Connect with us

Business

NIS2: how best should businesses prepare?

Steve Bradford, Senior Vice President EMEA, SailPoint

In January 2023, the European Union’s updated Network and Information Security Directive, more commonly known as NIS2, came into force. This means that EU Member States will have until 17 October 2024 to put this new law into their national legislation.  

The original NIS Regulations were introduced into national law in 2018. These currently apply to organisations that provide ‘essential services’ (think: healthcare, energy, and transportation) as well as digital service providers (for example, online marketplaces and search engines). The regulations place requirements on those organisations to ensure appropriate security measures to help manage cybersecurity risks, and they impose certain reporting obligations in the case of security incidents. 

Yet it is incontrovertible that there is an increased reliance of the economy and wider society on digital services, and this is driving ransomware attacks globally. We also live in a more connected world – ever more linked and complicated supply chains are leading to higher levels of cyber risk. In fact, 90% of companies polled in the latest IDSA survey reported at least one identity-related breach in the last 12 months, a 6% increase from last year’s report.

So, how does NIS2 fit into this evolving cyber landscape, and what does it mean for businesses?  

Comprehensive cybersecurity 

Organisations and businesses need to integrate cyber resilience into their business models and risk management strategies – and this is where the updated NIS2 directive comes in.  

NIS2 targets all public and private entities operating in the EU that are critical to the economy and society – this also includes UK companies with operations in the EU. Sectors such as healthcare, energy, transport, digital infrastructure, financial market infrastructures, the food sector, social networking services platforms, cloud computing services, data centres, and more will fall under the NIS2 directive.  

The NIS2 directive strives to deliver a broad, comprehensive, and holistic improvement of cybersecurity across the EU. Whilst much of the onus lies on governments (for example, Computer Security Incident Response Teams will be needed in each country and cross-border cooperation between those bodies for information sharing and where incidents require it), there is still a great deal for businesses to be aware of and prepare for.  

All organisations in EU member states should familiarise themselves with the requirements of the directive and begin shaping their cybersecurity strategy over the next 18 months to ensure they are both compliant and secure when the updated directive comes into force.  

Organisations will need to put policies and procedures in place for risk analysis, information system security, assessing the effectiveness of cybersecurity risk management measures, and more. Some examples of this include: companies need to ensure access is disabled when employees or contractors stop working for it, and they should also refrain from using ‘generic’ accounts (for example, accounts that are not tied to a named individual). Moreover, granting access to sensitive applications and/or data should be subject to approval and risk analysis to prevent toxic situations that could lead to fraud or data leakage.  

Coordinated risk management

NIS2 will require senior management to approve the cybersecurity risk-management measures taken and oversee their implementation. And take heed! Under NIS2, senior management can be held liable for any infringements. 

The new legislation will be far-reaching according to a new IDC report, “Identity governance will be a key to NIS2 compliance.” It will impact training, with the NIS2 directive stipulating the need for cybersecurity training and awareness for all employees, as well as for the broader ecosystem. Supply chain security will also be impacted. Recent cyber-attacks on payroll services provider Zellis and outsourcing group Capita – which have both affected multiple organisations – highlight the importance of protecting third parties. The NIS2 directive will mandate coordinated risk assessments of critical supply chains that cover critical ICT services, CIT systems, or ICT products. 

Addressing risks through identity security

Organisations often struggle to assess the efficacy of their cybersecurity measures or identify vulnerabilities that remain despite those measures. Many organisations struggle to ensure access is promptly rescinded for employees that change roles or leave the company.

Managing all these risks must be addressed through a proactive and policy-driven approach. The European Commission recommends that essential and important entities adopt zero-trust principles and identity and access management. Least-privilege access that is implicit through zero trust approaches can be fundamental to managing that access for partners and contractors.  

European organisations have until October 2024 to conduct NIS2 gap assessments and implement strategies to address the outcomes of those assessments. 

Let the implementation of the EU’s General Data Protection Regulation (GDPR) serve as a warning that European regulators are more than ready to penalise businesses that have been dragging their heels when to comes to managing data security, privacy, and cyber risk. The punishments may come in the form of regulatory penalties. Add this to the costs of operational downtime, reputational damage, customer loss, and system restoration that follow any breach, and it becomes quite clear all that is at stake for businesses.  

European organisations face an ever-growing burden of management for identities and access, for human and non-human accounts and identities, and for employees, partners, contractors, and customers. The capabilities of legacy identity security solutions are inadequate to address the volume and velocity of identity-related tasks that most organisations must now address. However, modern identity security solutions, driven by AI and machine learning, are changing the game. These enable organisations to automate identity processes and build contextual insights to improve the detection of suspicious behaviour and trigger quicker and more impactful responses.  

