Ready for NIS2? Cyber Threat Intelligence is a Powerful Route to Compliance.

NIS, or the Network Information Systems Directive, is getting an update this year, and by the 17th of October 2024, organizations in member states in the EU will need to be fully compliant with its second iteration, NIS2. The stakes are high, as for the first time, NIS2 introduces personal liability for companies who fail to comply with the requirements. Fines are distinguished by whether a business is considered an essential or an important entity, and could reach as much as €10M or 2% of global annual revenue, whichever is higher.

The scope of NIS2 is also wider than the original regulation. Essential and important entities have been expanded from mainly critical infrastructure such as financial services and healthcare to include IT and security service providers, research organizations, and all digital providers. According to NIS2 regulations, these entities will need to “take appropriate and proportionate technical, operational and organizational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimize the impact of incidents on recipients of their services and on other services.”

This article will look at how Cyber Threat Intelligence (CTI) can support organizations in meeting what NIS2 calls the “all hazards approach” to protecting network and information systems. We will cover the ten minimum requirements laid out for covered organizations, and explain how CTI can contribute to attaining and exceeding compliance ahead of the deadline.

1. Risk Analysis and Information System Security

CTI platforms enhance threat visibility across the organization. Sophisticated Cyber Threat Intelligence allows organizations to act ahead of time and derive intelligent insights that support the business in proactively identifying threats. CTI includes:

• Vulnerability Intelligence: Ongoing monitoring and analysis of emerging threats and vulnerabilities from diverse sources. These include surface, deep, private, and dark web sources, providing a complete vantage point that is crucial for identifying vulnerabilities before exploitation.
• Strategic Security Policy Development: NIS2 specifically cites the need for implementing policies for risk analysis and information systems security. CTI is a strategic approach to creating more informed policies and protocols for comprehensive security, targeted at the threats most likely to impact the organization.
• Targeted Threat Intelligence: Your organization can use CTI to analyze the tactics, techniques and procedures (TTPs) of attackers, view detailed insights into specific threat actors and their campaigns as well as access geopolitical intelligence on events that influence the landscape. Together, this supports you in predicting and mitigating attacks.

2. Incident Handling

Incident handling and crisis management processes are an important part of NIS2 compliance. Your organization can move out of fire-fighting mode and into proactive support with the help of a CTI platform. Highlights include:

• Proactive Vulnerability Management: By monitoring discussions in underground forums and marketplaces on the dark web, CTI uncovers near-term exploitable vulnerabilities so that organizations can patch or mitigate vulnerabilities ahead of an attack.

• Campaign Detection: Attacks such as Business Email Compromise (BEC) and Spear Phishing target executives who have the greatest access. As CTI provides insights into these campaigns ahead of time, executive communications can be shored up to prevent harm.
• Regulatory Compliance and Breach Notification: NIS2 mandates early warning of an incident to be reported within 24 hours, and a full incident notification within 72 hours. CTI enables organizations to gather all the necessary details to comply with the relevant CSIRT within the required timelines.
• Root-cause Analysis: For a full understanding of a significant incident, CTI contributes detailed reports about the methodology and tools utilized by the threat actors. Understanding the root cause is essential for effective remediation and helps to reduce the likelihood of a recurrence or follow-up attack.

3. Business Continuity

In this category, NIS2 is looking to see robust disaster recovery processes, and how your organization will respond in a crisis, to manage a resilient return to business as usual. In the case of an attack, visibility is everything. A modern CTI platform will offer:

• Early Identification: The faster you can uncover an attack, the easier it will be to recover. CTI monitors a wide array of channels where stolen data such as personally identifiable information (PII) and intellectual property (IP) are traded. With early detection, organizations can initiate swift containment measures.

• Remediation Planning: Structured remediation plans are included in sophisticated CTI platforms, and outline steps for addressing identified threats. Plans help organizations understand and report on the severity and implications of the threat, ensuring that response efforts are both swift and effective.
• Informed Decision-Making: It can be hard to know whether an incident is “significant” according to NIS2 guidelines, or what the smart response is for optimal business resilience while reducing risk. Detailed intelligence about the nature of the attack reduces time to remediation while helping to prioritize all necessary action.

