t cht lk powering investigation and evidence collection so the reports contain all the documentation needed .
t cht lk powering investigation and evidence collection so the reports contain all the documentation needed .
Another issue that NIS2 seeks to address is the lack of cybersecurity information-sharing that has obstructed efforts at cross-border risk management and incident response in the past .
The directive will establish an international cooperation group , a network of national CSIRTs , and the EU- CyCLONe cross-border incident management and response network . It also creates a system of coordinated vulnerability disclosures and a European vulnerability database that will be managed by ENISA .
Threat intelligence sharing will form a key aspect of the success of these initiatives .
NIS2 is not just about controlling attack risk it ’ s also focused on improving the quality of response to incidents when they occur .
Previously , EU authorities noted a lack of consistency in the speed and detail of major incident reporting , so the new directive tightens up both the time frame and level of information that organisations must provide .
Significant incidents must be reported to authorities within 24 hours with an early warning including a description of the incident , whether the organisation believes it was caused by unlawful or malicious activity and whether it could cause cross-border impact . Within 72 hours the organisation must provide an update providing information about its severity and impact , plus relevant indicators of compromise .
One month after the initial notification a full report must be provided .
Threat Intelligence Platforms and / or Security Orchestration Automation and Response Platforms can provide the foundations of effective reporting by gathering real-time intelligence when an incident occurs , initiating an automated incident response plan including notifying the relevant authorities , and
A threat intelligence platform and participation in industry-specific threat intelligence communities can help organisations stay informed , share best practices , and embrace the ethos of the directive , while also contributing proactively to the rising tide of cybersecurity performance that it seeks to deliver .
Proactive information-sharing will also be crucial to gaining visibility over threats in the organisation ’ s supply chain .
This is a central tenet of NIS2 , with in-scope companies required to take a risk management approach to monitoring cybersecurity standards in supplier organisations .
By fostering a collaborative approach to cyber risk and sharing threat intelligence with suppliers , companies can build a culture of cybersecurity collaboration that will benefit all parties .
Compliance with regulations such as NIS2 will rest on the ability to demonstrate clear understanding of risk and a robust incident response and reporting framework .
Collecting , analysing and sharing threat intelligence should be a priority for in-scope organisations as they build their compliance capabilities . p
Cyrille Badeau , Vice- President International Sales , ThreatQuotient
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 77