READY FOR NIS2?
On Tuesday, November 26, 2024, Pointury hosted yet another engaging event, spotlighting the intricacies of NIS2 compliance. The keynote speakers, Pascal D'Eer and Johan Klykens, shared invaluable insights into how organisations can fortify their cybersecurity posture by embracing pragmatic, actionable strategies.
Ready for NIS2 ? Tips for improving compliancy in a pragmatic way
NIS2: Strengthening Europe's Digital Shield
The NIS2 Directive represents a cornerstone of the EU's strategy to enhance resilience against evolving cyber threats. This legislation mandates robust cybersecurity measures across critical sectors, including energy, transport, banking, health, digital infrastructure, and public administration.
NIS2 brings sweeping changes, including personal accountability for board members and executives, along with substantial penalties for non-compliance: €10 million or 2% of global annual turnover, whichever is greater.
Belgium: A Trailblazer in Cybersecurity
During the event, Johan Klykens commended Belgium's leadership in implementing NIS2, noting that it is on track to become the first EU country to fully adopt the directive into national law by October 18, 2024. Belgium’s Cybersecurity Strategy 2.0 aims to position the nation among the least vulnerable in Europe by 2025, inspiring countries like Italy, Latvia, Croatia, and Romania to follow its example.
CyFun: The CyberFundamentals Framework
The event also introduced the CyberFundamentals Framework (CyFun), a flexible tool designed to help organizations bolster their cyber resilience. CyFun is structured across four assurance levels, tailored to varying threat landscapes:
- Small: Initial security assessments for micro-organizations with limited resources.
Basic: Standard security measures suitable for most businesses. - Important: Defense against targeted attacks with moderate resources.
- Essential: Protection from advanced threats with sophisticated capabilities.
While not exclusive to NIS2, CyFun also supports compliance with DORA and the Cyber Resilience Act (CRA).
Key Takeaways for NIS2 Readiness
- Adopt the Pareto Principle: Focus on three key measures—MFA, backups with recovery protocols, and timely patching—to achieve 80% protection.
- Secure the Supply Chain: Evaluate both upstream and downstream suppliers, adapting security requirements based on supplier count and criticality.
- Certification Deadlines: Organizations should register for NIS2 certification before the end of 2024.
- Penalties vs. Prevention: Governments prioritize fighting cybercrime over penalizing non-compliance. Still, the cost of an incident far outweighs any regulatory penalties.
Event Partners: Driving Cybersecurity Innovation
The event was supported by leading cybersecurity companies:
- Sertalink: specializes in identity and access management, data loss prevention, and secure remote access monitoring to protect confidential data.
- Drata: An advanced platform automating compliance for frameworks like SOC 2, ISO 27001, and GDPR, enabling real-time security monitoring and scalable workflows.
- SentinelOne: Provides AI-driven autonomous endpoint protection, integrating detection, response, and forensics into one platform for unmatched speed and simplicity.
- Vectra AI: Uses AI-powered Attack Signal Intelligence (ASI) for proactive threat detection, investigation, and response, focusing on attacker behavior rather than outdated patterns.