As cyber threats evolve and advance, the spotlight has fallen on the European Commission to focus on regulatory issues, to address this threat.
We have seen the Cyber Resilience Act; the AI Act; the Digital Operational Resilience Act, and most pressing, the second Network and Information Security framework - NIS 2.
NIS 2: a necessary evolution of the regulatory framework.
Going well beyond the objectives of NIS 1, which provided a minimum of adequate security conditions for entities and sectors targeted by cyber attacks, the objective of NIS is to strengthen resilience by addressing new sectors and entities.
This is a necessary development in view of the growing threats, targeting local authorities, public health establishments, higher education establishments and all parties in the supply chain, not included in NIS 1.
For EU Member states, NIS2 will also address the lack of coherence and fragmentation in the treatment of cyber attacks for sensitive sectors on a European scale.
Stronger overall security, with strict and proportional criteria depending on the categorisation of the given organisation, between essential or important entities.
There are elements that must be considered, based on NIS 1.
Appropriate and reinforced detection measures, as well as incident response and management measures, must be in place to maintain business continuity in a crisis should a cyber attack occur.
NIS 2 considers these areas, but there is a delay for details at European and national level, particularly in terms of integration with other legislation.
Once the risks and challenges are identified, especially those around sensitive data, it is important to control access and comply with security policies, especially on restricted and confidential networks.
Today, compliance must be a strategic opportunity for companies, not an additional constraint or tick box exercise to merely meet new regulatory standards.
Achieving compliance is not only reactive, enabling a business to establish a comprehensive, up-to-date response to compliance needs, but also to anticipate future regulatory developments.
Beyond compliance, NDR enables organisations to raise overall levels of cybersecurity and optimise investments for the most effective detection of and response to threats.
Building a cybersecurity strategy with NDR as a cornerstone means choosing a long-term cyber path, with anticipation as the keystone.
The aim is to be able to respond effectively to potential future threats, thanks to an adapted and responsive defence system.
Think of NIS 2 as a guide to identifying and prioritizing the risks and areas of weakness, as well as cybersecurity strengths, to draw up a dynamic strategy to combat attacks.
When approached strategically, compliance transforms from a necessity into a real opportunity and competitive advantage.
Gatewatcher is a leader in the detection of cyber threats, and has been protecting the critical networks of worldwide large companies and public institutions since 2015.
Combining Network Detection and Response and Cyber Threats Intelligence solutions, with AI-powered, dynamic analysis techniques, Gatewatcher delivers a real-time 360-degree view of threats, covering both cloud and on-premise infrastructures.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sun, 11 Feb 2024 14:13:04 +0000