fechar
fechar
Sua Rede do Amanhã
Sua Rede do Amanhã
Planeje seu caminho rumo a uma rede mais rápida, segura e resiliente projetada para os aplicativos e usuários aos quais você oferece suporte.
          Experimente a Netskope
          Coloque a mão na massa com a plataforma Netskope
          Esta é a sua chance de experimentar a plataforma de nuvem única do Netskope One em primeira mão. Inscreva-se em laboratórios práticos e individualizados, junte-se a nós para demonstrações mensais de produtos ao vivo, faça um test drive gratuito do Netskope Private Access ou participe de workshops ao vivo conduzidos por instrutores.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            A Netskope estreia como líder no Quadrante Mágico™ do Gartner® para Single-Vendor SASE
              Protegendo a IA generativa para leigos
              Protegendo a IA generativa para leigos
              Saiba como sua organização pode equilibrar o potencial inovador da IA generativa com práticas robustas de segurança de dados.
                E-book moderno sobre prevenção de perda de dados (DLP) para leigos
                Prevenção Contra Perda de Dados (DLP) Moderna para Leigos
                Obtenha dicas e truques para fazer a transição para um DLP fornecido na nuvem.
                  Livro SD-WAN moderno para SASE Dummies
                  SD-WAN moderno para leigos em SASE
                  Pare de brincar com sua arquitetura de rede
                    Compreendendo onde estão os riscos
                    O Advanced Analytics transforma a maneira como as equipes de operações de segurança aplicam insights orientados por dados para implementar políticas melhores. Com o Advanced Analytics, o senhor pode identificar tendências, concentrar-se em áreas de preocupação e usar os dados para tomar medidas.
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        O Netskope One Private Access é a única solução que permite que o senhor aposente sua VPN definitivamente.
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                            Netskope GovCloud
                            Netskope obtém alta autorização do FedRAMP
                            Escolha o Netskope GovCloud para acelerar a transformação de sua agência.
                              Vamos fazer grandes coisas juntos
                              A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.
                                Netskope solutions
                                Netskope Cloud Exchange
                                O Netskope Cloud Exchange (CE) oferece aos clientes ferramentas de integração poderosas para alavancar os investimentos em toda a postura de segurança.
                                  Suporte Técnico Netskope
                                  Suporte Técnico Netskope
                                  Nossos engenheiros de suporte qualificados estão localizados em todo o mundo e têm diversas experiências em segurança de nuvem, rede, virtualização, fornecimento de conteúdo e desenvolvimento de software, garantindo assistência técnica de qualidade e em tempo hábil.
                                    Vídeo da Netskope
                                    Treinamento Netskope
                                    Os treinamentos da Netskope vão ajudar você a ser um especialista em segurança na nuvem. Conte conosco para ajudá-lo a proteger a sua jornada de transformação digital e aproveitar ao máximo as suas aplicações na nuvem, na web e privadas.

                                      Let’s Talk About NIS2

                                      Mar 21 2023

                                      Late last year, the EU Parliament formally adopted a new Directive, NIS2, updating and superseding the existing NIS Directive which helped the organisations responsible for Europe’s critical national infrastructure to better understand, manage, and reduce their cybersecurity risk.  NIS2 expanded the industries covered (broadening the concept of critical infrastructure to include telecoms, social media, and local government alongside utilities, digital infrastructure, banks, and healthcare), but it still fundamentally aims to strengthen cybersecurity requirements. It is estimated that about 160,000 organisations will be required to comply, grouped as either Essential or Important, with compliance requirements differing between categories.

                                      So what do we need to know? Firstly, it is important to note that NIS2 is an EU Directive, not currently legislation in any member states and so while it “came into force” in January 2023, the deadline that organisations will need to watch for is 17th October 2024—because that is the deadline for national legislatures to turn the Directive into enforceable national laws. As we approach that date we will all have a clearer idea of how the relatively high level guidelines will be translated into legal requirements that we all need to follow. At this point, the Directive is high-level and still open to interpretation—deliberately so, because the more specific it is, the quicker it would become outdated.  

