NIS2 Expands Its Scope for EU Entities

Over the last eight years, the evolution of technology has accelerated growth and increased efficiency for many organizations and individuals. But it has also inadvertently given rise to enhancing the ecosystem through which adversaries can operate. As of January 2023, the EU has adopted the new NIS2 directive to further enhance cybersecurity and resilience for new businesses across the European Union.

In this article:

• The need for an update
• Understanding the changes in NIS2
• The journey toward better cybersecurity resilience
• Planning for the 2024 deadline

The need for an update

The availability of malicious business models (for example, ransomware as a service) has proven to be detrimental for many organizations. Additionally, recent geopolitical tensions have aided in increasing the array of actors including threat groups affiliated with nation-states causing cyberwarfare, as well as hacktivists. The birth of AI has only caused further disruption, giving additional powers to leverage more unique and diverse ways of exploitation. Estimates calculated monthly show hundreds of mandatory public disclosures. The Public, Finance, and Manufacturing sectors are the top three industries most affected by cyberattacks, in that order. 

The top threats Enisa lists for 2023 are as follows:

• Ransomware
• Malware
• Social engineering
• Threats against data
• Threats against availability: Denial of Service
• Threat against availability: internet threats
• Information manipulation and interference
• Supply chain attacks

Understanding the changes in NIS2

The NIS2 directive establishes a minimum baseline of requirements by which specific organizations are measured. Any EU member state can choose to extend the requirements (such as the sector list or obligations) as required.

Using regulatory measures to reduce fragmentation and provide a more consistent framework, NIS2 now encompasses an extended scope of organizations which fall under an “essential” or “important” category, including both public and private sector. The category is dependent on the sector and size of the organization.

Some of the basic requirements are for each member state to develop their own Computer Security Incident Response Team (CSIRT) and a national network and information systems (NIS) authority to report back. The NIS authorities will meet as a group to discuss problems that affect them all, opening the doors to communication and strategic cooperation. This is especially important to support the availability of critical infrastructure both within and across the EU.

The core of values of NIS2 are to drive:

• Increased awareness of risk through cyber resilience — both within the organization and the supply chain.
• Efficiency in incident handling and communication — by which any significant incidents have to be reported to the CSIRT authorities within a 24-hour timeframe
• Cybersecurity training and learning — both for management and individual workers

The journey toward better cybersecurity resilience

Continuous risk posture management

NIS2’s prime initiative is to govern operational resilience during major cyber incidents. This necessitates a thorough understanding of emerging threats and the potential for more severe breaches. Exabeam supports the classification of critical applications, vulnerable assets, information and communications technology (ICT) systems and devices, as well as users.

One of the key features, Outcomes Navigator, offers prescriptive insights into each data source, enabling financial entities to assess their current security posture effectively. Outcomes Navigator facilitates this by mapping common use cases, such as lateral movement, account creation, and data exfiltration.This feature is instrumental in identifying where a financial entity’s security infrastructure might have gaps, offering opportunities for risk discovery and mitigation. 

Holistic visibility and threat identification using AI and automation

NIS2 mandates maintaining audit trails for comprehensive analysis after a security breach. Central to Exabeam’s Security Operations Platform is User and Entity Behavior Analytics (UEBA). This technology uses machine learning to monitor network behavior, identify normal activity patterns, and detect deviations that might signal emerging threats. Exabeam streamlines investigations by automatically compiling detailed timelines of threat-related activities. These timelines offer context-enriched insights into actions before, during, and after an incident, and map them to known tactics, techniques, and procedures (TTPs).

Incident remediation and reporting

Exabeam can significantly improve threat evaluation in accordance with the NIS2 directive through an intuitive risk scoring system, enhanced by AI-driven explanations of threats. This not only identifies the type of threat and its potential consequences but also provides guidance on mitigation steps. This capability is essential in helping organizations to adhere to the strict reporting timelines mandated by NIS2, while enabling comprehensive internal investigations and assessment of significant risks.

An ecosystem of continuous training

Under the NIS2 directive, it is important for both management and staff to engage in ongoing cybersecurity education. In line with this, Exabeam Copilot uses natural language processing (NLP) to allow analysts to conduct searches using simple language. This makes it easier for new analysts to start working and speeds up the identification of security events. In addition, the AI-driven threat explainer contained within Threat Center provides in-depth insights into security incidents. These insights help ensure clear communication across all levels of the organization, providing everyone with a comprehensive understanding of the threats and risks faced.

Planning for the 2024 deadline

NIS2 sets a clear directive for entities to initiate internal programs to achieve compliance. Entities have until October 2024 to meet the minimum requirements. It is important for them to collaborate with internal stakeholders to identify key processes, review policies, and implement the correct tooling. Additionally, raising cybersecurity awareness among staff and the supply chain is an integral part of this ongoing effort.

The Exabeam Security Operations Platform uses AI and automation to enhance its TDIR workflows. By applying AI, Exabeam establishes a baseline of normal organizational activity, with rapid, risk-focused insights. This supports compliance with the NIS2 directive and aids organizations in detecting critical changes in their security posture. For entities in the EU, Exabeam simplifies the creation of clear and concise threat summaries and security reports, assists in meeting mandatory disclosure obligations.
For more information on how Exabeam can help your organization comply with NIS2 requirements and enhance your cybersecurity, request a demo or learn about our supporting trust processes.

Unlock Advanced TDIR Strategies

Discover the critical insights and advanced strategies needed to enhance your TDIR capabilities. Read The Ultimate Guide to TDIR — a comprehensive resource with essential practices to understand and master the TDIR workflow. Leverage the latest in security information and event management (SIEM) technologies, optimize your log management, and achieve excellence in incident response. 

Elevate your cybersecurity strategy and improve your security team’s efficiency and effectiveness. Download your guide now.