Symfony Profiler

"App\Controller\ArticleController::show"

"security.firewall.map.context.main"

Symfony\Component\WebLink\GenericLinkProvider {#3618
  -links: [
    3739 => Symfony\Component\WebLink\Link {#3739
      -href: "/build/runtime.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3737 => Symfony\Component\WebLink\Link {#3737
      -href: "/build/644.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3736 => Symfony\Component\WebLink\Link {#3736
      -href: "/build/502.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3735 => Symfony\Component\WebLink\Link {#3735
      -href: "/build/app.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3734 => Symfony\Component\WebLink\Link {#3734
      -href: "/build/view-more.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3733 => Symfony\Component\WebLink\Link {#3733
      -href: "/build/term-condition.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3732 => Symfony\Component\WebLink\Link {#3732
      -href: "/build/contact.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3731 => Symfony\Component\WebLink\Link {#3731
      -href: "/build/scroll-infinite-article.js"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "script"
      ]
    }
    3730 => Symfony\Component\WebLink\Link {#3730
      -href: "/build/app.css"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "style"
      ]
    }
    3729 => Symfony\Component\WebLink\Link {#3729
      -href: "/build/cookie-style.css"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "style"
      ]
    }
    3728 => Symfony\Component\WebLink\Link {#3728
      -href: "/build/term-condition-css.css"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "style"
      ]
    }
    3727 => Symfony\Component\WebLink\Link {#3727
      -href: "/build/contact-css.css"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "style"
      ]
    }
    3726 => Symfony\Component\WebLink\Link {#3726
      -href: "/build/comment-css.css"
      -rel: [
        "preload" => "preload"
      ]
      -attributes: [
        "as" => "style"
      ]
    }
  ]
}

"article_show"

[
  "category" => "society"
  "slug" => "risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"
]

"_security_main"

"53c029"

"society"

"risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"*/*"

"gzip, br, zstd, deflate"

"close"

"PHPSESSID=6i5nic0e2bivnmj7u2j3f8f3e7"

"rct.dev.bbntimes.com"

"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"

"1"

"no-cache, private"

"text/html; charset=UTF-8"

"Sat, 22 Feb 2025 13:34:28 GMT"

"</build/runtime.js>; rel="preload"; as="script",</build/644.js>; rel="preload"; as="script",</build/502.js>; rel="preload"; as="script",</build/app.js>; rel="preload"; as="script",</build/view-more.js>; rel="preload"; as="script",</build/term-condition.js>; rel="preload"; as="script",</build/contact.js>; rel="preload"; as="script",</build/scroll-infinite-article.js>; rel="preload"; as="script",</build/app.css>; rel="preload"; as="style",</build/cookie-style.css>; rel="preload"; as="style",</build/term-condition-css.css>; rel="preload"; as="style",</build/contact-css.css>; rel="preload"; as="style",</build/comment-css.css>; rel="preload"; as="style""

"f546fa"

"6i5nic0e2bivnmj7u2j3f8f3e7"

"Sat, 22 Feb 25 13:34:04 +0000"

"Sat, 22 Feb 25 13:34:27 +0000"

0

"us6e9LtWrYreifCcpADYGr9-cR5wznMB-pECAZX5xuQ"

"TFjV075m2sHchkrRz0Wow7oq4rYJ2sIVjIvz6km-M84"

"dev"

"0a988e63f011514eaabfc650b599af4d"

"*"

"mysql://bbndb_rctuser:33F5W25z40or0f7@localhost:3306/rct_bbntimes"

"6LdV5fgpAAAAANxzTG8ZMfIjil1wu-1vrQvnUt-x"

"6LdV5fgpAAAAAENKcn73MJAhQrbtQeqgyC4wDLMP"

"smtp://no-reply%40rct.dev.bbntimes.com:Bl6%26gLD48%26Of919@rct.dev.bbntimes.com:465"

"i!87pK&!85ezc8"

"1"

"/public"

"/var/www/vhosts/dev.bbntimes.com/rct.dev.bbntimes.com"

""

"/var/www/vhosts/dev.bbntimes.com/rct.dev.bbntimes.com"

"RESPONDER"

"CGI/1.1"

"on"

"*/*"

"gzip, br, zstd, deflate"

"close"

