What is Attack Surface Management?
April 29, 2025
The NIS2 (Network and Information Systems) Directive, effective since January 16, 2023, marks a significant shift in the European Union’s approach to cybersecurity. Expanding the scope to include more sectors and companies, it aims to bolster the resilience of critical infrastructures against cyber threats. With its implementation deadline set for October 17, 2024, businesses need to be proactive in understanding and complying with its requirements.
Energy (Electricity, Oil, Water, Hydrogen)
Post and Courier Services
Healthcare (Hospitals, Laboratories, R&D, Pharmaceuticals, Medical Device Manufacturers)
Waste Management
Transport (Air, Rail, Water, Road)
Chemical Products
Drinking Water
Manufacturing/Manufacturing Industry
Sewage
Digital Services (Online Marketplaces, Search Engines, Social Networks)
Digital Infrastructures (IXPs, Cloud Providers, Data Centers, CDNs, TSPs, Electronic Communications)
Research
ICT Service Management in B2B
Space Travel
Public Administration (Central Government, Regional Government)
The requirements of the NIS2 are legally binding on the entities that fall under its purview. Member States have the discretion to penalize non-compliant entities with dissuasive penalties as well as administrative fines. In general, essential entities that fail to comply with its directives may be fined up to €10 million or 2% of their total turnover worldwide – whichever is higher. Important entities that fail to comply with the NIS2 may be fined up to €7 million or 1.7% of global turnover. In addition, non-compliant companies may be forced to suspend their business activities until they meet the NIS2 requirements and achieve 100% compliance.
24/7 Monitoring: MDR provides constant vigilance, ensuring cyber threats are detected and addressed promptly. This is crucial for essential entities that cannot afford downtime.
Skilled Incident Response: MDR offers expert assistance to help you respond to and remediate cyber threats, reducing the risk of damage to your systems and ensuring compliance with NIS2.
Broad Coverage: MDR protects all digital assets, from servers to IoT devices, helping you comply with NIS2’s extensive protection requirements.
Compliance Reporting: MDR generates comprehensive reports on cybersecurity measures, demonstrating your adherence to NIS2 requirements.
The NIS2 Directive emphasizes the responsibilities of competent authorities for supervision and enforcement. Key measures include regular and targeted audits, on-site and off-site checks, requests for information, and access to documents or evidence.
NIS2 interacts with the CER Directive and the DORA, focusing on the physical and cyber resilience of critical entities. National competent authorities under both directives must cooperate and exchange information on risks and incidents. The NIS2 Cooperation Group will regularly meet with the Critical Entities Resilience Group, and the DORA addresses cybersecurity risk management and reporting obligations in the financial sector
NIS2 aims to improve cyber risk management through clear responsibilities, appropriate planning, and increased EU cooperation. It requires Member States to appoint national authorities for cyber crisis management, introduces large-scale cybersecurity incident and crisis response plans, and establishes the EU-CYCLONe network for managing large-scale cybersecurity incidents and crises
NIS2 mandates that all companies address a core set of cybersecurity risk management policies, including incident handling, supply chain security, vulnerability handling, and the use of cryptography. It introduces a multi-stage approach to incident reporting, requiring companies to submit an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month
ForeNova’s experts share valuable insights, best practices, customer challenges and industry trends. Learn from security practitioners and thought leaders on how to best protect your business from new and persistent cyber threats.
