Aligning identity control, audit-ready security, and continuous compliance with NIS2
Presented by Hariharan Narasiman, Cybersecurity Solutions Consultant at ManageEngine at BE-CEC on March 12, 2026 in Technopolis, Mechelen
At a time when cyber threats are escalating in both frequency and sophistication, organisations across Europe, and particularly in Belgium, are facing a new reality: cybersecurity is no longer just an IT issue. It is a strategic, operational, and legal responsibility that reaches the boardroom.
During a recent conference session titled “Aligning Identity Control, Audit-Ready Security, and Continuous Compliance with NIS2,” cybersecurity expert Hariharan Narasiman, Cybersecurity Solutions Consultant at ManageEngine, delivered a compelling message: modern cyber resilience depends on a unified, identity-first security strategy.
Drawing from real incidents in Belgium and recent regulatory developments, the session illustrated how organizations can reduce risk, simplify compliance, and maintain operational resilience under the requirements of the NIS2 Directive.
Belgium’s Cyber Threat Landscape: Three Incidents That Changed the Conversation
To frame the discussion, Narasiman opened with three major cyber incidents from the past eighteen months. Each attack used a different vector, but all produced severe operational consequences.
Orange Belgium – August 2025
The telecom provider Orange Belgium experienced a major breach affecting 850,000 customer records.
Attackers exploited a Microsoft SharePoint zero-day vulnerability (CVE-2025-53770), enabling the exfiltration of sensitive information including phone numbers, SIM data, and PUK codes. The ransomware group Warlock claimed responsibility for the attack.
The breach exposed millions of subscribers to SIM-swap fraud, demonstrating how identity-related data can become a gateway to wider financial crime.
Belgian Military Intelligence – November 2025
Belgium’s military intelligence agency, ADIV, became the target of a large-scale DDoS campaign launched by the hacktivist group NoName057(16).
The attack was triggered by a public NATO-related statement made by the Belgian Minister of Defence. Several telecommunications providers—including Proximus and Scarlet—were also targeted.
This incident highlighted a new dimension of cyber risk: geopolitical actions can immediately translate into operational disruption.
AZ Monica Hospital – January 2026
Healthcare provider AZ Monica suffered a ransomware attack with direct consequences for patient care.
At 6:32 AM, hospital servers were shut down. More than 70 surgeries were cancelled, and seven critical patients had to be transferred to other hospitals. Medical staff were forced to revert entirely to paper-based procedures.
This incident demonstrated a stark reality: cyberattacks are no longer merely financial crimes—they are safety risks.
The Numbers Behind Belgium’s Cybersecurity Challenge
According to data published by the Centre for Cybersecurity Belgium (CCB) in its Key Figures 2025 report, Belgium faces a rapidly intensifying threat environment.
Key statistics include:
Belgium ranks 8th globally as a ransomware target
635 nationally significant cyber incidents handled in 2025
105 ransomware attacks recorded, representing a doubling year-on-year
144 account compromise cases, also doubled
9.9 million phishing reports submitted to Safeonweb
63 officially recorded DDoS attacks
These numbers reveal a clear pattern: identity-based attacks are increasing rapidly, and many incidents are preventable.
The Geopolitical Dimension of Cyber Risk
Narasiman also illustrated the geopolitical drivers behind many cyber campaigns targeting Belgium.
Hacktivist group NoName057(16) has repeatedly launched coordinated attacks following political decisions related to the war in Ukraine.
Notable campaign triggers included:
October 2024
Belgium purchases CAESAR howitzers for Ukraine
Targets included government websites, ports, and media outlets.
Belgium pledges €1 billion in military aid
Government portals including MyGov.be and regional government sites attacked.
November 2025
NATO statement by Defence Minister
ADIV intelligence systems and telecom operators targeted.
December 2025
A sustained six-day campaign
155 domains targeted across 4,435 recorded attacks
As the host country of major European and NATO institutions, Belgium faces a unique risk profile. International politics increasingly shapes the national cyber threat model.
The Fundamental Gap: MFA Adoption vs. Threat Reality
Despite the growing threat landscape, Narasiman highlighted a striking gap in basic cybersecurity hygiene.
A CCB survey of 250 Belgian companies revealed:
Only 46.4% of organisations use multi-factor authentication (MFA) for external access
The CCB estimates 80% of cyber incidents could be prevented by properly implemented MFA
This gap is reflected in incident response work.
According to the Director-General of the Centre for Cybersecurity Belgium:
“In about half of our incident response interventions, we find that 2FA or MFA is not or only partially in use.”
The issue is not only technical—it is structural.
A 2025 survey conducted by KPMG, the Cybersecurity Coalition, and Agoria found:
1 in 6 Belgian organizations experienced a successful cyberattack
38% were affected by supply-chain attacks
22% have no dedicated cybersecurity staff
25% provide no security awareness training
Cybersecurity as a Financial Risk
The financial implications of cyber incidents further reinforce the urgency.
