Jacques de La Rivière, CEO of Gatewatcher, believes that the world of cybersecurity is undergoing constant evolution, not just in terms of talent, products, and technologies, but also in regulatory requirements. As cyber threats continue to evolve and become more advanced, the European Commission has come under scrutiny to address these threats through regulatory measures.

One of the most pressing regulatory issues is the second Network and Information Security framework – NIS 2. This regulation aims to go beyond the objectives of NIS 1, which provided a minimum of security conditions for entities and sectors targeted by cyber attacks. With the evolving nature of cyber threats, NIS 2 seeks to strengthen resilience by addressing new sectors and entities that were not covered in NIS 1. This includes local authorities, public health establishments, higher education establishments, and all parties in the supply chain.

NIS 2 also aims to address the lack of coherence and fragmentation in the treatment of cyber attacks for sensitive sectors on a European scale. This will involve harmonizing the implementation of the directive across Europe, with more precise regulations, as well as introducing stronger overall security measures with strict and proportional criteria depending on the categorization of the organization.

With this new regulatory framework also comes increased responsibility and powers of supervision, control, and sanction for the Member States to ensure proper implementation of these measures. Businesses will also have to take on a greater responsibility in managing their own risks, as the delegation of this responsibility is handed over to them.

While the details of NIS 2 at the European and national level are still being worked out, businesses are faced with the challenge of meeting compliance requirements quickly and with minimal disruption. Currently, no binding measures have been taken, besides notification of contact persons, incident reporting procedures, and the potential sharing of information. Member States are in the process of transposing the directive at the national level.

In order to address the compliance challenges presented by NIS 2, businesses should consider implementing a number of key measures. These include ensuring adequate risk management through governance policies, protecting data and sensitive information, investing in or strengthening cybersecurity technologies, implementing incident management and notification measures, and providing training and awareness-raising for employees.

As an essential component of compliance, Network Detection and Response (NDR) has emerged as a core strategy in combating cyber threats. NDR involves proactive research, rapid qualification, and remediation of incidents by experts. By integrating NDR into a comprehensive cybersecurity ecosystem, businesses can maintain business continuity in the event of a cyber attack.

Furthermore, compliance must be viewed as a strategic opportunity for companies, rather than an additional constraint. It is important to take a long-term view and anticipate future regulatory developments. NDR not only enables businesses to establish a comprehensive response to compliance needs but also raises overall levels of cybersecurity and optimizes investments for the most effective detection and response to threats.

In summary, NIS 2 presents businesses with the opportunity to identify and prioritize risks and areas of weakness in their cybersecurity strategies. When approached strategically, compliance can transform from a necessity into a real opportunity and competitive advantage.

Jacques de la Riviere is the CEO of Gatewatcher, a leader in the detection of cyber threats, and has been protecting the critical networks of worldwide large companies and public institutions since 2015. Gatewatcher combines Network Detection and Response (NDR) and Cyber Threats Intelligence (CTI) solutions with AI-powered dynamic analysis techniques to deliver a real-time 360-degree view of threats. Jacques can be reached online via LinkedIn and at the company website.

Source link