Navigating NIS2 With Cyber Resilience Strategy
“As an essential service, Viatel Technology Group has already fallen under the criteria for the first NIS Directive. Our focus on continuous improvement in the areas of ISO27001 compliance and building our own cyber resilience have ensured that we are well positioned when it comes to what will be required from the NIS2 directive. However, one of the key changes that come with NIS2 is ultimate accountability. There are some very serious consequences for those who don’t meet the mark.
For the many companies falling under NIS for the first time when it comes into effect on 17 October 2024, we are more than happy to share our experience and our ongoing journey with you. Below, we have outlined what you can expect from the changes, what sectors are within the scope of NIS2 and areas of focus for your cyber resilience strategy in 2024.”
Eilish O’Connor
CTO, Viatel
What is NIS2?
NIS2 aims to improve the level of cybersecurity within EU member states in various ways. The Directive strengthens imposed security requirements, focuses on addressing supply chain security (the production or supply chain), streamlining reporting obligations, tightening supervisory measures and introduces enforcement requirements with harmonised sanctions in all Member States. The importance of information sharing and (inter)national cooperation in crisis management is also addressed.
What is NIS2 trying to achieve?
The European Union (EU) introduced the first Directive on Network and Information Security (NIS Directive) in 2016. Although this European directive has ensured greater coherence within the EU in the field of network and information security, according to the European Parliament, cyber resilience must be increased even further to protect society. With increasing digitisation and large numbers of cyberattacks, the NIS Directive now has been revised and improved. The NIS2 Directive will have a wider reach and focus on more sectors.
What Sectors are Within the Scope of Nis2?
The Department of the Environment, Climate and Communications outlines that NIS2 will apply to organisations working within 12 key sectors. Companies under the NIS2 remit will have more than 50 employees and an annual turnover of over €10 million, although smaller organisations may be included if they are judged to be critical for a member state to function.
NIS2 will affect organisations working within the following sectors:
- Energy (including electricity, oil, gas, and hydrogen)
- Transport
- Banking and financial markets
- Healthcare
- Drinking and wastewater
- Digital infrastructure (including telecom, DNS, cloud, and trust services, as well as data centres)
- Digital services (including search engines, online markets, and social networks)
- Space
- Postal and courier services
- Waste management
- Chemicals
- Food (including production, processing, and distribution)
- Manufacturing (specifically, but not limited to, medical, computer, and transport equipment)
For all of these organisations, early adoption of Nis 2 is crucial. As we ramp up cyber resilience strategies for the new year ahead, we’re sharing our key focus areas for your cyber resilience strategy, below.
Key Focus Areas for Cyber Resilience in 2024
Creating a Cyber Resilient Culture
This is a journey that requires the backing of every member of your business. Harnessing a cyber aware culture is critical to your organisations success in both preventing and managing attacks. People are both your biggest vulnerability and your biggest asset, equipping them with the tools, training and knowledge is an important first step to becoming cyber resilient.
Assessing your Current Security Posture
A temperature check on where your security processes are currently can be a great way to both improve on those processes and lay the building blocks for improving your organisation’s cyber resilient culture. Reaching a security milestone can be an effective way to get further buy-in from our teams and ensure that you are on the road to becoming NIS2 compliant.
Continuous Review of Security Measures
NIS2 leaves no room for error when it comes to your security stack and the days of ‘set and forget’ are long behind us. As cyber crime evolves and becomes more sophisticated, your team must keep pace when it comes to investing in areas of security.
Having a Trusted Cyber Resilience Partner
With hefty penalties in place and your own organisation’s cyber security in the balance, it can be difficult to ensure that you’re ticking all the boxes, meeting every requirement, and knowing where you need to invest to best execute your plan. Having a trusted partner who specialises in cyber resilience can be a key ingredient in keeping that focus and taking you every step of the way to your watertight cyber resilience strategy.
If you would like to learn more about Viatel Technology Group, our Cyber Resilience offering or how we can assist you through changes arising from NIS2, you can do so by emailing getstarted@viatel.com or click here.