Technology

The $373,000 RM65-01 McLaren W1 timepiece has the most complicated automatic movement the brand has ever produced.

Apple's second-gen stylus is now available for just a dollar more than its lowest-ever price.

With less than a month away before the updated landmark Network and Information Security (NIS2) Directive deadline, organizations across the EU are preparing for the new regulation to come into full force on the 17th October. However, it doesn’t stop there. On the 17th January 2025, the new Digital Operational Resilience Act (DORA) will also come into effect for financial organizations and the sector’s third-party IT suppliers.

Organizations across the EU, and those based elsewhere that do business with the region’s entities, are facing increasing pressure to align with these regulatory requirements. The convergence of these frameworks looks to impact over 170,000 European organizations in total — with 150,000 organizations affected by the NIS2 and estimates suggesting over 22,000 financial entities and ICT service providers impacted by DORA.

What are NIS2 and DORA?

NIS2 aims to provide comprehensive EU-wide legislation on cybersecurity. It expands the scope of the NIS Directive and introduces stricter security requirements for 18 sectors of business. Similar to the General Data Protection Regulation (GDPR), NIS2 will work to bridge cybersecurity measures and approaches across organizations to help fortify European digital infrastructure.

DORA is a sector-specific directive for financial institutions, targeting their approach to operational risk. DORA has two clear objectives. Firstly, to tighten IT risk management across the financial services sector. Secondly, to harmonize current IT risk management regulations already in existence across EU member states.

DORA leaves no room for discretion at the member state level, while NIS2 is a directive that allows countries to develop rules based on their specific national needs.

Compliance strategies for NIS2 and DORA

While it might seem a lot to put on businesses that are already struggling in a rocky economic situation, regulations such as these are brought about in response to the growing threat landscape, and implementing the changes required will bring new opportunities to enhance cyber resilience and overall security posture. To take advantage of these opportunities and stay ahead of the incoming regulations, below are nine compliance strategies organizations must adopt:

Comprehensive risk assessment: Organizations should conduct a thorough risk assessment that covers the requirements of both NIS2 and DORA. This should include identifying critical assets, assessing potential threats, and evaluating the impact of various risk scenarios. A unified risk assessment approach helps in identifying common vulnerabilities and developing a streamlined mitigation strategy.

Education and training: Due to limited resources, organizations often find themselves particularly vulnerable to cyber threats. But even when resources are limited, businesses can implement continuous training and awareness sessions, as well as create and implement well-defined security measures. With this regular training, organizations can foster the necessary culture for compliance and security awareness.

Adopting a shared responsibility model: In recent years, cybercriminals have advanced their tactics, putting businesses under immense pressure to act quickly. A way to address these concerns is to adopt a shared responsibility model to ensure security policies and practices are up to date and applied evenly across organisations – leaving no stone unturned. An active compliance strategy starts with clearly defined roles, responsibilities and objectives documented within corporate policy, in line with the NIS2 and DORA directives.

Integrated incident reporting: Organizations need to put in place a coherent, unified incident response plan to meet the requirements of both NIS2 and DORA, given they both mandate incident reporting mechanisms. This includes streamlining communication channels effectively, transparent communications with consumers and ensuring timely reporting to relevant authorities.

Making cybersecurity a core value: Security leaders must work hard to demystify cybersecurity and demonstrate how a few behavioral changes can protect the whole organization in line with NIS2 and DORA. It is the responsibility of senior leadership teams to embed security and privacy across data-related initiatives from the start.

Cross-framework governance: Firms must consider creating dedicated compliance teams or integrating responsibilities into existing risk management functions to oversee compliance in accordance with multiple frameworks. In creating a clear governance structure, organizations can maintain consistency – avoiding duplication of efforts and ensuring accountability.

Cyber resilience testing: There is no compliance without regular testing of systems and processes. Organisations must develop a comprehensive testing schedule that includes penetration testing, red teaming and business continuity exercises to meet the requirements of both NIS2 and DORA. Organizations must align their testing procedures with the frameworks’ requirements to ensure a more resilient security posture.

Leveraging technology: To facilitate compliance management, firms must utilize and imbed technological solutions into their overall security strategy. This includes data-led solutions for risk assessment, incident management and resilience testing. To ensure more accurate reporting, automated solutions must be considered to help streamline processes and reduce manual efforts.

Developing trust and transparency: For trust to exist, organizations must, in line with NIS2 and DORA, share how the business handles data and personal information including how it is secured. Providing this information will go a long way in empowering wider cybersecurity initiatives. A robust security response extends far beyond data protection, it encompasses regulators, employees, consumers and more. Therefore, ongoing compliance can mean the difference between a necessary evil and a trusted partner.

Turning compliance challenges into opportunities

As the deadlines for NIS2 and DORA approach, adopting a unified approach to risk management, incident reporting, resilience testing, technology and more, can help organizations navigate the regulatory landscape effectively. The goal is not just to comply with these frameworks but to leverage them as catalysts for enhancing overall security posture and operational resilience.

We've listed the best network monitoring tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The education sector continues to be plagued by malicious threats, with new research from Microsoft claiming nearly half (43%) of UK higher education institutions experience weekly breaches or cyberattacks.

The company's latest Cyber Signals Report claims Universities are prime targets for malware, IoT vulnerabilities, and phishing - with an average of 2,507 cyberattack attempts per week according to the report.

