Approval of EU NIS2 directive

Η ESET welcomes the decision of the European Union legislators to issue the second Network and Information Security Directive NIS2 with the aim of strengthening cyber security in the EU.

The new legislation comes to answer the growing dependence of neuralgic branches from digitization and their increased exposure to cyber threats.nis2

Η directive that has already been adopted replaces it την οδηγία NIS που θεσπίστηκε το 2016, ως η πρώτη νομοθεσία για την ασφάλεια στον κυβερνοχώρο σε ολόκληρη την ΕΕ. Η NIS2 προβλέπει wider field of action, affecting more entities in “core” sectors, both public and private, such as energy, transport, banking, water and wastewater, among other critical infrastructure. At the same time, new obligations are introduced for those operating in other "critical" sectors, such as manufacturing, food, chemicals, waste management, postal services and courier services.

Businesses classified in "vital" category should take both technical and operational measures to comply with the NIS2 directive, including incident response, supply chain security, encryption and vulnerability disclosure, appropriate risk analysis, testing and auditing of cyber security strategies, as well as crisis management planning in order to ensure the uninterrupted operation of businesses. In incident case in cyberspace, such entities should also submit an initial notification within 24 hours and more detailed information within 72 hours. The NIS2 directive also introduces penalties for non-compliance, such as suspension of certification and personal liability in managerial positions, according to national laws.

Finally, the directive establishes This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. European Cyber ​​Crisis Liaison Organization Network, EU-CyCLONE, to enable cooperation between national organizations and authorities responsible for cyber security, while each Member State should also clearly identify a single point of contact for reporting cyber incidents.

Do SMEs also have to comply?

The NIS2 directive establishes "the application of the maximum size rule, according to which all medium-sized and large enterprises, as defined in Commission Recommendation 2003/361/EC, active in the sectors or providing the type of services covered by this Directive, fall in its scope". Although it exempts Small and Very Small businesses from the obligation to comply with the new rules, certain exceptions apply, such as for SMEs in the sectors of electronic communications networks or publicly available electronic communications services, trust service providers or registries registration of TLD names.

SMBs are increasingly becoming the target of supply chain attacks due to limited security resources. Such supply chain attacks can have knock-on effects on the entities to which supplies are made. Member States should, through their national cyber security strategies, help SMEs to address the challenges they face in their supply chains. Member States should have a contact point for SMEs at national or regional level, which will either provide guidance and assistance to SMEs or direct them to the appropriate bodies for guidance and assistance on cybersecurity-related issues.

Last March, as part of the consultation on the NIS2 proposal, the European DIGITAL SME Alliance, the EU's largest ICT media network, has published the text with its positions, welcoming the new directive, but also warning about the indirect impact of NIS2 on the media.

Σε συνομιλία με την ESET, ο James Philpot, Project Manager στο DIGITAL SME, σημειώνει ότι the first step the media should take για να «κατανοήσουν τις συγκεκριμένες ανάγκες για την ενίσχυση των πρακτικών τους στον τομέα της κυβερνοασφάλειας» είναι να εξετάσουν το «εθνικό τους κέντρο κυβερνοασφάλειας και τους οδηγούς και τις συστάσεις του ENISA». Ωστόσο, «μπορεί να είναι ευκολότερο ή δυσκολότερο» να πάρει κανείς τις σωστές πληροφορίες, καθώς «κάθε κράτος μέλος παρέχει διαφορετικούς πόρους». Παρ’ όλα αυτά, the NIS2 directive "mandates States to provide support and resources", especially when it comes to understanding in detail the scope of the legislation in question "and whether their customers will be subject to it", which "will help with planning".

Towards safer businesses

ESET's report on digital security trends in SMEs, published just last month, revealed that while 83% of SMEs believe that cyber warfare is a absolutely real threat and 71% have moderate to high confidence in their ability to investigate the root cause of cyber-attacks, 43% see a lack of employee awareness as the main cause of concern, while the actual adoption of end-point detection and response (EDR) solutions, which help specifically in this area, was only at 32%.

As Philpot also notes in his conversation with ESET, "the effects of cyber incidents are well known" to SMEs: data leakage, significant financial impact and loss of customer trust. Thus, "in a more general sense, we should be positive" about the NIS2- at the very least, this directive will play an important role in raising awareness, even for companies that "are not required to comply, may develop greater awareness".

The NIS2 directive will be implemented after EU member states have incorporated the directive into their national law: until September 2024. Παρ’ όλα αυτά, κάποιοι οργανισμοί ίσως θελήσουν να είναι έτοιμοι νωρίτερα και όχι αργότερα, όχι μόνο για να είναι εμπρόθεσμοι στη διαδικασία εφαρμογής, αλλά και για να δοκιμάσουν διάφορες καλές πρακτικές σχετικά με το χειρισμό περιστατικών, τις πολιτικές ελέγχου, κα. The main, the NIS2 directive defines a common minimum level of cyber security in Europe, which should be considered as the minimum and in no case as the maximum.

iGuRu.gr The Best Technology Site in Greece
Follow us on Google News

eset, NIS2

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).