Global research from IBM and the Ponemon Institute indicates:
$4.44 million average cost of a breach
$7.42 million average cost in healthcare
$10.5 trillion estimated global cybercrime cost in 2025
Operational consequences are also widespread:
85% of organisations experience operational disruption after a breach
45% increase prices to recover costs
94% of attackers target backup systems
Perhaps most concerning is the speed of modern ransomware attacks.
The median time from initial compromise to ransomware deployment is just five days, leaving organisations with an extremely narrow window to detect and respond.
NIS2 in Belgium: Regulation Meets Reality
Belgium has taken a leading role in implementing the European cybersecurity framework.
Key milestones include:
April 26, 2024: Belgium adopts the law transposing the NIS2 Directive
October 18, 2024: The directive enters into force nationally
April 18, 2026: Deadline for CyberFundamentals self-assessment
Belgium was the first EU Member State to complete NIS2 transposition, while many other countries received enforcement warnings from the European Commission.
The regulation applies broadly:
7,380 entities registered on Safeonweb@Work
18 critical sectors covered
4,191 regulated organizations including1,574 essential and 2,617 important entities
Non-compliance carries significant penalties:
Up to €10 million or 2% of global turnover for essential entities
Up to €7 million or 1.4% of global turnover for important entities
The Accountability Shift: The C-Suite Is Liable
One of the most significant aspects of NIS2 is the shift in accountability.
Under Article 20, corporate leadership must:
Approve cybersecurity risk management measures
Oversee their implementation
Attend mandatory cybersecurity training
Demonstrate sufficient cybersecurity knowledge
Regulators now have expanded powers. The Centre for Cybersecurity Belgium can:
Issue binding operational instructions
Require mandatory security audits
Temporarily prohibit executives from exercising management functions
As CCB Deputy Director-General Phédra Clouner noted:
“Some top executives have not yet fully grasped that they can now be held personally liable in cases of serious non-compliance.”
Whether Directors & Officers insurance covers NIS2 liability remains legally unresolved in Belgium.
Mapping NIS2 Requirements to Belgium’s Actual Threats
Narasiman emphasized that NIS2 does not introduce entirely new security practices. Instead, it requires organizations to prove they are already doing what good cybersecurity demands.
From Policy to Operational Control
To operationalise these requirements, Narasiman proposed a unified cybersecurity architecture built on three pillars.
Pillar 1: Identity Control (IAM)
Identity is the foundation of modern security.
Organizations must know who has access to what. And enforce it automatically.
Core capabilities include:
Multi-Factor Authentication: Prevents account takeover and credential theft.
Privileged Access Management (PAM): Limits the risk of lateral movement following a breach.
Access Lifecycle Governance: Ensures employees, contractors, and partners receive only the access they need.
Third-Party Identity Governance: Reduces risks associated with supplier access.
Best practices include:
100% MFA for all external access
Zero standing privileged access
Access reviews every 90 days
Pillar 2: Visibility and Audit Readiness (SIEM)
NIS2 requires incidents to be reported within 72 hours.
Without centralised monitoring systems, reconstructing attack timelines becomes extremely difficult.
Without SIEM: Logs scattered across multiple systems, Incident detection delayed, Weeks required to prepare audit evidence
With SIEM: Unified security visibility, Real-time anomaly detection, Automated incident reporting and rapid evidence generation
Organizations using SIEM tools can produce complete audit documentation in two days instead of six weeks.
Pillar 3: Endpoint and Network Control
Finally, organizations must secure every device connected to their network.
Examples of required controls include:
Continuous vulnerability management
Unified endpoint management across IT and operational technology
Network segmentation
Immutable and air-gapped backups
These measures directly address ransomware threats that target infrastructure, as seen in attacks affecting hospitals and public services.
The Formula for Measurable Cyber Resilience
Narasiman summarized the relationship between these controls with a simple principle:
Identity without visibility is blind.
Visibility without control is helpless.
Control without identity is porous.
Only when all three work together can organisations achieve measurable resilience.
The Leader’s Mandate
Belgium’s proactive implementation of the NIS2 Directive has created a unique situation.
While the country moved quickly to implement the law, many organizations are still behind in fundamental security practices such as MFA.
This gap represents a major risk.
Narasiman concluded with three clear recommendations for leadership teams.
Close the Identity Gap Immediately
Implement MFA for every external connection and establish privileged access governance.
This single action could prevent over 80% of cyber incidents.
Make Audit Evidence Part of Daily Operations
Compliance cannot be treated as a once-a-year exercise.
Organizations must build continuous monitoring and reporting into everyday operations.
Take Personal Ownership
Under NIS2, cybersecurity is now a personal responsibility for senior leadership.
Executives must understand the risks, oversee implementation, and ensure compliance.
Security as Operational Excellence
The session concluded with a powerful message.
Cybersecurity should not be viewed as a regulatory burden or compliance checkbox.
Organizations that treat security as operational excellence—embedding identity control, visibility, and infrastructure governance into everyday operations—will be best positioned to lead Belgium’s digital future.
In the NIS2 era, resilience is no longer optional. It is measurable, auditable, and ultimately accountable.