"PHPSESSID=6i5nic0e2bivnmj7u2j3f8f3e7"

"rct.dev.bbntimes.com"

"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"

"0"

"0"

"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

"/public/index.php"

"plesk-php81-fastcgi"

"/var/www/vhosts/system/rct.dev.bbntimes.com/etc/php.ini"

""

"/public"

"on"

"0"

"0"

"on"

"0"

"0"

"https://rct.dev.bbntimes.com/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"rct.dev.bbntimes.com"

"200"

"Z7nSZLiBoyj8JZ8-HGyEggAAABI"

"https://rct.dev.bbntimes.com/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"rct.dev.bbntimes.com"

"200"

"Z7nSZLiBoyj8JZ8-HGyEggAAABI"

"/public/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"3.136.22.194"

"23903"

"GET"

"https"

1740231268

1740231268.3837

"/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"/var/www/vhosts/dev.bbntimes.com/rct.dev.bbntimes.com/public/index.php"

"/public/index.php"

"https://rct.dev.bbntimes.com/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"/society/risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"

"5.196.1.209"

"[no address given]"

"rct.dev.bbntimes.com"

"443"

"HTTP/1.1"

"<address>Apache Server at rct.dev.bbntimes.com Port 443</address>\n"

"Apache"

"rct.dev.bbntimes.com"

"APP_ENV,APP_SECRET,DATABASE_URL,MARIADB_PASSWORD,CORS_ALLOW_ORIGIN,MAILER_DSN,GOOGLE_RECAPTCHA_SECRET_KEY,GOOGLE_RECAPTCHA_SITE_KEY"

"Z7nSZLiBoyj8JZ8-HGyEggAAABI"

"App\Controller\CookieController::renderAnalysis"

"html"

"en"

"dbcdf2"

"App\Controller\AppController::renderHeader"

"html"

"en"

"c89b78"

"home"

"App\Controller\ArticleController::trendingArticle"

"html"

"en"

"f3ab02"

"Society"

"App\Controller\ArticleController::relatedArticles"

"html"

"en"

"3c1a84"

