By October 2024 you will need to comply to the Network and Information Security Directive or "NIS2". The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. Let’s delve into its key provisions and how it addresses the evolving threat landscape:
- Preparedness and Cooperation:Member States’ Preparedness: The NIS2 Directive mandates that Member States equip themselves with essential cybersecurity capabilities. This includes establishing a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority. Cooperation Among Member States: To foster strategic collaboration, the directive establishes a Cooperation Group. This group facilitates the exchange of information and supports coordinated responses to cyber incidents.
- Securing Vital Sectors:The NIS2 Directive promotes a culture of security across sectors critical to the economy and society. These sectors heavily rely on information and communication technologies (ICTs). Examples include: Energy Transport Water Banking Financial market infrastructures Healthcare Digital infrastructure
- Responsibilities for Operators of Essential Services and Digital Service Providers:Operators of Essential Services (OES): Businesses identified by Member States as OES in the specified sectors must implement appropriate security measures. Additionally, they are required to promptly notify relevant national authorities of serious incidents. Key Digital Service Providers: Search engines, cloud computing services, and other key digital service providers must also adhere to cybersecurity requirements.
- Incident Reporting and Crisis Management:The NIS2 Directive introduces national large-scale cybersecurity incident and crisis response plans. It establishes the European cyber crisis liaison organisation network (EU-CYCLONe). This network supports coordinated management of large-scale cybersecurity incidents and crises at the operational level.
In summary, the NIS2 Directive aims to bolster cybersecurity resilience, enhance cooperation, and safeguard critical sectors in the EU.
The CrowdStrike 2024 Global Threat Report sheds light on the evolving landscape of cyber threats, offering critical insights for security professionals and organizations. Let’s delve into some key findings from this report:
- Speed and Stealth in Attacks:Adversaries are operating with unprecedented stealth, and today’s attacks take only minutes to succeed. They hide from detection by using valid credentials and legitimate tools, making it harder for defenders to detect security breaches.
- Identity-Based Attacks Surge:Identity threats exploded in 2023. Adversaries like SCATTERED SPIDER leverage generative AI to break in faster. Techniques include phishing, social engineering, and purchasing legitimate credentials from access brokers. Tactics like SIM-swapping, MFA bypass, and using stolen API keys for initial access are becoming popular.
- Cloud Dominance by Adversaries:Adversaries capitalize on global cloud adoption, turning the cloud into a prime battleground. Cloud-conscious adversaries, especially eCrime actors, use valid credentials to access victims’ cloud environments. They then employ legitimate tools for their attacks, making it difficult to distinguish between normal user activity and a breach.
- Exploiting Relationships for Maximum Impact:Adversaries maximize their return on investment (ROI) by targeting vendor-client relationships. By compromising IT vendors and exploiting the software supply chain, they gain access to multiple organizations across verticals and regions.
- Generative AI Raises New Risks:Adversary abuse of generative AI raises concerns about convincing social engineering campaigns. It also leads to the creation of malicious software, tools, and resources for stronger attacks. The power of AI creates endless possibilities for adversaries to become even more sophisticated.
Here's how Expense Reduction Analysts (ERA) can provide valuable guidance:
- Strategic Partner Selection:ERA acts as a bridge between businesses and external parties that specialize in technical aspects like penetration testing. They help identify and select reliable third-party vendors who can perform security assessments.
- Vendor Evaluation and Due Diligence:ERA assists in evaluating potential vendors based on their expertise, track record, and alignment with the organization’s needs. Due diligence ensures that chosen vendors meet the necessary standards.
- Advisory Services:While ERA doesn’t directly conduct penetration tests, they offer strategic advice on cybersecurity measures. They guide businesses on selecting the right vendors and tailoring solutions to their unique requirements.
- Risk Assessment and Mitigation:ERA collaborates with organizations to assess their risk exposure. They recommend risk mitigation strategies, including engaging external experts for technical assessments.
- Policy and Governance:ERA helps establish effective cybersecurity policies and governance structures. These policies align with NIS2 requirements and ensure proper oversight.
- Incident Response Planning:ERA assists in creating incident response plans, even if they don’t execute them directly. These plans outline steps to take during cybersecurity incidents.
- Education and Awareness:ERA educates businesses about the importance of cybersecurity. They raise awareness among stakeholders, emphasizing the need for technical assessments.
Remember that ERA’s role is pivotal in connecting businesses with the right expertise. By leveraging external technical partners, organizations can enhance their cybersecurity posture and comply with NIS2 regulations .
