Read Time, 4 min.

NIS2 is Europe’s comprehensive blueprint for cybersecurity resilience for all organizations that support critical infrastructure across 18 sectors including energy, finance, healthcare, transportation, manufacturing and more. In just six months’ time, 180,000 organizations involved in this sector will need to ensure they comply, or face potentially stiff penalties and disruption to their operations.  

The backdrop to NIS2 is territory we are all familiar with. It’s widely known that the scale and complexity of cybersecurity threats is increasing. And the stakes are high when it comes to critical infrastructure, as damage can have far-reaching consequences from business disruption, to financial losses; and even threat to life. Unfortunately, the targeting of critical infrastructure organizations seems ubiquitous given that 41% of all threat notifications Microsoft sent to online service customers between July 2022-July 2023 were to this sector.    

Our investment in security research, innovation, and the global security community gives us a unique vantage point. We are able to analyse 750 million signals per second to understand and protect against digital threats and cyberactivity. Combined with our 15,000+ partners and 10,000 security and intelligence experts from around the world, we are stopping 4,000 identity authentication threats per second, removing domains that criminals use (100,000+ all time) and managing over 135 million devices. 

That unique vantage point has given us insight into the vulnerabilities that critical infrastructure organizations face on their networks and devices. Recent data from our Modern Digital Defence Report shows us that 78% of devices on customer networks have known vulnerabilities that threat actors can exploit, and 46% of these can’t be patched.  That’s an open window for criminals and hostile actors to use.  

NIS2 is an opportunity for everyone to meet the same minimum benchmark across many aspects of cybersecurity. There are however, four you should think about first which can cover the majority, if not all, of what NIS2 is asking critical infrastructure organizations to prepare: 

 

  1. Incident handling 
  2. Business continuity 
  3. Supply Chain security 
  4. Encryption and Cryptography 

Incident handling 

The timely reporting of incidents allows for quicker response and recovery, minimizing the impact on essential services and the wider economy. In the context of critical infrastructure, how well an organization can respond to a cybersecurity incident is crucial.  

But with large organizations often being the target of multiple, complex cyberattacks, the rapid co-ordination of multiple stakeholders, from IT to legal, to senior leaders and communications; can be difficult.  

Using Microsoft Defender and Microsoft Sentinel, security teams can smoothen incident handling with a real time, comprehensive view of any security issues within your IT infrastructure.  

And there is of course the introduction of generative AI into this space as well. With Microsoft Security Copilot, defenders will have the ability to move faster than ever before, identify cybersecurity challenges and get recommendations on how to deal with the incident, as well as write reports. So far, we’re seeing security teams save 40% of their time on core tasks, including investigations, and 60% time savings on reporting too.  

Business continuity  

We know disruptive events including cybersecurity incidents will occur, so having the capability to keep critical infrastructure organizations online and able to recover quickly with a minimal impact on operations is crucial.  

Security teams must ensure that critical functions continue during disruptions like cyberattacks, increasing operational resilience to minimize downtime, financial loses, and increase reputation and customer trust 

With Azure Backup, you can protect your critical business systems and backup data in case of data loss or corruption – giving you that extra resilience for when the worst happens.  

Supply Chain security 

When organizations enhance the security and resilience of their own organizations, cyber-criminals will look for other routes to compromise security via weaknesses in an organization’s supply chain.  

Supply chain security is crucial in the NIS2 regulation from the EU because it ensures the resilience and reliability of essential services by mitigating risks posed by third-party vendors and interconnected systems. 

With Entra ID, Service Trust Portal, Granular Delegated Admin Privileges, you can Control and manage the external access of organizational assets and customer tenants only to the necessary partner roles and for a limited amount of time.  

Encryption and Cryptography  

Finally, let’s consider encryption. Encryption cannot protect your data on its own, but it is an important part of your larger file protection and information protection strategy.  

Microsoft Purview Information Protection and Purview Data Lifecycle Management can help organizations discover, classify, and protect their most sensitive with the use of encryption to prevent risks of data leakage, exfiltration, or unauthorized access. A robust data security strategy becomes crucial to organizations when deploying GenAI models (Copilot for M365) to prevent the risk of data overexposure. 

So, are you ready? 

Taken as a positive, NIS2 is demanding that the most critical organisations in our society remain resilient in the face of an increasingly hostile cyberthreat environment.  

If you are one of these organizations, the time to act is now with the deadline only being a few more months away. And at Microsoft, we can help with our unique vantage point and comprehensive suite of secure cloud-based solutions to help you identify, prevent, and mitigate against the cyberthreats we are facing today and in the future.  

Preparing for NIS2: 3 Guiding Principles for Leaders

Get started on your transformation today with three guiding principles for preparing for NIS2.

Discover more related articles per industry:

Education

Finance & Insurance

  • a large building

    Luxembourg Stock Exchange: building a transparent, agile and innovative cloud infrastructure

    “We are proud to be the first financial institution in Luxembourg to migrate its entire financial core system to the cloud.” Laurent Pulinckx, CIO at Luxembourg Stock Exchange and his team have helped their company reach a significant milestone this year. By becoming the first financial institution in Luxembourg to be approved by the regulator […]

  • External shot of Fire Group offices building

    The Fire Group: how data-driven processes are reshaping sustainable credit management

    “We want to change the way credit management is perceived, because we play an important social role in this sector. Data and technology allow us to show the critical role that we play in a more direct way.” Sonia Di Nuzzo, Corporate Communication Leader at Fire is outlining the ambitious goal the company is setting for the industry it operates in with data. As Italy’s largest independent credit management solutions provider, Fire plays a pivotal role […]

Government

Healthcare

Manufacturing

Retail

Discover more related articles per dossier:

Customer Stories

Digital Transformation

  • Female CEO leading a business meeting

    Pain-free business modernisation

    Digital transformation. You’ve heard the phrase a million times. But what does it actually mean? A quick search will bring up 519 million results. So, it’s fair to say there’s no shortage of info out there – much of it useless, overcomplicated and adding to the noise. So, how about we think of it this […]

Security & Privacy

Tips

  • Group of two female and one male office workers brainstorming in informal office setting. Both women are using laptops while the man is writing. Large screen shown in background.

    2019 Modern Selling Trends in 5 webinars

    The relationship between buyers and sellers grows more complicated each day. Every potential partnership requires finding the right buyer, fully understanding their business, tracking progress through the buying cycle, and engaging them with the right content—when and how they want it. These shifting dynamics underscore the artistry of modern selling. When the time is right, […]