App\Entity\Article {#1094
  -id: 16159
  -title: "Risk Management in the Digital Age: NIS2 Compliance and Accountability Strategies"
  -slug: "risk-management-in-the-digital-age-nis2-compliance-and-accountability-strategies"
  -introtext: "<p>Network and Information Systems Directive (NIS2) has become a critical framework for ensuring the cybersecurity and resilience of essential services.</p>\r\n"
  -content: """
    \r\n
    <p id="ember48" class="ember-view reader-content-blocks__paragraph">We are navigating a cyber threat landscape of evolving complexity, diversity and sophistication in approach including the rise of cybercrime as an economy and&nbsp;"Ransomware as a Service" (RaaS), alongside an escalation in scope, scale and severity of impact - and one where concern around risk and accountability is understandably rising too. Indeed, 39% of businesses in the UK alone reported suffering<span class="white-space-pre"> </span><a class="app-aware-link " href="https://aag-it.com/the-latest-cyber-crime-statistics" target="_self" data-test-app-aware-link>cyber-attacks</a><span class="white-space-pre"> </span>in 2022<span class="white-space-pre"> </span>(AAG), the<span class="white-space-pre"> </span><a class="app-aware-link " href="https://therecord.media/fbi-warning-energy-sector-increased-hacking-china-russia" target="_self" data-test-app-aware-link>FBI</a><span class="white-space-pre"> </span>has recently highlighted the interrelated risk of fluctuating energy prices and cyber-attacks against critical national infrastructure, and a survey of Chief Information Security Officers identified<span class="white-space-pre"> </span><em>‘Reducing and Mitigating Risk’<span class="white-space-pre"> </span></em>as their leading CISO concern (<a class="app-aware-link " href="https://www.evanta.com/resources/ciso/infographic/2023-ciso-leadership-perspectives" target="_self" data-test-app-aware-link>Evanta</a>) – understandable then, that some 41% of respondents also reported that they would be investing in Identity and Access Management (IAM) and Multi Factor Authentication (MFA).</p>\r\n
    <p id="ember49" class="ember-view reader-content-blocks__paragraph">A timely response to this increasingly uncertain and aggressive cybersecurity landscape - as emphasised in the UK’s National Cyber Security Centre (NCSC) recent<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.ncsc.gov.uk/collection/annual-review-2023" target="_self" data-test-app-aware-link>report</a><span class="white-space-pre"> </span>- the Network and Information Security 2 (NIS2) Directive is a significant piece of new European Union legislation that imposes stricter cybersecurity obligations on entities operating in critical sectors such as energy, transport, health and digital infrastructure. NIS2 also holds executives personally liable if they neglect to adequately address their organizations' cyber risk ("adequately" is a benchmark yet to be defined). I believe the broadened approach also recognises the interconnectedness of IT and OT in today's digital landscape.</p>\r\n
    <p id="ember50" class="ember-view reader-content-blocks__paragraph">In this article, I look at the key steps organizations can take to meet NIS2 requirements, with a personal take on why this matters so much, in particular drawing on my background in telecoms and working across tech convergence, notably securing IT and Operational Technology. I also reference some of the<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/uk/resources/whitepaper-why-identity-is-important-whilst-preparing-for-nis2-compliance/?utm_source=influencer&amp;utm_medium=social&amp;utm_campaign=2023-08%7CINB%7CNIS2Compliance-WPR%7CEMEA-UKI&amp;ocid=7014z000001pPRuAAM-aPA4z000000blMDGAY&amp;utm_content=sally&amp;utm_id=aNK4z000000UBEiGAO" target="_self" data-test-app-aware-link>support</a><span class="white-space-pre"> </span>available to manage the transition, especially from&nbsp;the leading independent Identity partner<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/" target="_self" data-test-app-aware-link>Okta</a><span class="white-space-pre"> </span>who Gartner recently named as a Leader in the<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/resources/gartner-magic-quadrant-access-management/" target="_self" data-test-app-aware-link>Magic Quadrant for Access Management</a><span class="white-space-pre"> </span>November 2023 - the 7th consecutive year that Okta has attained this trusted recognition.<span class="white-space-pre"> </span></p>\r\n
    <h2 id="ember51" class="ember-view">Today’s Cyber Security Landscape</h2>\r\n
    <p id="ember52" class="ember-view reader-content-blocks__paragraph">Officially part of the Digital Markets Act (DMA) and with a requirement to be transposed into national law by October 17th 2024,<span class="white-space-pre"> </span><a class="app-aware-link " href="https://digital-strategy.ec.europa.eu/en/policies/nis2-directive" target="_self" data-test-app-aware-link>NIS2</a><span class="white-space-pre"> </span>replaces and repeals the original Network and Information Security (NIS) Directive. It is designed to improve cybersecurity risk management, incident reporting, supply chain security and third-party risks and also to introduce managerial liability for cyber incidents&nbsp;alongside strict reporting obligations – as just one example, a compulsory early warning must be given immediately following a cyber breach and communicated to the relevant authority within 24 hours.</p>\r\n
