NIS2 Directive: Everything you need to know
Responding to technology advances and a continual evolution in the cyber-threat landscape, the European Parliament voted to approve the NIS2 Directive in November 2022. It builds on the previous NIS Directive and is designed to harmonise and strengthen cybersecurity within the European Union (EU).
The first Network and Information Systems Directive (EU 2016/1148) was introduced in 2016, with the goal of enhancing baseline cybersecurity across all EU member states. Among other things, the directive requires member states to appoint Computer Security Incident Response Teams (CSIRTs) and a competent national cybersecurity authority.
It covers Operators of Essential Services (OES) within each jurisdiction. The OES must implement appropriate cybersecurity measures and report serious incidents to the competent national authority.
OES sectors that must comply with the NIS Directive are; energy, transport, banking, financial market infrastructures, health, drinking water suppliers and digital infrastructure providers.
The deadline for compliance with the NIS Directive was November 2018.
Introducing NIS2
On 16 January 2023, the NIS2 Directive (EU 2022/2555) entered into force. It must be adopted by all member states by 17 October 2024. NIS2 builds on the achievements of the original directive to take account of increasingly determined and better resourced threat actors, and a growing corporate cyber-attack surface that many organisations are struggling to manage.
The main changes in the new NIS2 directive are:
- The addition of “important entities” that must comply and report. These cover wastewater processing, public administration, space, postal and courier services, waste management, chemicals, food, manufacturing, and various IT datacentre and digital service providers.
- Personal liability for incidents assigned to company bosses.
- More streamlined cooperation between member states.
- The implementation of prescriptive cyber-risk management measures.
- Mandatory staff training and audits.
- Fines and penalties in case of non-compliance.
Time to comply
The NIS2 directive describes the objectives to be achieved. It is the role of every member state to translate those objectives into domestic legislation. However, local implementation can differ amongst member states according to specific circumstances.
NIS2 Directive doesn’t impose any specific framework on complying organisations. However, the NIST Cybersecurity Framework would be a great place for them to start. It covers the NIS2 objectives and is relevant to both IT and OT networking environments.
The NIST Cybersecurity Framework is based around five core functions:
- Identify - Know all your assets and your attack surface.
- Protect - Implement the safeguards.
- Detection - Timely detection of cyber security events.
- Respond - Have a plan to contain the impact.
- Restore - Maintain resilience and restore services after an attack.
NIS2: What is it and what does it mean for your organisation?
Watch this webinar to learn more
How can Trend Micro support your NIS2 compliance journey?
Trend Micro offers multi-layered capabilities to help with NIS2 compliance, delivered through a centralised platform for ease of access, management, and use.
Trend Micro is a global cybersecurity provider with a heritage dating back over 35 years. We serve over 500,000 corporate customers around the world, and are trusted by nine of the top 10 Fortune 500, six of the top 10 healthcare providers and all of the top 10 global financial institutions. From experience with our large customer base, we know the challenges of digital transformation first hand and have built a comprehensive platform of capabilities to help them better manage cyber risk.
Our solutions cover all layers of the IT environment, from email and endpoint to networks, servers, and hybrid cloud environments. The focus is on streamlining capabilities by offering as many as possible from a single platform, with the option of SaaS delivery to make security simpler for customers.
Our flagship cybersecurity platform supports robust attack surface risk management, cross-layer protection across hybrid environments, and next generation XDR to help customers better manage cyber-related risk across their organisation.
The platform protects every layer of an organisation's IT infrastructure including endpoints, servers, email, cloud services, networks, 5G, and OT (operational technology). There’s also support for hybrid cloud from a single platform. Third-party integrations complement powerful Trend Micro threat intelligence for industry leading extended detection and response (XDR), alongside proactive, prevention-based security. By identifying and remediating potential risks, such as vulnerabilities and exposures, alongside detection and response, Trend Vision One supports external and internal ASRM to drive Zero Trust initiatives.
The cybersecurity platform also includes a generative AI Assistant, Companion, which has been designed to enhance analyst productivity, eliminate alert fatigue and supercharge security operations (SecOps) for under pressure teams.
As cyber-attacks become increasingly complex and sophisticated, cybersecurity teams must be agile enough to rapidly detect and respond to threats. Trend Service One eliminates the noise of false-positive alerts by providing high-fidelity alerts validated by global threat intelligence analysts and the latest threat-hunting techniques. With this, your security teams are free to focus more on driving innovation and meeting business objectives.
Trend Service One includes:
Premium support service
24/7/365 global support with priority case handling. Additional benefits such as a designated Service Manager and white glove onboarding service are also available.
Targeted attack detection
Continually scans for early indicators of compromise (IoC), providing high-risk alerts validated by threat analyst experts, as well as a recommended next step based on the attack’s predicted next moves.
Managed XDR
Trend Service One is supported by threat and cybersecurity experts that are constantly hunting for threats and malicious and suspicious activities, as well as correlating data across all your Trend solutions. Quick response and guided instructions help broaden your protection.
Incident response service
Always ready with state-of-the-art tools and experts to help you manage, mitigate, and overcome cyber-attacks. Trend Service One customers receive priority access and can add guaranteed access to our Incident Response team. Our solutions and services are designed to align with the requirements of many regulations including NIS2 and help organisations to demonstrate compliance.
Lastly, we are providing standardised and customised product training and a fully customisable phishing simulation tool to help educate your employees on cybersecurity best practices and reduce the risk of human error.
Overall, Trend can provide organisations with the cybersecurity solutions, services, and expertise they need to achieve compliance with NIS2 and enhance overall cybersecurity posture.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fuelled by decades of security expertise, global threat research, and continuous innovation, our cybersecurity platform protects 500,000+ organizations and 250+ million individuals across clouds, networks, devices, and endpoints.
As a leader in cloud and enterprise cybersecurity, our platform delivers central visibility for better, faster detection and response and a powerful range of advanced threat defence techniques optimized for environments, like AWS, Microsoft, and Google.