Featured Story
Belgium Sets the Standard: First Member State to Fully Implement New European Rules on Cyber Security (NIS2)
Belgium is the first European member state to fully implement the new NIS2 legislation, requiring at least 2,500 organizations to register and begin compliance. The European Network and Information Security Directive aims to increase cyber resilience and reduce incidents like ransomware and data theft by enforcing stronger protections, including 2FA and vulnerability mitigation measures.
Belgium’s leadership in adopting NIS2 sets a powerful precedent. While it gives local organizations a competitive edge in resilience, it also places pressure on them to meet stringent new cybersecurity obligations. The early adoption window is ideal for organizations to get ahead of regulatory scrutiny by aligning security practices and investing in proper tooling.
Other Stories
Multiple Critical Vulnerabilities Impact GitLab CE and EE
Two critical and three high-severity vulnerabilities were disclosed in GitLab Community and Enterprise Editions. These flaws affect core DevOps operations and may result in unauthorized access, code execution, or data integrity violations.
GitLab’s widespread use in CI/CD pipelines makes these flaws especially serious. Organizations should apply security patches immediately and review any anomalous activity in GitLab logs to detect past exploitation attempts.
Despite Massive Security Spending, 44% of CISOs Fail to Detect Breaches
Despite $215 billion in projected security spending this year, 44% of CISOs admitted failing to detect breaches with current tooling. Blind spots, particularly in encrypted and lateral traffic, continue to hinder detection capabilities. Concerns around AI-powered threats and lack of observability are growing.
More tools don’t equal better security. This study highlights the need to streamline and tune security stacks with real visibility in mind. The Approach Cyber team can help optimize solutions for detection efficacy—not just compliance checkboxes.
Most Organizations Still Unprepared for Post-Quantum Threat
Entrust’s new report reveals that a majority of organizations have yet to begin preparation for post-quantum encryption, despite NIST’s official release of PQC standards in August. Only 36% are actively planning for implementation, while others remain in testing or unaware of urgency.
Post-quantum cryptography may feel like a distant risk, but long-term data confidentiality is at stake. CISOs should consider their current encryption methods and prepare a roadmap toward quantum-safe alternatives now, before legacy data becomes exposed in the future.
70% of Exploited Flaws in 2023 Were Zero-Days
Mandiant reports that 70.3% of vulnerabilities exploited in 2023 were zero-days. This marks a sharp rise from prior years, highlighting how threat actors are increasingly targeting unpatched, undisclosed flaws to gain early access and persist undetected in systems.
The patch gap is getting narrower—and more dangerous. Organizations should prioritize threat hunting and behavior-based detection alongside timely patching to stay ahead of zero-day weaponization.
Contact the Approach Cyber SOC team for tailored support and training programs.