    <p id="ember53" class="ember-view reader-content-blocks__paragraph">NIS2 also includes provisions to foster improved information sharing and cooperation across member states to respond to the rise in cross-border cyber threats. This is an area I believe is especially important given the rise in bad actor collaboration, working together for example to reimagine old threats such as Emotet as I discussed<span class="white-space-pre"> </span><a class="app-aware-link " href="https://podcasts.apple.com/gb/podcast/emotet-the-chameleon-of-cybersecurity-risks/id1562152429?i=1000583344523" target="_self" data-test-app-aware-link>here</a>, or to engineer new ones, such as the continuing "Scattered Spider"&nbsp;Casino cyber<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.reuters.com/technology/cybersecurity/fbi-struggled-disrupt-dangerous-casino-hacking-gang-cyber-responders-say-2023-11-14/" target="_self" data-test-app-aware-link>hacking gang</a><span class="white-space-pre"> </span>incidents in the US. Clearly, cyber criminals are evolving into networks of highly adaptive and organised crime groups (OCGs), but we are also seeing a rise in smaller and less-organized entities too - these groups often collaborating and trading services on ‘dark’ marketplaces and forums, akin to an ecosystem in their approach.</p>\r\n
    <p id="ember54" class="ember-view reader-content-blocks__paragraph">And the impact is clear! Participants of the European Union’s 2023 ‘<a class="app-aware-link " href="https://europa.eu/eurobarometer/surveys/detail/2959" target="_self" data-test-app-aware-link>Eurobarometer</a>’ survey cited the protection of users from cyberattacks as EU citizens' top priority for future actions in their respective countries. And within NIS2, we see the introduction of the new European Cyber Crises Liaison Organisation Network (<a class="app-aware-link " href="https://www.enisa.europa.eu/topics/incident-response/cyclone" target="_self" data-test-app-aware-link>EU-CyCLONe</a>) as part of the focus on addressing exactly that - a system for rapid crisis management coordination to be activated in the case of large-scale and cross-border cyber incidents. Given the recent acceleration in AI and notably Generative AI developments, and the dual frontier of risks and new capabilities this affords which came centre stage at the recent UK Government AI Safety Summit, this needed prioritisation on citizen protection underpinned by citizen trust is only poised to grow - a salient discussion paper on this subject is freely available now<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.gov.uk/government/publications/frontier-ai-capabilities-and-risks-discussion-paper" target="_self" data-test-app-aware-link>here</a>.</p>\r\n
    <h2><img src="/images/Understanding_NIS2_and_Where_it_Fits_in.jpeg" alt="Understanding_NIS2_and_Where_it_Fits_in.jpeg" width="600" height="400" /></h2>\r\n
    <h2 id="ember56" class="ember-view">Understanding NIS2, and Where it Fits in</h2>\r\n
    <p id="ember57" class="ember-view reader-content-blocks__paragraph">The NIS2 Directive is the most comprehensive European cybersecurity directive to date, expanding the scope beyond traditional IT systems to include OT and essential service providers, with stricter requirements for risk management and incident reporting, wider coverage of sectors, and more hard-hitting penalties for non-compliance. This includes a potential fine of €10 million or 2% of the yearly global turnover of public and private sector organizations in scope, alongside a variety of non-financial penalties including orders to comply, direct mandatory instructions, mandates for security audits&nbsp;and alerts made to an organisations' clients about their potential risks.<span class="white-space-pre"> </span></p>\r\n
    <p id="ember58" class="ember-view reader-content-blocks__paragraph">The directive defines "operators of essential services" (OES) as businesses and organizations that provide essential services to society, such as energy, banking, health care, water supply, and transport services. This is an area which also highlights the global impact of NIS2. So, for example, a provider of operationally critical products or services that is non-EU-based but selling to a business classed as important or essential that is, would also be in scope and we can expect to see related elements such as risk assessment and incident reporting procedures embedded into future contracts. Similarly, while it is true that NIS2 has a specific focus – critical sectors – it still applies to a vast number and more broader range of organizations. Quoted statistics generally point to<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.ey.com/en_dk/cybersecurity/five-things-to-know-if-your-company-falls-under-the-scope-of-nis2" target="_self" data-test-app-aware-link>over 100,000 companies to be affected by NIS2</a>.</p>\r\n
