Threat Research Security Analytics
In 2016, the NIS Directive emerged as a response to the increasing frequency, sophistication, and impact of cyberattacks targeting critical infrastructure and essential services across the European Union (EU). However, over the past eight years, technological advancements have accelerated growth and improved efficiency for many organizations. This progress has also inadvertently expanded the landscape for cyber adversaries to exploit. To combat these challenges, the EU implemented the NIS2 requirements in January 2023, reinforcing the importance of consistent cybersecurity measures and the enhancement of resilience for businesses throughout the EU.
The following are some the core threat vectors that have driven this change:
Ransomware as a Service: The 2024 Verizon Data Breach Investigations Report (DBIR) report explains that in 2023, ransomware was involved in 32% of all data breaches across industries, with extortion techniques accounting for 9% of breaches. Ransom demands often ranged from a few thousand to over $1 million, with ransomware attacks costing businesses globally over $20 billion in 2022 alone as detailed in the 2024 Gurucul Insider Threat Report.
Nation-State Threats: Geopolitical tensions have further exacerbated the threat landscape. State-sponsored groups frequently target critical infrastructure, exploiting vulnerabilities in sectors like energy, finance, and public administration. The 2024 DBIR found state-sponsored espionage incidents rising to 7% of breaches.
Supply Chain Attacks: Most critically, supply chain attacks have become a significant cybersecurity concern, with 15% of breaches in 2023 involving vulnerabilities within third-party networks – a 68% increase from the previous year. These attacks often exploit weak links in partner systems, as seen in the MOVEit breach, which compromised over 8,000 global organizations through exploited software vulnerabilities. The growing complexity of IT environments further enhances these risks, with many organizations relying on third-party providers that may lack robust security measures.
The Adoption of AI: The emergence of generative AI has introduced new risks as well. Enabling cybercriminals to refine phishing campaigns, create sophisticated malware, and exploit vulnerabilities faster than ever. As AI adoption grows, these technologies amplify cyber criminal capabilities, with 65% of security leaders envisaging an exponential increase in the use of offensive AI in 2025.
Mandatory public disclosures really underline the scale of this threat. Between 2022 and 2023, 10,626 confirmed data breaches were reported, a record high across 94 countries. The public sector accounted for 25% of attacks, followed by finance and manufacturing, underscoring the broad industry impact according to the DBIR report.
NIS2 widens the range of covered sectors, including energy, transport, healthcare, and digital infrastructure. Medium and large organizations in these industries are now obligated to comply. This extended coverage ensures more entities adopt robust consistent cybersecurity practices. Helping to leverage further resiliency in organizations and their supply chains throughout Europe.
To meet NIS2 requirements, the directive has expanded its scope to include organizations classified as “essential” or “important”, spanning both public and private sectors. Classification into these categories is determined by the organization’s size and sector.
The key takeaways of NIS2 are centered on:
NIS2 requirements emphasize the need for comprehensive audit trails following a breach. A core part of Gurucul’s Next-Gen SIEM is User and Entity Behavior Analytics (UEBA). Utilizing machine learning and AI to first establish a baseline of activity across users, devices, and systems. Then understand anomalies through in-depth analysis of behavioral patterns. This capability enables the platform to generate comprehensive audit trail by maintaining detailed logs of activities. These baselines provide a reference point to detect deviations that may indicate potential threats, such as insider activity or compromised accounts. By delivering precise and actionable insights, Gurucul ensures organizations maintain robust auditability and compliance with NIS2 requirements.
These logs provide a transparent record of system and user activities, essential for compliance audits and forensic investigations.
By providing these capabilities, Gurucul enables organizations to maintain the detailed audit trails mandated by the NIS2 Directive, thereby enhancing transparency, accountability, and compliance in their cybersecurity practices.
There is an underlying emphasis for any organization under NIS2 requirements to work toward continuous cyber resilience. This mandate pushes organizations to understand their environment and strive toward a program of improving their mitigation and recovery workflows. Gurucul’s threat mitigation combine advanced analytics with real-time risk scoring to proactively address security threats, playing a pivotal role in supporting NIS2-driven resilience. The platform assigns dynamic risk scoring for users, entities, and devices based on factors like behavioral deviations, access patterns, and system vulnerabilities. So, for example, high-risk scores can trigger automated responses, such as isolating assets or escalating alerts. While more detailed playbooks can be implemented for more comprehensive strategies. By design Gurucul’s intuitive dashboards provide clear, actionable insights into risk levels. Helping security teams prioritize threats and implement targeted mitigation strategies efficiently in line with NIS2.
NIS2 places responsibility for cybersecurity at the executive level. Gurucul supports this by offering customized executive dashboards that deliver high-level insights into security performance, compliance status, and emerging risks. These tools empower leaders to make data-driven decisions, demonstrate accountability, and foster a culture of cybersecurity awareness across the organization. Additionally, automated compliance tracking ensures senior executives have real-time visibility into gaps or progress toward meeting NIS2 requirements.
The NIS2 Directive mandates continuous education in cybersecurity for personnel at all organizational levels. Gurucul’s Subject Matter Expert (SME AI) uses natural language to allow any user to conduct searches, understand threats or risk or produce reports, using simple language. Additionally, each AI-driven anomaly is accompanied with detailed insights, helping analysts answer the key questions during an investigation. These insights enable seamless communication across all levels, ensuring a shared and comprehensive understanding of the threats and risks involved.
The evolving threat landscape has made robust cybersecurity measures a necessity, not a choice. The NIS2 Directive, introduced in January 2023, addresses the challenges posed by modern cyber threats, from ransomware to AI-driven attacks. By mandating enhanced risk awareness, streamlined incident response, audit trails and continuous training, NIS2 aims to fortify organizations and their supply chains across the EU.
Gurucul’s advanced security analytic platform REVEAL aligns seamlessly with NIS2 requirements, offering AI-powered threat detection, risk scoring, and intuitive dashboards to empower organizations. With tools designed to enhance visibility, automate responses, and foster a culture of cybersecurity awareness, Gurucul helps organizations not only comply with NIS2 but also achieve a higher standard of resilience.
As the cybersecurity landscape continues to evolve, investing in adaptive, AI-driven platforms like Gurucul ensures that businesses can effectively mitigate risks, respond to incidents, and build a secure future.
Learn how Gurucul can protect you. Request a demo today!
About the Author:
Randeep Gill is a Senior Solutions Consultant at Gurucul with nearly 20 years of experience in cybersecurity. He brings a wealth of knowledge in sales engineering, consultancy, and security strategy. His career includes key roles in a Security Operations Center (SOC) for a global service provider, as well as positions at leading cybersecurity vendors. Randeep has been involved in numerous successful cybersecurity initiatives, focusing on advancing organizational maturity through education and helping teams effectively identify and mitigate security risks. His primary goal is to enhance the security posture of organizations through thought leadership and the implementation of innovative technologies.