Zscaler Report Reveals Disconnect on Ability to Meet NIS2
As the cybersecurity landscape grows increasingly perilous, regulatory bodies in Europe and the US are ramping up efforts to bolster defences and enforce stringent standards across industries.
Yet, a recent report from IT security company Zscaler, titled "NIS 2 & Beyond: Risk, Reward & Regulation Readiness," highlights a concerning disconnect between European businesses' confidence in meeting the NIS2 compliance requirements and their understanding of what achieving compliance entails.
While 80% of European IT leaders expressed confidence in meeting the NIS2 compliance deadline, only 53% believed their teams fully grasped the directive's demands, and a mere 49% felt leadership comprehended the implications.
This disconnect is further exacerbated by a lack of support from leadership, with 56% of IT leaders stating their teams lacked the necessary backing from the top to meet the compliance deadline, despite 32% citing NIS2 as a top priority.
The EU's NIS2 Directive, which came into force in January 2023 and has till 17 October 2024 to be implemented across member states, aims to enhance the overall level of cybersecurity within the bloc.
This directive expands the scope of the previous NIS framework, encompassing new sectors and entities to improve resilience and incident response capabilities.
Cybersecurity compliance across the world
Across the Atlantic, the US has taken a parallel approach with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Originally introduced in 2014, the CSF has recently undergone its first major update, dubbed CSF 2.0, to address the evolving cybersecurity landscape. The revised framework expands its scope beyond critical infrastructure protection to encompass organisations of all sizes and sectors.
A notable addition to CSF 2.0 is the "Govern" function, which emphasises the importance of cybersecurity governance within organisations. This component underscores the need for senior leaders to consider cybersecurity as a significant source of enterprise risk, alongside factors such as finance and reputation.
By integrating governance into the framework, NIST aims to foster a culture of informed decision-making and strategic alignment in addressing cybersecurity challenges.
Cybersecurity landscape
The timing of these regulatory developments is particularly crucial, as the cyber threat landscape has entered a new era of sophistication and unpredictability.
Geopolitical and economic factors have contributed to a complex environment, with cybercriminals leveraging advanced techniques like AI-powered malware, phishing scams, and social engineering attacks to exploit vulnerabilities.
Insider threats have also emerged as a growing concern, with industry analysis indicating a 47% increase over the past two years, resulting in substantial financial losses for organisations.
As regulatory bodies tighten their grip and organisations grapple with an ever-evolving threat landscape, the need for a holistic and proactive approach to cybersecurity has never been more pressing. Compliance with frameworks like NIS2 and NIST CSF 2.0 is not merely a box-ticking exercise but a strategic imperative for safeguarding digital assets and ensuring business continuity.
The EU's introduction of legislation aimed at tightening cybersecurity and handling of data, such as GDPR, the Cyber Resilience Act, and DORA demonstrates how the world is beginning to take cybersecurity more seriously, especially in the age of advanced attacks from AI and the rise in ransomware.
But businesses must be prepared for that change. As James Tucker, Head of CISO at Zscaler, stated, "Regulations by themselves will never be the answer to first-class cybersecurity hygiene – particularly given the scale of the cybersecurity challenge. Rather than a problem to solve, regulations should be viewed as an opportunity to raise foundational security up a rung."
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik bran