应对监管挑战——理解NIS2 DORA和CRA.pdf

《应对监管挑战——理解NIS2 DORA和CRA.pdf》由会员分享，可在线阅读，更多相关《应对监管挑战——理解NIS2 DORA和CRA.pdf（25页珍藏版）》请在三个皮匠报告上搜索。

1、Classification:InternalNavigating the EU Regulatory LandscapeApril 2025ww w.n vi s o.e uMaxim Deweerdt,Principal SANS Instructor and NVISO Senior ManagerPieter Batsleer,NVISO Senior ManagerClassification:InternalObjectives1.Review some of the most prevalent cyber threats aimed at Industrial and R&D

2、players and typical measures implemented in response2.Provide a short overview of cyber security regulation and implementation challenges,which drive the cyber security plans3.Highlight some of the key challenges cyber security teams are facing while achieving compliance,and how these can be overcom

3、eClassification:Internal3Threats Drive Regulatory Evolutions Part 1:High Level Threat LandscapeClassification:InternalEvolving threat landscapeThreatsBreach trends due to two conflicting factorsMedian Dwell Time Detection capabilities(technology,people&processes)have massively improved;Ransomware&ot

4、her extortion attacks are completed in 5 days on average;they represent 1/3rd of all attacks54%of breachesdiscovered by externals99Days in 201621Days in 202110Days in 2023106Days in 201648Days in 202122Days in 2023Source:Mandiant M-Trends 2024Source:Verizon DBIR 2024;Mandiant M-Trends 2024We are get

5、ting better at detecting breaches,however the speed in which a breach occurs increases as well.Breaches are detected more quickly GlobalEMEA4Classification:Internal are used for Evolving threat landscapeThreatsMost common attack patterns5Source:2024 Data Breach Investigations Report Verizon Figure 6

6、6 Ransomware is the top attack vector for this sector,entering primarily through system intrusion or social engineering.Social Engineering like phishing,deceptive calls,and in-person interactions are is also crucial in fraud cases,with Business Email Compromise(BEC)or leading to data theft.User and