                                      What is included?

                                      NIS2 comprises a number of areas where organisations will be required to implement security measures and achieve baseline standards. These areas are:

                                      • Risk analysis 
                                      • Information system security policies
                                      • Incident response (prevention and detection of a response to incidents)
                                      • Business continuity and crisis management
                                      • Supply chain security
                                      • Assessment of effectiveness of risk management measures 
                                      • Encryption 
                                      • Vulnerability disclosure

                                      Within these categories we see some detail about the requirement to report incidents, train management teams in cyber risk, and allow on-site inspections. There is also inclusion of non-compulsory recommendations around user training, and some less stringent allowances for  organisations in the Important group. 

                                      Looking at this list you can see why we are already having conversations with customers and prospects about NIS2—there’s plenty in here that we can help with, even ahead of national lawmakers adding in much more specific details. 

                                      As is the custom with EU initiatives, this one shows its teeth through administrative fines of up to €10 million or 2% of the entity’s total turnover worldwide, whichever is higher, for “Essential Entities” (and there is a slightly lower fine too—€7 million or 1.4% global turnover for “Important Entitles”). These would be additional to any fines that may be applied due to a single incident also falling foul of GDPR rules.

                                      Points to note

                                      While we wait for this national legislation to see how the Directive is interpreted into law within the member states, we wanted to pick out a few things that are worth noting already.

                                      1. Collaboration is at the core of NIS2

                                      NIS2 has a strong focus on collaboration. We see this in the establishment of one of the best acronyms we have seen for a while: the EU Cyber Crisis Liaison Organisation Network (EU-CyCLONe). This body is intended to facilitate coordinated management of EU-wide incidents. Other ways to improve collaboration can be found in the measures aimed at increasing the level of trust and information sharing between competent authorities.

                                      2. Supply chain security is a priority

                                      An understanding of the interdependent nature of cyber defence is also evident in the emphasis that NIS2 gives to more stringent rules on supply chain security. This is a hugely welcome focus within the directive and will require clever implementation to ensure we extract the most value from the intentions outlined. Auditing, monitoring, and acting upon supply chain risk is not straightforward and we hope to see some creativity from the industry in suggesting workable ways to collaborate on this issue. The aim must be to drive efficiency in the interests of productivity while avoiding debilitating bureaucratic processes. We need better security, not more paperwork.

                                      3. Basic hygiene provides for robust preparation

                                      The standards set in the Directive are nothing new for organisations—although their agreement as enforceable baseline standards is. They are things that should all be on the priority list for any organisation already. However there is definitely value in pointing out that some of the things we do today as basic hygiene can benefit from improvement. Cybersecurity and risk awareness training, for instance, is something that is an annual tick-box requirement already for many organisations (not least as a requirement for most cyber insurance policies). But we are hoping that NIS2 opens discussion as to the effectiveness of some of the ways we conventionally do things, for instance in this case we would like to see the industry place a greater emphasis on “just-in-time” training to help employees better assess risk at the point of its appearance. The ultimate goal is to change behaviour and break old habits, this is not achieved by a yearly 30 min training video.

                                      A summary on any discussion around NIS2 at the moment can only really be “watch this space”. So much is going to be determined by the national governments of Europe (EEA) as they legislate on the matter over the coming 18 months. For information professionals (in particular governance, risk, and compliance (GRC)) now is the time to start to plan. The Directive gives a useful cheat sheet for best practices which can already be used to help prioritise initiatives that genuinely improve security posture, and rationalise those that are outdated or even hinder efforts. 

                                      author image
                                      Robby Coppens
                                      Robby Coppens has spent his career building solutions with any kind of technology to enable businesses throughout Europe.
                                      Robby Coppens has spent his career building solutions with any kind of technology to enable businesses throughout Europe.

                                      Mantenha-se informado!

                                      Assine para receber as últimas novidades do Blog da Netskope