 4 and 5.  Supply Chain Security and Network and Information Systems Acquisition

These two directives cover governance around third parties, looking at security policies and procedures that concern the relationships between your organization and its direct suppliers and service providers, as well as in network and information systems acquisition. CTI is well placed to support the following:

• Third-Party Risk Monitoring: NIS2 puts the responsibility on you to centrally monitor risk across your supply chain, a key benefit of CTI. Through continuous intelligence gathering, CTI assesses the security posture of third-party vendors and supply chains, identifying indirect threats to the organization.
• Acquisition Intelligence: When taking on new systems and networks, vulnerability handling is critical. CTI provides the vantage point to look at a potential acquisition and view previous or potential breaches, search for essential IP on the web, and uncover the likelihood of a future attack.
• Smart Integrations: Integrating with existing systems and tools, CTI ensures that protective technologies such as intrusion detection systems (IDS) and security information and event management (SIEM) are finely tuned to current threat landscapes – a single view across the business and its dependencies.

6. Assessing Effectiveness of Security Measures

How effective are your risk and vulnerability management processes? Validating that your approach is working is a core element of NIS2 compliance – and fines and penalties may be dictated in part by how robust you have proven your processes to be. With CTI in place, this can be demonstrated by features such as:

• Future Attack Prevention: A robust CTI platform will gather the post-incident intelligence to show that you are continually assessing the effectiveness of your policies and processes. This includes identification of any residual threats, and integrating new Indicators of Compromise (IoCs) into security systems.
• Continuous Monitoring and Verification: With CTI, you can be sure that you’ve contained an attack, and that there are no residual risks left unnoticed, as CTI tools continue to monitor the organization’s systems moving forward. This also ensures the integrity of the business’ assets are maintained.

7 and 8. Cyber Hygiene Including Cybersecurity Training,  and Cryptography and Encryption

It’s your responsibility under NIS2 to implement basic cyber hygiene across the organization, including shoring up gaps in education and training, and making certain that data is encrypted where necessary. CTI provides a full view of the entire attack surface, which can help with:

• Attack Surface Discovery: With a detailed map of the attack surface from the perspective of potential attackers, CTI supports the organization in identifying unsecured and unmanaged entry points and vulnerabilities — offering a clear view of what attackers see, and where cryptography and encryption should be implemented.
• Threat Actor Profiling: As CTI offers deep profiling and threat insights into the mindset of the attacker and the risk landscape, organizations can anticipate future threats against their business, and educate, train employees, and create policies accordingly.  

9 and 10. Asset Management/Control and Authentication

NIS2 specifically calls out security for human resources, access control policies, and asset management as part of the minimum requirements for NIS2 compliance. Organizations should make sure they are using multi-factor authentication or continuous authentication, and securing all communications. When it comes to asset management, CTI can provide:

• Detection of Unauthorized Asset Access: With a sharp eye on Cybercrime-as-a-Service across multiple channels, and a continuous view into the sale and usage of infostealers , CTI helps to detect unauthorized access to assets, allowing organizations to immediately respond and prevent business harm.
• Monitoring of Compromised Assets and Identities: CTI allows you to continually monitor leaked credentials and stolen accounts with full visibility into criminal activities and the latest TTPs and threat groups. With insight into a wide range of platforms including the dark web, you can ensure immediate incident response to mitigate the risk of credential leakage at the earliest stages.

Cyber Threat Intelligence is a Smart Strategy for NIS2 Compliance

You only have until October 2024 to be fully compliant with NIS2 regulations, and if you want to meet the minimum requirements, you can’t afford to leave CTI out of your strategy. It provides a thorough picture of your entire attack surface, enabling benefits across risk analysis, incident handling, supply chain security, business continuity, and much more.

With a sophisticated Cyber Threat Intelligence platform like KELA, your business can strategically ensure that you’re working towards NIS2 compliance. Start your free trial now and see how it works for yourself.