    <p id="ember59" class="ember-view reader-content-blocks__paragraph">Within the new legislation, ten core operational requirements are introduced that all companies within its scope must address or implement as part of their cybersecurity measures – these range from risk analysis and vulnerability disclosure right through to incident response and cybersecurity training. These requirements are designed to address the deficiencies of the previous rules, adapt to current needs, and to future-proof the directive as far as possible given the dynamic landscape described.</p>\r\n
    <h2 id="ember60" class="ember-view">Key Steps to Addressing NIS2 Requirements</h2>\r\n
    <p id="ember61" class="ember-view reader-content-blocks__paragraph">Meeting the NIS2 requirements requires a ‘drilling down’ into the effectiveness of your defensive measures against cyber threats, the robustness of your protocols that are supposed to stop attacks, and the agility of your response mechanisms to counteract emerging dangers. And with some recent reports now indicating that the cost of compliance may rise by 22% for those organisations not previously subject to NIS - being prepared and having access to reliable knowledge and trusted support to navigate this transition becomes an imperative.</p>\r\n
    <p id="ember62" class="ember-view reader-content-blocks__paragraph">Dealing with every detailed requirement of NIS2 takes time and dedication – but the requirements revolve largely around the following key themes, which<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/uk/" target="_self" data-test-app-aware-link>Okta</a><span class="white-space-pre"> </span>covers in full detail in their recent whitepaper available now<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/uk/resources/whitepaper-why-identity-is-important-whilst-preparing-for-nis2-compliance/?utm_source=influencer&amp;utm_medium=social&amp;utm_campaign=2023-08%7CINB%7CNIS2Compliance-WPR%7CEMEA-UKI&amp;ocid=7014z000001pPRuAAM-aPA4z000000blMDGAY&amp;utm_content=sally&amp;utm_id=aNK4z000000UBEiGAO" target="_self" data-test-app-aware-link>here</a>:</p>\r\n
    <p id="ember63" class="ember-view reader-content-blocks__paragraph">·<span class="white-space-pre"> </span><strong><em>Verify and Maintain Security Posture:<span class="white-space-pre"> </span></em></strong><em>This is all about looking at how well your company is set up to fight off cyber-attacks. It includes how you stop attacks from happening, how quickly your company can react to new threats, and the type of security technology you use, including firewalls or antivirus programs. It's like personal hygiene, but for your company's cybersecurity.</em></p>\r\n
    <p id="ember64" class="ember-view reader-content-blocks__paragraph">·<span class="white-space-pre"> </span><strong>Special Protections for Privileged Access</strong>:<span class="white-space-pre"> </span><em>Under NIS2, protecting special access means focusing on Identity Access Management (IAM), Privileged Access Management (PAM), and Multi-Factor Authentication (MFA). Access management centres on making sure the right people have the right access to digital resources at the right time - this is not just for your team but for the ecosystem of everyone you work with, such as suppliers.</em></p>\r\n
    <p id="ember65" class="ember-view reader-content-blocks__paragraph">·<span class="white-space-pre"> </span><strong><em>Ramping up Ransomware Defences</em></strong><em>: Ransomware remains a huge headache globally with notable recent attacks including the Colonial Pipeline in Texas and the Health Service Executive of Ireland disrupting critical services. Even though NIS2 does not call ransomware out by name, it is all about tackling these kinds of cyber threats, especially given the rate of evolution, with cyber-criminals now typically prioritizing data theft and extortion over actually deploying ransomware itself. &nbsp;Start with training your team to spot and handle ransomware risks. Keep your software and systems up to date to close any gaps that attackers might use. Strong access management is critical too - cut down on ways for malware to get in.</em></p>\r\n
    <p id="ember66" class="ember-view reader-content-blocks__paragraph">·<span class="white-space-pre"> </span><strong><em>Embrace Zero Trust</em></strong><em>: Today’s cyberthreat landscape combination of heightened risk alongside endpoint choice, flexible workstyles and applications everywhere means that the once traditional, established trust boundaries that use perimeter security&nbsp;simply no longer exist</em>.<em><span class="white-space-pre"> </span>Endpoints&nbsp;are&nbsp;not&nbsp;“yours”&nbsp;anymore. NIS2 therefore understandably ‘nudges’ organizations towards a Zero Trust architecture approach. It sounds simple: ensure that every device and user is verified before granting access - trust no one and nothing, whether inside or outside your network. But for more information, my personal take on what Zero Trust security ‘really means’ is freely available<span class="white-space-pre"> </span></em><a class="app-aware-link " href="https://www.linkedin.com/pulse/reimagining-zero-trust-its-continual-practice-product-sally-eaves/" target="_self" data-test-app-aware-link><em>here</em></a><em>.</em></p>\r\n
