Cybersecurity is a concern for us all and especially now with the new EU NIS2 directive coming into force last month. We are working closely with specialist's Thorn Consulting who have an efficient framework to deal with this. As a response to this we can take several steps to ensure compliance and help our clients to navigate these new challenges by: Assessing your needs - Conducting a thorough assessment of clients' current cybersecurity measures to identify gaps and areas needing improvement. Providing expertise and guidance - Developing tailored strategies for clients to meet NIS2 requirements, including incident reporting, supply chain security, and leadership accountability. Implementing security measures – introduction of robust security protocols, such as encryption, access control, and incident response plans. Offering ongoing support - Provide continuous monitoring and support ‘as a service’ to ensure clients remain compliant with NIS2 regulations. Leverage standards and frameworks - Utilize standards like IEC 62443 to guide the implementation of cybersecurity measures and ensure alignment with NIS2 requirements. We understand with this directive our clients are forced to change and adapt but we would like to assure them that we are here to support them through this change, to ensure the achieve and most importantly maintain compliance. If you have any concerns regarding the new EU NIS2 directive, please book some time with us! https://lnkd.in/d5Z2-RxG
It’s the time of year when organisations such as MITRE and other security agencies publish their ‘hit lists’ and just like the music industry there are some surprise entries but a lot of old favourites make the chart. MITRE have reviewed 31k exploited CVEs reported from June ‘23 to June ‘24. Finally, after so many years XSS has made it to number 1. Big movers as well, code injection up 12 places, exposure of sensitive information up 13. Some old favourites - improper authorisation still in the top 20 and hard coded credentials (really, still making this mistake) and SQL injection. These vulnerabilities are preventable and with the new EU regulation NIS2 they need to be prevented, ‘Secure by Design’ must be the mantra going forward. "Often easy to locate and exploit, these weaknesses allow adversaries to compromise systems, steal data, or disrupt applications," MITRE explained. NIS2 has five focus areas Identify, Protect, Detect, Respond, and Recover. Stopping exploitation of vulnerabilities is very much in the first two with good governance setting policies such as secure coding, and software security policy as part of Identify. Awareness, data security and information protection being part of protect. However, the part that will catch many out is accountability at board level, not just saying ‘I am accountable’ but being able to explain to an external authority what you are accountable for. CLUE – resourcing budget, DLP, and so on. CISO is still treated as a junior role and in many cases several layers away from the real ‘C’ suite. Now is the time to implement NIS2, reach out to me and we can get you through using our method driven control framework. #NIS2 #Onesto #DORA