This makes education the third most targeted industry for attacks, behind manufacturing and consumer retail.

A high price

The report identified email systems and networks as a vulnerability for universities since they offer wide spaces for compromise. The need for constant communication both within and outside of the school networks leaves space for external user attacks.

Since higher education facilities hold sensitive information on students and staff but don’t have huge cybersecurity budgets, they have become an attractive target for threat actors who look to exfiltrate the data for ransom.

Recent research shows schools and universities are paying higher ransoms than ever before, with over two-thirds (67%) of IT leaders working in higher education reporting ending up paying more than what hackers originally asked for.

“Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” said Chester Wisniewski, Director at Sophos.

Microsoft’s research also uncovered nation state actors which have targeted education institutions. For example, Iranian state actors such as Peach Sandstorm and Mint Sandstorm have both been observed to use social engineering attacks.

“The types of threats that we’re seeing, the types of events that are occurring in higher education, are much more aggressive by cyber adversaries,” commented Davis McMorries, Chief Information Security Officer at Oregon State University.

In particular, around 15000 malicious QR code emails target the industry every day.

More from TechRadar Pro

• Take a look at some of the best antivirus software
• Microsoft warns US healthcare of threat actor using new ransomware
• Check out our pick for best malware removal software

If you're looking to get set up with ACA health coverage, the time is nearly upon you.

Here are the answers for The New York Times Mini Crossword for Oct. 11

Musk says the fully self-driving vehicle will go into production "before 2027."

Tesla's Elon Musk shows latest Tesla Optimus Robot dancing and tending bar at the 'We, Robot' event.

At Tesla's 'We, Robot' event in Los Angeles, CEO Elon Musk unveils CyberCab, a fully autonomous car for less than $30,000. In addition, he reveals Robovan, a 20 passenger vehicle and new updates to its humanoid robot, Optimus.

Elon Musk unveils the new Tesla robovan, an autonmous shuttle capable of transporting 20 people.

At Tesla's 'We, Robot' event in Los Angeles, CEO Elon Musk unveils CyberCab, a fully autonomous car designed to taxi people without the need for a driver. The car is expected to cost less than $30,000.

At a media event this evening, Tesla CEO Elon Musk showed off the company's new Cybercab and shared some details about Tesla's plan to launch its own robotaxi service.

Here are some hints — and the answers — for Connections No. 488 for Oct. 11.

Here are some hints, and the answers, for the Oct. 11 Strands puzzle, No. 222.

Here are some hints and the answer for Wordle No. 1,210 for Oct. 11.

You can still save on Eve smart home products with these remaining Amazon Prime Day discounts.

Uber is turning to OpenAI and ChatGPT to help push the adoption of electric vehicles (EV) by its drivers. The ride-share company announced the new AI assistant at the Go Get Zero sustainability conference in London among several other green initiatives. Uber will employ OpenAI's GPT-4o model, the same one undergirding ChatGPT, to create a guide for drivers along the road toward where they are confident and comfortable behind the wheel of an EV.

The idea of AI as a personal automotive concierge makes sense, considering the complexities of switching away from gas cars. That means the AI will adapt to the user, tailoring its answers around how to buy and take care of an EV to who is asking. The AI will come packed with data about purchase prices, how to charge and maintain the car, and other useful information unique to EVs. 

The AI will also adjust its responses to match where the driver lives. Geography matters since many states, cities, and other locales have incentive programs to entice people into switching to electric cars, but they are far from uniform. The same goes for mapping out charging stations that the drivers can rely on should their battery run low. A Californian Uber driver might regularly discuss the state rebates and tax credits they earn for getting an EV, while, at the same time, an Uber driver in New York asks the assistant about discounts at nearby charging stations.

Uber AI

Uber isn't going to limit the AI to talking about electric cars forever. The company said it will widen the types of questions the AI can answer and the data sources it pulls from later in 2025 in order to make the AI more flexible and useful in more circumstances.

Personalizing a specialized AI assistant like this may end up seeming inspired as an approach should it pan out. Still, it's a lot less daunting to learn about EVs through a conversation with an AI than trying to plow through a lot of often complicated technical and regulatory documents. The ChatGPT-based AI companion also fits with Uber's more extensive list of new and upcoming features to encourage EV adoption like letting riders specifically request an EV and matchmaking EV Uber drivers with those considering it to answer any questions the AI couldn't.

For OpenAI, it's another milestone in expanding into the automotive AI space. Voice assistants are a common feature in modern vehicles, and ChatGPT's models are powering a growing number of vehicular AI assistants. Volkswagen began embedding ChatGPT in its cars on a wide scale last month. The upgraded Ida voice assistant leverages OpenAI's model to be more conversational and handle a broader array of requests than had been previously feasible. Between VW, Uber, and experiments from Mercedes-Benz and other carmakers, OpenAI has a shot at heavily influencing how we engage with the next generation of car AI assistants. 

You might also like...

• ChatGPT gives Volkswagen cars the smarts to talk to you all day long
• Mercedes-Benz is bringing ChatGPT into cars for the first time
• ChatGPT won't let you give it instruction amnesia anymore

Amazon Prime Day is over, but there are still live deals that can help you save on accessories like these sturdy Torras phone cases.

If you're finding it hard to keep up with your savings strategy, you might need a new approach. These tips can help.

If you're looking for reliable internet providers in Douglasville, these are our top picks.