Prepare for NIS2: The new European cybersecurity directive
A growing societal dependence on IT has led to an increase in cyber threats. This calls for stricter regulations, including the establishment of more stringent requirements in the EU. The revamped NIS2 directive forces businesses to improve their cybersecurity. This includes securing the entire supply chain, with small and large components, on-site and remotely.
On 17 October 2024, the new NIS2 directive officially goes into effect. NIS stands for Network and Information Security, and is aimed at increasing cybersecurity within organizations as well as throughout the supply chain. There’s a good chance that you soon will fall, directly or indirectly, under the new directive. It’s expected that NIS2 will have a direct impact on 16,000 companies and organizations in the Netherlands.
To whom does NIS2 apply?
The NIS2 classifies organizations into two categories: essential or important. The table below shows which sectors fall under each category, including the criteria that classify them as such. Digital service providers are subject to the directive regardless of their turnover or number of employees.
What can I do to prepare?
By having a third-party conduct a Security Assessment, you get insights into your weaknesses and recommendations to improve your cyber security. HSO can assist you by scanning both your on-site and cloud systems.
Leverage multi-factor authentication (MFA) on all accounts and monitor for coverage gaps: holes that allow some accounts to bypass your MFA policy. MFA protects against 98% of cyber-attacks, but nearly every organization has MFA policy gaps, which make your digital infrastructure more vulnerable than you think.
Ensure that you identify and analyze your (digital) risks, and that you can address them based on standard risk levels. Do this for all cyber risks in the chain, and assess the level of (digital) security of your partners. Don’t allow them to become a springboard that compromises your own organization.
Ensure that cyber risks are monitored and addressed 24/7. You can take care of this yourself or outsource it to a security partner like HSO. Adequate incident response is critical to intercept cyber threats in an early stage, in case preventative measures have not been effective enough. Consider coverage during overnight hours, weekends, and holidays, when you might not have your own capacity.
Your employees are your biggest asset when (technical) security measures fail. Ensure that employees know how to handle security attacks such as phishing or ransomware. Don’t focus only on phishing simulations. These have very limited effectiveness and can be extremely expensive. Consider instead adequate technical measures and educate your employees continuously by leveraging training and gamification.
In short, there is plenty that you can do before the NIS2 measures go into effect. It may seem daunting, but 17 October 2024 will be here before you know it. So don’t hesitate to ask for help. At HSO we are ready to help you improve your cybersecurity.
Informatie
Meer over Security
