George Bonser , VP of EMEA Sales , Drata
Preparing for NIS2 Directive and opportunities for channel partners
NIS2 , the EU ’ s most stringent cybersecurity Directive yet , becomes effective from 17th October 2024 . While NIS included basic security measures and incident reporting requirements , NIS2 imposes more stringent risk management and security measures . Every organisation striving for NIS2 compliance will have its own journey based on its current cybersecurity maturity level , risk management , and what constitutes appropriate and proportionate .
NIS2 ’ s requirements do not change according to company size , however , for smaller businesses that are seeking to comply with NIS2 for the first time , a white glove approach to implementing NIS2-compliant processes will probably be needed . For larger enterprises , they are more likely to have already ensured compliance with other frameworks and already addressed some of NIS2 ’ s security risk management requirements .
NIS2 applies to a significant proportion of companies operating in the EU , many of whom will be faced with a directive of this scale for the first time . Prepare for a significant influx of requests from customers to help them implement the requirements to comply with the regulation and permeate trust throughout their supply chain .
For those IT channel partners that can speedily get to grips with the heavy lifts for NIS2 compliance , there is a golden market opportunity to become trusted advisors .
How do you prepare for NIS2 ? Ensure you understand whether your organisation is covered by NIS2 and what requirements apply . Much of the impact of the legislation will be determined by your competent authority so confirm your entity classification type , how to report incidents and how to seek clarifications .
Map your controls and policies to NIS2 requirements , identify gaps and determine whether existing policies can be repurposed to meet compliance . Build controls on established best practice , document everything to ensure a paper trail for regulators and seek guidance when necessary from your Competent Authority .
Incentivise personnel to perform the requisite actions and equip them with the tools , skills and knowledge to do so effectively . Deploy a continuous compliance platform to assist in the design , implementation and maintenance of a fully NIS2- compliant cybersecurity and risk management program .
Partners can work directly with customers to help them address the steps outlined , namely identifying gaps in compliance posture regarding NIS2 ; bridging those gaps in compliance by providing advisory services ; and supplying technological solutions that can make their programme even more efficient .
Organisations should use ATLAS to stay informed about evolving threats and improve their defences against attacks targeting AI technologies .
whether inside or outside the network – should be trusted by default . Continuous verification of user identities and strict access controls are foundational elements .
However , for AI systems , data boundaries are equally important . AI models often process vast amounts of sensitive data , and ensuring that this data is adequately segmented and protected is critical . Establishing clear data boundaries prevents unauthorised access to sensitive information , reducing the risk of data leakage or manipulation . This is particularly vital in AI systems where data integrity directly impacts the outputs and decisions made by the AI .
By implementing a zero-trust architecture with strong data boundary controls , organisations can ensure that their AI systems operate securely , protecting both the data they process and the insights they generate .
The evolving threat landscape demands that organisations remain vigilant and proactive in their cybersecurity efforts . Organisations can better protect their digital assets by understanding the risks associated with supply chain vulnerabilities , open-source software , and the integration of GenAI , as well as by implementing strategic defence tactics .
Cybersecurity is no longer just an IT issue . It is a critical component of overall business strategy that requires attention at every level of the organisation . •
40 www . intelligenttechchannels . com