These benefits will be crucial as devices, bots, and all manner of other non-human identities proliferate at a much faster rate than manual capabilities can handle. Proactive and automated identity and access management should be a pillar of every organisation’s cybersecurity risk management strategy, and preparation should start today.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

The modern pay experience and the role of financial education

Attributed to Judith Lamb, CHRO at CloudPay

Despite news that salaries are on the rise, and turbulent economic conditions are still being experienced globally,  few businesses can afford to keep pace with the increase in wage rise demands that much of the workforce is seeking. But with skills shortages being felt across sectors, employers are finding they need an alternative solution to help their staff, without breaking the bank. This is why we believe offering financial education and wellness as an employee benefit can play a significant role.

Better financial benefits

There is a glaring gap in education curriculums for financial education, in the UK at least. This lack of focus in syllabuses means that providing a base level of understanding around financial management is often left to the individual or their employers. While businesses may be committed to supporting the wider skills development of their workforce, providing this guidance on what is often considered a life skill is rarely taken into account.

With the uncertain economic climate that staff continue to face, though, providing this support will be valuable to both the workforce and organisation as it will serve as a crucial attraction and retention tool. Household budgets are being stretched and over-inflated salaries won’t be a sustainable option for anyone. Any ability to make money go further will be welcomed by workers struggling to manage their finances.

It also can’t be overlooked that by improving general money management skills amongst workforces, firms can then gain from the knock-on benefit of enabling staff to make more informed decisions on a professional level as well.

A modern pay experience for modern needs

While financial education will certainly act as an advantage for the workforce, it more broadly follows the trend of providing a modern pay experience as a benefit that is growing in popularity. How and when people are paid, how they access their financial information and what control staff have over their payroll has changed significantly in the last year, and will only continue to do so.

Nowadays, people expect a consumer-like experience in more than just their shopping habits. Online banking has put greater control into the hands of individuals to manage their finances at the touch of a screen. This has translated into payroll as well, and flexibility is a key driver of this change.

While flexible working isn’t always an option or a desire for everyone, these type of benefits are. Permanent employees are questioning why they should wait for a rigid monthly pay day for work they’ve already delivered. This sentiment was certainly more widely felt in the peaks of the Cost-of-Living crisis, but is a challenge to the norm that has been picking up pace for some time.

Flexible solutions

That’s why we’ve seen solutions such as Earned Wage Access (EWA) becoming increasingly popular, largely driven by the demands of the workforce than employers themselves. Streamlining processes for firms and individuals has also become a priority in the modern world of work. Time is hugely valuable to everyone and for that reason, no one wants to wait around for the payroll or accounts teams to give them data relating to their own salaries, taxes or other documentation that they need at any given time.

Everyone is becoming more aware of how their information and data is stored and used, and no one wants to wait around to access their own personal documents when applying for a mortgage, for example. They want instant access and full control.

This demand for a modern pay experience that is underpinned by financial education or support from their employer is only going to increase in popularity. For payroll and finance teams, this really is a prime opportunity to showcase the role they can play in changing the employee experience for the better and improve recruitment and staff retention levels. But it takes a commitment to and investment in the right technology to achieve.

Judith Lamb is CHRO at CloudPay, the expert in global pay solutions

Continue Reading

Business

How will regulations effect the open banking sector?

Source: Finance Derivative

Martin Hartley – Group CCO of emagine Consulting 

Comments on the future of the open banking sector and how it will affect the UK market. 

“The UK Open Banking Sector is still primarily driven by regulation. In my view, two of the major current regulations will remain at the forefront moving forward, namely the CMA (Competition and Markets Authority), which mandated the major banks to provide open banking access to authorised third-party providers, and PSD2 (Second Payment Services Directive), which set the standards for secure data sharing. Cybersecurity regulations will only increase in importance, as will Brexit-related changes as any divergence between UK and EU standards could impact open banking.

“Over the upcoming months, increased data sharing through open banking will add crucial pressures to cybersecurity, likely creating a surge in the sector once again.

“I expect ongoing scrutiny and efforts to enhance data protection measures, potentially leading to more stringent cybersecurity regulations being adopted by businesses. I expect to see more partnerships between traditional banks and FinTechs or consultancy firms as they collaborate to enhance cybersecurity or offer innovative services to plug the gap. Conversely, there could be consolidation within the FinTech industry as companies merge to gain market share.

