The NIS2 Directive, which came into force in October, imposes extensive cyber risk management, incident reporting, business continuity, and information sharing obligations on a much greater number of organisations – around 30,000 compared to the 3,000 previously affected by NIS1.
The directive also introduces significantly higher penalties and sanctions for organisations that fail to comply or maintain compliance. Directors and management can now be held personally liable for implementation failures, fines can be up to €10 million or 2% of total turnover, and regulators can suspend business operations if deemed necessary.
For organisations that now find themselves within scope of the NIS2 Directive, taking a proactive approach to compliance has become a must-have.
Understanding the requirements
Introduced to enhance and strengthen cybersecurity resilience within the EU and beyond, NIS2 sets out measures organisations must adhere to in four key areas: risk management, corporate accountability, reporting and business continuity. It also sets out specific requirements around information sharing.
This is not a one-off box ticking exercise. Organisations will need to persistently test their cybersecurity and response capabilities, conduct regular cyber risk assessments and ensure that clear lines of management and reporting responsibility are defined and in place. Ultimately, organisations need to ensure they can detect and respond faster and more effectively to cybersecurity events. The faster a possible threat is detected, the better an organisation can comply with the regulatory reporting requirements should this evolve into a full blown incident.
Importantly, NIS2 highlights the importance of incident reporting and information across industries and along supply chains as being essential for preparing against security threats. As a key requirement of the directive, the voluntary exchange of cybersecurity information is now enshrined as good security practice.
Navigating compliance: the key steps
NIS2 is the EU’s toughest cybersecurity directive to date and compliance depends on undergoing a multi-step process that includes understanding the scope; connecting with relevant authorities; undertaking a gap analysis; creating new and updated policies; training the right employees; and monitoring progress. All of which will enable businesses to track their supply chain for threats and vulnerabilities and stay on top of their risk management strategies.
However, organisations also need to ensure they’re able to deliver against the directive’s information sharing requirements. By sharing key information on vulnerabilities and threats, together with insights on how these are handled, organisations can protect themselves against cybercriminals exploiting an identified vulnerability multiple times.
Sharing information in a timely manner across their supply chain is essential for elevating the resilience of all. In much the same way, NSI2 now demands that organisations look beyond their own security boundaries and exchange cyber threat intelligence with industry peers.
By sharing information on indicators of compromise, tactics and techniques, and mitigation responses, firms will both contribute to, and benefit from, a wider collective defence approach that mitigates the likelihood and impact of incidents.
Achieving all this, however, depends on organisations finding a way to combine their cyber threat intelligence, security and defence operations. So they can undertake real-time threat intelligence sharing and reporting while responding faster and more cohesively to incidents.
Cyber fusion: a next-generation cybersecurity approach
Around 30 years ago, military intelligence agencies came up with the concept of cyber fusion as a way to foster enhanced information sharing between different intelligence communities and synthesise these insights to gain a deeper understanding of the threat ecosystem.
More recently the concept has been seized upon by the cybersecurity sector as a means to promoting greater collaboration between teams within – and beyond – the organisation.
By unifying security functions such as threat intelligence, security automation, threat response, security orchestration and incident response into a single connected unit, cyber fusion enables organisations to create an information-rich environment that makes it easier to detect, manage and respond to threats in a highly collaborative manner. With cyber fusion, knowledge transfer across disparate security operations becomes fast and seamless and teams can alert one another to potential problems and vulnerabilities.
Supporting the constant flow of threat intelligence across security teams through a shared platform, cyber fusion brings together a variety of security tools and technologies – SIEM (security information and event management), EDR (endpoint detection and response) and threat intelligence platforms – into a single unified system.
Alongside greater visibility, this integration gives organisations better control over their security operations, improves incident reporting and continuous compliance monitoring, while enabling automated threat detection and more comprehensive risk management.
Optimising NIS2 compliance with cyber fusion
As the saying goes, necessity is the mother of invention. Confronted by the need to re-think compliance frameworks, NIS2 is prompting organisations to evaluate the security posture of their enterprise, their supply chains, and the resilience of their wider industry sector.
Collaborating across the organisation and the entire sector is not an easy undertaking. However, by implementing a cyber fusion model, organisations will be able to tackle cyber threats more effectively and share real time threat information and resources on how to remediate and secure vulnerabilities as efficiently as possible. By putting cyber fusion into practice on a larger scale, organisations will be able to boost their ability to comprehensively meet NIS2 compliance requirements on multiple fronts. They will also be able to demonstrate they are responsible and proactive participants in industry-wide security collaboration efforts and defence actions.
About the Author
Jordan McPeek is VP of Security Technology at Cyware. Cyware helps enterprises transform security operations while breaking through silos for threat intelligence sharing, collaboration, and automated threat response. Its unique Cyber Fusion solutions enable lean security teams to proactively stop threats, connect the dots on security incidents, dramatically reduce response time, and reduce analyst burnout from repetitive tasks. Cyware improves security outcomes for enterprises, government agencies, and MSSPs, and provides threat intelligence sharing platforms for the majority of ISAC/ISAO information sharing communities globally.
