Skip to main content
Enterprise Computing Solutions
Enterprise Computing Solutions
Arrow Electronics, Inc.
  1. Home
  2. Resources: Channel Advisor
  3. Resources
  4. Tenable - NIS2 is coming … are you and your customers ready?
Artifical_Intelligence_Project
Article

Tenable - NIS2 is coming … are you and your customers ready?

23/10/2024

Securing a cloud environment is complex and fragmented

In response to an exponentially expanding attack surface and the professionalisation of cybercrime, the next iteration of the Networks Information Systems (NIS) Directive, NIS2 came into national law of EU member states on 17th October 2024. 

Designed to enhance the cybersecurity and resilience of network and information systems across critical sectors, NIS2 packs a more powerful punch than its predecessor, with a significant expansion of scope and more serious consequences for non-compliance. 

Although it is an EU directive for EU member states, it will have global reach, as organisation outside of the EU that fall within the scope will need to comply on their operations in EU member states, or risk facing penalties and restrictions. Individual nations outside of the EU are introducing their own legislative reforms in harmony with NIS2. For example, the UK is planning its own changes such as regulation of critical suppliers and a lowered threshold for the type of incidents regulated organisations must report.

The key changes

Wider scope, more robust incident reporting, enhanced cooperation and cybersecurity certification is the new focus of NIS2

  1. Scope - sector coverage has expanded from 7 to 15 sectors, extending the reach to more industries and sectors, covering a broader range of essential services and digital services providers, including cloud computing services, online marketplaces and search engines, among others.
  2. Incident reporting - NIS2 introduces a harmonised reporting obligation for serious incidents which no longer only applies to essential services, meaning a broader range of organisations must report incidents.
  3. Coordination and cooperation - a stronger coordination and cooperation framework between EU members states, the European Union Agency for Cybersecurity (EINSA) and the European Commission, has been created – intended to improve overall cybersecurity
  4. Cybersecurity certification - NIS2 introduces a voluntary cybersecurity certification scheme for digital service providers and operators of essential services, encouraging organisations to demonstrate compliance with the Directives requirements.

For organisations to become, and importantly remain, compliant, they must implement robust procedures and systems to assess and manage risk, implement appropriate security measures, and have a standardised incident response plan, whilst ensuring this is all documented: a not insignificant amount of work, and something that does not come without its challenges. 

One of the most significant of which faced by regulated organisations, especially those with a pan-European presence, is the different interpretation of NIS2 amongst member states. Therefore, understanding your customers’ exposure, and how they may need to adapt any harmonised cybersecurity practices to comply with varying interpretations, is crucial to successfully implementing the directive.

It is obvious that compliance to NIS2 has the potential to be complex and very demanding for organisations who fall within its scope. But with the guidance of Cybersecurity experts such as Tenable, implementation can be supported and, crucially, the significant penalties for non-compliance can be avoided.  

Tenable empowers security leaders with a business-aligned view of cyber threat, reducing the risk of vulnerabilities and supporting customers toward a NIS2 compliant security posture. Offering risk-based vulnerability management and gauging OT, Identity and Cloud exposure, Tenable offers a comprehensive visibility and exposure management solution to help organisations with NIS2 risk-based governance. 

Download this FAQ sheet for more detail on NIS2. [link to External_FAQ__NIS2_Directivepptx.pdf]

About Tenable

About Tenable Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at www.tenable.com

Download this FAQ sheet for more detail on NIS2
NIS2 Directive Partner Playbook