“When it comes to the size of the business and how it is affected, history has shown us that there are certainly positives and negatives of being an SMB when responding to new regulations. On the positive side, they can leverage their agility and they will have a more personal relationship with their customers, potentially leading to a higher level of trust. However, SMBs may face challenges due to their limited budgets and resources. The larger firms will have much larger budgets, allowing them to have more advanced IT systems and IT security, making it easier for them to integrate APIs and develop the necessary infrastructure.

“The benefits of open banking are endless, and the UK Government is showing their forward-thinking mentality in exploring the idea of implementing the technology to streamline wider services. But, much like anything, there are always pros and cons.

“Open banking would simplify payments for public services, making transactions quicker and more convenient for everyone. As it relies on APIs and authentication protocols, open banking would make payments more secure for the public and it would allow access to digital payments for members of the public who have smartphones but possibly no bank accounts. For any digital implementation, it goes without saying that we need to be aware of the risk of cyber attacks and data breaches. These, combined with the exclusion of non-tech savvy individuals, could mean that certain members of the public may not embrace the change, which poses a risk. There is also the additional cost of providing the infrastructure and this will have to be managed carefully to avoid burdening the taxpayer.

“We have already seen digital transformations in areas such as the GOV.UK Pay System and  there are two main indicators of the success of any digital implementation; adoption rates and incidents. There haven’t been any high profile incidents that have hit the headlines in recent times so that to me is a huge positive and provides a level of confidence. It would be interesting to see how many government departments and agencies have adopted GOV.UK Pay for their payment processing needs to understand the system’s usefulness and acceptance within the government. The government must be committed to continuous improvement and to ensure that the system continues to comply with regulations and consciously drives the adoption rate to hit at least 90% of government departments and agencies.

“A favourable regulatory environment will encourage more banks and third-party providers to participate in open banking initiatives, leading to growth in the UK market and positioning the nation as industry leaders.”

Continue Reading

Business

Advancing green mobility for a sustainable future

Accelerating decarbonisation, the transition to SDVs and reshaping urban ecosystems, are helping revolutionise the global automotive industry

By Amit Chadha, CEO & Managing Director, L&T Technology Services

The world is changing. There is an urgent need for a transition toward sustainable practices to combat the threat of climate change. As global temperatures rise and weather patterns evolve, achieving net-zero emissions by 2050 could still help prevent irreversible damage to our planet.

With global carbon emission levels continuing to rise at an accelerated rate, there is a growing momentum toward addressing the scenario on war footing. As the most visible source of emissions, the automotive industry, and, consequently, the future of mobility, is in focus. By helping accelerate decarbonisation, reshape evolving urban ecosystems, and redefine the global automotive industry – we can help reverse the trend and preserve our shared future.

Green mobility has emerged as a major enabler in this direction. Leading stakeholders are becoming increasingly invested in developing a deeper understanding of the multifaceted realm of green mobility and its potential to shape a sustainable future.

Accelerating decarbonisation: A global mandate

Decarbonising the transportation sector is crucial to mitigate the harmful effects of climate change. Fossil fuel-based vehicles are responsible for a substantial portion of carbon dioxide emissions, exacerbating the greenhouse effect. To accelerate decarbonisation, governments and businesses today need to prioritise the adoption of clean, renewable energy sources, such as electricity and hydrogen, for powering vehicles and other modes of public transportation.

Automakers, recovering from the impact of the pandemic and global supply chain disruptions, are therefore exploring new avenues to meet the rising demand for electric mobility. Electric vehicles (EVs), by eliminating the need for fossil fuel-powered engines, play a vital role in improving overall air quality and have emerged as a promising solution for reducing carbon emission levels. They are capable of meeting the diverse needs of all kinds of drivers and offer affordable mobility and maintenance options. Recent advancements in battery technology, including the growing availability of charging infrastructure and incentives for adoption, have led to a significant rise in the EVs popularity.

However, to achieve widespread adoption of electric vehicles, there is a need to address key issues such as battery disposal, supply chain sustainability, and equitable access to EV technology.

Reshaping urban ecosystems: Driving the frontiers of change

Urban areas are central to the momentum around green mobility transformation. As growing global populations gravitate towards cities – congestion, pollution, and limited availability of green spaces have emerged as major challenges. As a result, cities must increasingly reinvent themselves to promote sustainable mobility and improve the quality of life for their residents.

