{"id":949075,"date":"2024-08-29T16:24:20","date_gmt":"2024-08-29T15:24:20","guid":{"rendered":"https:\/\/pulse.microsoft.com\/?p=949075"},"modified":"2024-09-04T12:10:10","modified_gmt":"2024-09-04T11:10:10","slug":"new-research-getting-nis2-ready","status":"publish","type":"post","link":"https:\/\/pulse.microsoft.com\/en\/transform-en\/na\/new-research-getting-nis2-ready\/","title":{"rendered":"New research: Getting NIS2 ready"},"content":{"rendered":"

New research: Getting NIS2 ready\u202f<\/span><\/b>\u00a0<\/span><\/p>\n

The<\/span> European wide directive Network and Information Security 2 (NIS2)\u202fcomes into effect on 17 October, with the aim of strengthening Europe\u2019s ability to collectively defend against cyber-attacks and protect the region\u2019s critical infrastructure.<\/span>\u00a0<\/span><\/p>\n

This new directive will impact upwards of 180,000 organizations, from healthcare and transport, to manufacturing and supply chain. Most organizations are aware of NIS2 and what it aims to achieve (as well as the costs), but research from <\/span>IDC<\/span><\/a> has shown that only 14% of organizations are fully ready for NIS2. The majority, at 77%, are partially there.<\/span>\u00a0<\/span><\/p>\n

\u202fWith so few organizations across the NIS2 finish line and the official deadline for compliance fast approaching, I wanted to share some of the findings from this research, and how you can move your organization\u2019s transformation efforts forward.<\/span>\u00a0<\/span><\/p>\n

NIS2 Capable<\/span><\/b>\u00a0<\/span><\/p>\n

IDC has found that over 90% of organizations impacted by NIS2 are aware of it and have taken first steps in taking action to align with the directive.<\/span>\u00a0<\/span><\/p>\n

About one in five (17%) are categorized as IDC as being NIS2 \u2018capable.\u2019\u00a0<\/span>\u00a0<\/span><\/p>\n

\u202fOrganizations at this level of readiness have a long way to go however, with the need for many to implement all necessary compliance procedures and policies.<\/span>\u00a0<\/span><\/p>\n

Let\u2019s take incident handling as an example, which is a key requirement of NIS2. With large organizations often being the target of multiple, complex cyberattacks, the rapid co-ordination of multiple stakeholders and timely reporting of incidents is what allows for quicker response and recovery, as well as minimizing the impact on essential services and the wider economy. Having robust technical protection will clearly help but organizations also need to think through the complete response to a security incident.<\/span>\u00a0<\/span><\/p>\n

Technologies like <\/span>Microsoft Defender<\/span><\/b>\u202fand\u202f<\/span>Microsoft Sentinel<\/span><\/b> will help security teams handle incidents with a real time, comprehensive view of security issues. But the work on becoming NIS2 ready relies on an organization\u2019s ability to create a fully robust set of compliance procedures<\/span> and policies that engage the board and\u202fwider organization. This is what ensures that everyone is on board with how to respond to a security incident and how to keep the business going with a minimal impact on operations.<\/span>
\n\u00a0<\/span><\/p>\n

NIS2 Equipped<\/span><\/b><\/p>\n

The next level of readiness IDC identified was NIS2 \u2018equipped.\u2019 About one-third (33%) of organizations fall into this category, and are characterized as being able to address most NIS2 requirements.\u00a0<\/span>\u00a0<\/span><\/p>\n

The way to move beyond this level of readiness is to conduct a gap analysis of your security measures, and also what\u2019s needed to meet NIS2 requirements or security standards such as ISO 27001.<\/span><\/p>\n

Let\u2019s consider supply chain security as an example, which is another key NIS2 requirement. When organizations enhance the security and resilience of their own organizations, cyber-criminals will look for other routes to compromise security via weaknesses in an organization\u2019s supply chain.<\/span>\u00a0<\/span><\/p>\n

Addressing supply chain vulnerabilities is key to ensuring your own assets remain secure. Microsoft tools like <\/span>Compliance Monitoring, Security Posture Management <\/span><\/b>and<\/span> Conditional Access Policies\u202f<\/span><\/b>can help you control and manage the external access of organizational assets and customer tenants, but your security will still be dependent on your ability to identify gaps and challenges in your security posture.\u00a0<\/span>\u00a0<\/span><\/p>\n

All organizations impacted by NIS2 should be in the process of identifying the challenges they have and develop action plans now. <\/span>
\n\u00a0<\/span><\/p>\n

Are you NIS2 ready?<\/span><\/b>\u00a0<\/span><\/p>\n

According to the IDC, organizations at the ready level for NIS2 (14%) exhibit the highest degree of preparedness for incident handling, have business continuity measures in place and deploy robust technology to ensure supply chain security and advanced encryption or cryptography.<\/span>\u00a0<\/span><\/p>\n

At Microsoft, we stand ready to help organizations of all kinds use\u00a0 NIS2 as an opportunity to advance their cybersecurity posture. Our unique perspective in the security market and comprehensive suite of secure cloud-based solutions can help you identify, prevent, and mitigate against the cyberthreats we are facing today and in the future.\u202f\u202f<\/span>\u00a0<\/span><\/p>\n

Source: IDC Infobrief, Sponsored by Microsoft, NIS2 Readiness: A Guide for Organizations in Europe, #EUR252440224, July 2024<\/span>\u00a0<\/span><\/p>\n

> Read the IDC report in full<\/a>\u00a0<\/strong><\/h2>\n","protected":false},"excerpt":{"rendered":"

New research: Getting NIS2 ready\u202f\u00a0 The European wide directive Network and Information Security 2 (NIS2)\u202fcomes into effect on 17 October, with the aim of strengthening Europe\u2019s ability to collectively defend against cyber-attacks and protect the region\u2019s critical infrastructure.\u00a0 This new directive will impact upwards of 180,000 organizations, from healthcare and transport, to manufacturing and supply […]<\/p>\n","protected":false},"author":887,"featured_media":949462,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"class_list":["post-949075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","specials-transform-en","stories-data-insights-intelligence","stories-how-can-i-get-insights-from-my-data","businessPriorities-applications-infrastructure"],"_links":{"self":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/949075"}],"collection":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/users\/887"}],"replies":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/comments?post=949075"}],"version-history":[{"count":7,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/949075\/revisions"}],"predecessor-version":[{"id":950976,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/949075\/revisions\/950976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media\/949462"}],"wp:attachment":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media?parent=949075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/categories?post=949075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}