Solutions: From NIS to NIS2

September 27, 2023
| No comments
From NIS to NIS2

Share post

NIS2 involves many more companies than NIS, better known as KRITIS. The change is a challenge for many. New technologies, such as NDR – Network Detection and Response, solve many requirements for companies.

According to Swiss cybersecurity specialist Exeon Analytics, the version of the NIS Directive updated by the European Commission in January 2023, referred to as NIS2, has a significant impact on the way organizations belonging to the so-called critical infrastructures operate , manage and monitor their networks. NIS2 aims to improve the cybersecurity resilience and responsiveness of the public and private sectors. The directive recognizes and addresses the growing dependence on these systems and the increasing cyber threats to operators of critical infrastructure. The previous NIS guideline is primarily known in Germany as KRITIS.

NIS2 covers more sectors and application areas

From NIS or KRITIS to NIS2 (Image: Exeon)

🔎From NIS or KRITIS to NIS2 (Image: Exeon)

While the original NIS Directive focused primarily on operators of essential services in critical sectors and digital service providers, NIS2 significantly expands the scope to cover a wider range of sectors and organizations. The updated directive now also applies to the areas of energy, transport, banking, financial market infrastructure, health, drinking water supply, digital infrastructure and public administration. This expansion is in response to the increasing interdependence of these sectors and the potential cascading effects in supply chains from cybersecurity incidents.

Stricter security requirements

NIS2 introduces stricter security requirements for companies that fall within the scope of the directive. This includes a commitment to applying risk management procedures, ensuring the security of their networks and information systems, and regularly assessing and improving their security posture. The directive also requires that all significant cyber incidents be reported immediately to the relevant national authorities. In addition, stricter liability rules will apply to company management in the future.

“The updated NIS policy presents critical infrastructure operators with a number of challenges, particularly in terms of complying with the new requirements and adapting to the evolving cybersecurity landscape,” commented Gregor Erismann, CCO of Exeon Analytics. “These include the increased complexity of risk management, the need to develop and introduce new processes and systems for cybersecurity and NIS2 compliance, and the already scarce human and financial resources.”

NDR helps with implementation

In order to overcome the challenges of NIS2 and ensure the security and resilience of networks and information systems, Exeon believes Network Detection and Response (NDR) is essential for operators of critical infrastructure.

Organizations that need to comply with NIS2 benefit from NDR on the following topics:

Visibility: NDR solutions provide complete visibility into network traffic, enabling organizations to identify potential threats and vulnerabilities before they can be exploited.

Recognition: By continuously monitoring network traffic, NDR solutions can detect suspicious activities such as: B. detect unauthorized access attempts or data exfiltration and trigger alarms.

Reaction: NDR solutions enable companies to respond quickly and effectively to potential threats by immediately triggering incident response procedures when incidents occur.

Compliance with regulations: NDR solutions help organizations meet NIS2 reporting requirements by providing detailed logs and reports of network activity and incidents.

Overall, NDR is an important tool for critical infrastructure operators to comply with the updated NIS directive and ensure the security and resilience of their networks and information systems.

More at Exeon.com

 

About Exeon Analytics

Exeon Analytics AG is a Swiss cybertech company specializing in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the opportunity to monitor networks, immediately detect cyber threats and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based. The self-learning algorithms for early detection of cyber attacks were developed at ETH Zurich (Swiss Federal Institute of Technology Zurich) and are based on more than ten years of academic research. Exeon has received several awards, is internationally active and counts well-known companies such as PostFinance, V-Zug, SWISS International Airlines and the logistics group Planzer among its customers.

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

More at Sophos.com

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

 

Stories
, , , ,