Smart technologies and vertical green systems can contribute to a reduction in the energy demands of buildings by providing shade and insulation, mitigating urban heat islands, and cooling down public spaces. They also enable carbon sequestration, a reduction in pollution levels, and improvements in biodiversity.

Implementing efficient transportation systems, such as buses and trains powered by clean energy, can further reduce individual vehicle usage, traffic congestion, and emissions. Pedestrian-friendly infrastructures, cycling lanes, and micro-mobility solutions like e-scooters and bike-sharing programs can further help promote eco-friendly transportation choices. At a macro-infra level, smart city technologies and data-driven urban planning practices are helping optimise traffic flow, reduce idling times, and minimise fuel consumption.

Integrating green mobility into urban ecosystems is therefore a win-win proposition – fostering cleaner air, enhanced mobility options, and healthier communities.

From a public health perspective, improved air quality can drive a decline in respiratory and cardiovascular diseases linked to air pollution. Healthier citizens translate to a more productive workforce and reduced healthcare costs, further strengthening the growing impetus for vehicle electrification. The shift towards vehicle electrification offers significant economic benefits, including greater job creation, enhanced research and development, and greater investments in sustainable innovations. A consequent reduction in the demand for fossil fuels, scarce in terms of availability and mostly imported, in turn, helps enhance energy security and stabilise fuel prices.

Software Defined Vehicles: Pioneering the change

The global automotive industry is at the core of driving the emerging frontiers of green mobility. Traditional automakers and new entrants are racing to produce eco-friendly vehicles, and this competitive spirit, in turn, is transforming the industry landscape.

Automakers worldwide need to embrace sustainable practices by reducing their carbon footprint during the production process and implementing circular economy principles. Moreover, investing in research and development of alternative materials and manufacturing processes can lead to lighter, more energy-efficient vehicles. The rise of autonomous vehicles presents an opportunity to optimise transportation networks, enhance traffic flow, and reduce accidents. Leveraging this technology, in combination with electric and shared mobility solutions, can lead to a more sustainable and efficient future for transportation.

Software would play a key role in this direction, delivering a streamlined passenger and driver experience paradigm while ensuring conformity with the evolving regulatory standards. With Software Defined Vehicles (SDVs) increasingly constituting a focus area for major automakers worldwide, the future would witness a greater demand for digital engineering services to unlock new value streams.

The importance of ecosystem partnerships

Automotive industry stakeholders are already working with ER&D partners who can deliver across the value chain and understand each of the key parameters in the EV/SDV ecosystem. However, approaching separate vendors for product conceptualisation, design and development, testing, maintenance, manufacturing and after-sales support can increase costs and complexities.

An ER&D partner, equipped with multi-industry expertise, digital engineering capabilities, and a co-innovation commitment, can help drive transformation initiatives for transportation enterprises, overcoming technology constraints with cross-vertical learnings. Leveraging global delivery capabilities, the partner can also provide computing models that consume less energy, boost performance, and optimise data-led algorithms. In addition, they can enable scalable software stacks that leverage sensors and physical components to provide the safety and performance that electric vehicles need.

ER&D companies are also increasingly being called upon to help redefine focus areas with software, ensuring third-party integration, driving feature deployment, enabling CloudOps and fast over-the-air updates. The rising complexities within the connected car landscape further call for adopting software-defined designs that can overcome multi-layered challenges – ranging from development to subsequent deployment, maintenance, and updates.

A multi-stakeholder approach

Achieving the goal of green mobility demands collaboration among various stakeholders. Governments play a crucial role in enacting policies and regulations that incentivise the adoption of sustainable practices and technologies. Subsidies for EVs, emission standards, and urban planning regulations are some of the ways governments can drive the transition towards greener mobility.

Private sector involvement is equally critical. Corporate sustainability initiatives, investment in research and development, and partnerships for innovative mobility solutions can accelerate the transformation. Additionally, consumer awareness and support for eco-friendly practices are essential in shaping market demands and influencing business decisions.

Advancing green mobility is a pivotal step towards a sustainable future. By accelerating decarbonisation, embracing the transition to SDvs, reshaping urban ecosystems, and revolutionsing the automotive industry, this can combat climate change on a significant battleground. The collective efforts of governments, industries, and individuals are crucial in driving this transformation.

Embracing green mobility is therefore not just about reducing emissions, but rather, about fostering a healthier, cleaner, and more resilient world. It is about our common future –striving together toward a prosperous, inclusive, and sustainable tomorrow.

Continue Reading

Copyright © 2021 Futures Parity.