    <p id="ember67" class="ember-view reader-content-blocks__paragraph">While these are the broad themes, specific aspects of NIS2 may have particular importance for your organization and vertical – and it can be very worthwhile to work with a compliance expert to ensure that your organization complies both with the broader themes of NIS2, and the specific legislation. It is equally important to act quickly and make a start now – whilst NIS2 presents a key new challenge for organizations of all sizes, this also represents an opportunity to improve your overall cybersecurity posture and protect critical assets too.</p>\r\n
    <h2><img src="/images/Oktas_Role_in_NIS2_Compliance.jpeg" alt="Oktas_Role_in_NIS2_Compliance.jpeg" width="600" height="600" /></h2>\r\n
    <h2 id="ember69" class="ember-view">Okta's Role in NIS2 Compliance</h2>\r\n
    <p id="ember70" class="ember-view reader-content-blocks__paragraph">With moving from intention to action and closing risk gaps being one of the recurring key themes in cybersecurity today, Okta’s recent highest ranking on “ability to execute” for the third year in a row within Gartner’s<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.okta.com/resources/gartner-magic-quadrant-access-management/" target="_self" data-test-app-aware-link>Magic Quadrant for Access Management</a><span class="white-space-pre"> </span>is a standout barometer around protection actualisation and at scale. Indeed, Okta's recent 'Oktane' event saw the launch of Log Investigator with Okta AI, Actions Navigator with Okta AI, and Expert Assist, all contributing to a powerful toolset that can help organizations achieve compliance with specific regulations such as NIS2.</p>\r\n
    <p id="ember71" class="ember-view reader-content-blocks__paragraph">The company’s Identity Governance (OIG) solution combines Okta Workflows, Okta Lifecycle Management, and Okta Access Governance to help organizations mitigate modern risks and improve efficiency – with a focus on IAM and safeguarding privileged access. In combination, Okta's IAM solution provides a framework that helps you govern who the users of your business networks are and what services they can or cannot access. This ensures that the right individuals are the ones signing-in to their business networks, thereby helping top management fulfill their evolved cybersecurity risk management responsibilities under NIS2.</p>\r\n
    <h2 id="ember72" class="ember-view">Managing Access is at the Core</h2>\r\n
    <p id="ember73" class="ember-view reader-content-blocks__paragraph">And, of course, managing access rights is at the core of NIS2 requirements – poorly managed IAM leaves the door open for breaches. Okta's solutions help prevent security breaches that could lead to significant penalties, from financial to loss of trust. Okta provides comprehensive visibility into authorization and access attempts across various infrastructures and technologies. This capability assists organizations in reconstructing the timelines of network or resource reconnaissance, a crucial component in incident reporting – another core part of NIS2.</p>\r\n
    <p id="ember74" class="ember-view reader-content-blocks__paragraph">Finally, Okta's IAM solution strengthens all important supply chain security by managing access control and identity with the same speed and confidence for 10 employees as for 10,000. All-in-all Okta’s solutions and expertise can help organizations cover a significant amount of ground in terms of NIS2 compliance and moving past common challenges.</p>\r\n
    <h2 id="ember75" class="ember-view">Tackling Common Challenges</h2>\r\n
    <p id="ember76" class="ember-view reader-content-blocks__paragraph">Meeting the new NIS2 standards can be challenging. For example, when moving to the cloud or as you bring in new technology such as IoT devices and all the opportunities these afford, you're also expanding your exposure and potentially bringing in new risks too, especially when working with third parties. This is heightened further still with the AI juxtaposition already discussed and growing areas such as IT and OT convergence especially within verticals such as telecommunications, manufacturing and energy – with all the advancements also comes new challenges, especially in securing Operational Technology (OT) environments.</p>\r\n
    <p id="ember77" class="ember-view reader-content-blocks__paragraph">Vendor reliability and trust is such a key relationship to help navigate this transition, make informed choices and stay ahead of changes to the threat landscape. Additionally, convincing senior executives to spend more on cybersecurity can be tough but crucial. Here ‘changing the narrative’ is key. Emphasizing the risks of ignoring security or ‘the cost of insecurity’ is fundamental to secure buy-in and the funds to invest in training your current team and attracting new staff, especially given the supply-talent gap shortages in the space today.</p>\r\n
