LinkedIn data.

What is AI SIEM?

Traditional SIEM floods analysts with alerts. AI SIEM uses ML to prioritise, reducing noise by up to 80%.

What is AI-SPM?

Continuously discovering and assessing AI systems, models, and agents: AI Security Posture Management is the 2026 category.

What is AI governance?

In 2026, AI governance is judged by documented processes, controls and accountability, not aspirational principles.

What is an AI security policy?

Approved tools list, data handling rules, EU AI Act risk classification, human oversight. Template included.

What is non-human identity security?

AI agents, service accounts, API keys and bots now outnumber human identities in most organisations.

What is AI red teaming?

Testing AI systems adversarially, required for high-risk AI systems under the EU AI Act.

Threats & attacks 11 topics

What is ransomware?

How it works, real Swedish municipal incidents, and how eBuilder's SOC detects and contains it.

What is phishing?

The most common attack entry point. AI now generates phishing at scale, making every employee a target.

What is a deepfake attack?

AI-generated voice and video used for CEO fraud and identity bypass. Frequency is rising fast in 2026.

What is a supply chain attack?

Attackers compromise third-party vendors to reach the real target. Supply chain incidents quadrupled in 5 years.

What is an infostealer?

Silently harvests passwords, session cookies and browser data. AI-driven variants now target AI platform credentials.

What is a data breach?

What to do in the first 72 hours: GDPR, NIS2 and DORA notification timelines compared in one article.

What is an APT?

State-sponsored actors operating silently for months. Campaigns targeting Swedish critical infrastructure.

What is a BEC attack?

Business email compromise: finance teams at Swedish kommuner are prime targets. Highest cost-per-incident globally.

What is ransomware-as-a-service?

Criminal groups sell ransomware kits, industrialising the threat. Attacks up year-on-year.

What is lateral movement?

How attackers move through a network after initial entry, staying undetected.

What is a zero-day exploit?

Vulnerabilities unknown to the vendor. The cPanel zero-day (44 000 servers hit) is the anchor story.

Security operations 11 topics

What is a SOC?

Inside eBuilder's own SOC: what analysts watch, how alerts are triaged, and what happens at 2am when something fires.

What is MDR?

Fast median response vs the industry average. Deployed Monday, active by Thursday. Sweden-based SOC.

What is penetration testing?

Written by eBuilder's CREST-certified pen testers. What a real test looks like and how clients use the findings.

What is incident response?

5 phases mapped to what eBuilder does during a live incident. 2am ransomware decision tree included.

What is vulnerability management?

Continuous scanning, CVSS scoring and remediation tracking. 56% of 2025 vulnerabilities required no authentication.

What is threat hunting?

Proactive search for attackers already inside your network before alerts trigger. Included in eBuilder MDR as standard.

Continuous penetration testing

Annual pen tests are stale by the time they finish. Continuous testing integrates into development cycles.

What are MTTD and MTTR?

Industry average mean time to detect is long. eBuilder publishes its real numbers. Ask any provider for theirs.

What is a tabletop exercise?

Crisis simulation for leadership teams. Cybersäkerhetslagen requires management to practise their cyber response.

Attack surface management

What assets are exposed to the internet that you do not even know about. The free breach checker is the first step.