With just over a week until the compliance deadline for NIS2 hits, Andy Norton, European Cyber Risk Officer at Armis, made some remarks about it. He specifically looks at why the technical requirements of NIS2 are far from an easy tick-box exercise.
Comment by Andy Norton, European Cyber Risk Officer at Armis
“NIS2 is a different beast from its predecessor. Not only does it come with a broader scope and strengthened security requirements, but it demonstrates the introduction of a new mindset for the cybersecurity industry. While NIS1 took a reactive approach, penalising organisations after a breach, NIS2 is moving the industry towards a proactive approach, where organisations will face fines for inadequate security before a breach occurs.
“The technical requirements of NIS2 are far from an easy tick-box exercise, but it is very achievable. However, there is one considerable challenge that organisations need to be acutely aware of – visibility. While there is a plethora of available advice for implementing NIS2 and countless vendors which can help, the simple truth is that you can’t secure what you can’t see. Organisations need to have a comprehensive understanding of their inventory. Everything else is sandcastles – it’ll all just fall down!
“In preparation for NIS2, organisations need to adopt advanced solutions that offer real-time asset intelligence, vulnerability analysis, AI-powered threat detection and remediation, as well as contextual incident information so that security teams can make informed risk management decisions. This way, organisations can rest assured that they are not playing catch up regarding regulatory compliance or threat actors, they’re proactively fixing the issues before an incident occurs.”