    <p id="ember78" class="ember-view reader-content-blocks__paragraph">Finally, it remains a truism that you ‘cannot manage what you cannot measure’. With risk and compliance legislation tightening,<span class="white-space-pre"> </span><em>acting now</em><span class="white-space-pre"> </span>to assess your organisations’ current level of cyber maturity and capability against the requirements of NIS2 is imperative. As a founder, mentor and advisor to businesses across different verticals and across sizes, I have seen the challenge 1st hand, especially for SME/SMBs which can have additional constraints around resources and experience. Or in other words, the ‘where to start’ can feel overwhelming.</p>\r\n
    <p id="ember79" class="ember-view reader-content-blocks__paragraph">To support this, I would recommend exploring Okta’s independent new compliance and regulation risk assessment tool to<span class="white-space-pre"> </span><a class="app-aware-link " href="https://okta.postclickmarketing.com/compliance-and-regulation-risk-assessment" target="_self" data-test-app-aware-link>self-assess</a><span class="white-space-pre"> </span>– this can clarify your baseline, help you identify ‘low hanging fruit’ areas to work on first, allow regular benchmarking of progress which can also support buy in – the list goes on! Additionally, the assessment provides a foundation to then move onto more complex activities, for example the development of Incident Response templates for uniform reporting of cybersecurity incidents to meet NIS2’s evolved requirements.</p>\r\n
    <p id="ember80" class="ember-view reader-content-blocks__paragraph">And finally, I believe an area that is underexplored but that it is also vital to consider, is the alternative means with which to demonstrate compliance with the NIS2 directive – there is no need to duplicate effort! So, for example, if you’re ISO 27001 certified, you could already have completed up to 70% of the NIS2 security requirements. Similarly, where an EU legal act such as PSD2 or DORA is already under observance with respect to incident response or cybersecurity, that extant ruling will actually take precedence. Again, working with an independent specialist such as Okta can help you work through these options. Additionally, I would recommend readers to explore the<span class="white-space-pre"> </span><a class="app-aware-link " href="https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework" target="_self" data-test-app-aware-link>CAF</a><span class="white-space-pre"> </span>(Common Assessment Framework) developed by the UK’s National Cyber Security Centre – adhering to the principals here serve as an excellent underpinning to the new areas of focus being introduced by NIS2.</p>\r\n
    <p id="ember81" class="ember-view reader-content-blocks__paragraph">To close, I would love to leave you with a call for feedback, I think dialogue so vital here! and to pose a final question – reflecting on all the above, do<span class="white-space-pre"> </span><em>you</em><span class="white-space-pre"> </span>believe NIS2 can become a trailblazer, akin to how GDPR has been for data protection? Many thanks, Sally</p>\r\n
    <h2 id="ember83" class="ember-view reader-content-blocks__paragraph"><strong>About the Author</strong></h2>\r\n
    <p id="ember84" class="ember-view reader-content-blocks__paragraph">A highly experienced chief technology officer, professor in advanced technologies, and a global strategic advisor on digital transformation, Sally Eaves specialises in the application of emergent technologies, notably AI, 5G, cloud, security, and IoT disciplines, for business and <a href="technology/creativity-is-driving-digital-transformation" target="_blank" rel="noopener">IT transformation</a>, alongside social impact at scale, especially from sustainability and DEI perspectives.</p>\r\n
    <p id="ember85" class="ember-view reader-content-blocks__paragraph">An international keynote speaker and author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations, and has been described as the "torchbearer for ethical tech", founding Aspirational Futures to enhance inclusion, diversity, and belonging in the technology space and beyond. Sally is also the chair for the Global Cyber Trust at GFCYBER.</p>
    """
  -user: Proxies\__CG__\App\Entity\User {#1092 …}
  -createdAt: DateTime @1703876820 {#1145
    date: 2023-12-29 19:07:00.0 UTC (+00:00)
  }
  -updatedAt: DateTime @1703876989 {#1150
    date: 2023-12-29 19:09:49.0 UTC (+00:00)
  }
  -deletedAt: null
  -category: App\Entity\Category {#445 …}
  -status: "published"
  -imageCard: Proxies\__CG__\App\Entity\File {#1184 …}
  -ImageHeader: Proxies\__CG__\App\Entity\File {#1184 …}
  -featured: false
  -mainView: false
  -clicks: 2376
  -comments: Doctrine\ORM\PersistentCollection {#1125 …}
  -reviewed_at: DateTime @1703876820 {#1148
    date: 2023-12-29 19:07:00.0 UTC (+00:00)
  }
  -metakey: "Risk Management in the Digital Age: NIS2 Compliance and Accountability Strategies"
  -metadesc: "Network and Information Systems Directive (NIS2) has become a critical framework for ensuring the cybersecurity and resilience of essential services."
  -robots: null
  -publishedAt: DateTime @1703876820 {#1147
    date: 2023-12-29 19:07:00.0 UTC (+00:00)
  }
  -canonical: null
  -superTag: null
}

"App\Controller\AppController::renderFooter"

"html"

"en"

"212458"

"App\Controller\CookieController::renderCookie"

"html"

"en"

"6e6ebc"