The first Network and Information Systems (NIS) Directive, introduced in 2016, was a key regulation that enhanced the EU’s cybersecurity posture, laying the foundation for protecting critical infrastructure and essential services from cyber threats. However, as cyber threats have evolved, so too must the regulations that protect against them. Enter NIS2—an updated and more comprehensive directive designed to address the gaps and limitations of its predecessor.

The Network and Information Systems Directive 2 (NIS 2) is a cornerstone of European cybersecurity regulation, imposing stringent requirements on critical infrastructure sectors. To ensure their resilience, NIS 2 mandates specific cybersecurity risk management measures. Let's break down these ten essential measures and understand their implications.

Cyber Essentials is a UK government-supported certification scheme that helps organizations protect themselves against cyber threats by providing a framework of basic security controls for safeguarding systems. Cyber Essentials Plus builds on this foundation by requiring a more in-depth, hands-on assessment by an independent auditor. This audit not only verifies that essential cybersecurity controls are in place but also ensures they are functioning effectively in practice.

Estimating the potential impact of a successful cyber attack may seem impossible, especially given the rapid expansion of organizations’ digital footprint (and, consequently, their attack surface). One example are attacks which pertain to the contact points between businesses and clients, such as websites and mobile apps. In particular, these assets can be cloned and used for phishing attacks.

Recognizing the indicators of insider risk before they turn into threats requires a paradigm shift in the way we operate. It necessitates moving from a reactive mode of operation to proactive. And it requires data that is continuously captured and analyzed to enable security teams to easily see patterns and anomalies and gauge the level of risk of specific behaviors.

Businesses are under an ever-increasing pressure to maintain exceptional experiences for their customers, making seamless connectivity across tools a must. This is true for industries like financial services that need to provide enhanced digital payments, or for healthcare organizations that need to share critical data across systems quickly. The need for connected infrastructures has become the norm.

Last month, my colleague Arzu Ozbek Akay shared some insights about the impact that Bitsight Groma, our next-generation scanner, is already having on our products. Today, I’m going to follow that up with an update on the momentum we’re seeing with the second core component of our data engine: Bitsight Graph of Internet Assets (GIA). As a quick refresher, GIA uses advanced graph technology and AI models to map assets to specific organizations and build Ratings Trees at a global scale.