Article   November 14 2023

The Digital Infrastructure sector - what’s new with NIS2?

With a wider coverage of sectors, stricter requirements for risk management and incident reporting and more hard-hitting penalties for non-compliance, the new NIS2 directive is the most comprehensive European cybersecurity directive yet. As our dependence on digital technologies grow, data centers are becoming the backbone of society – and the whole Digital Infrastructure Sector followingly a high-value target for malicious actors.

Information security
Cellphone searching wi-fi

Image: (royalty free)

The Digital infrastructure sector is facing several cybersecurity challenges. Some relating to technical operations, some to the people managing the systems. Ransomware Attacks is of course a major threat causing downtime and difficulties to recover the systems. This sector also relies heavily on third-party vendors for various services, and this can lead to additional risks if those vendors lack adequate security measures. Supply chain security is key. 

Due to the shortage of cybersecurity professionals and the high cost of cybersecurity measures, creates significant barriers to securing digital infrastructure. Physical security systems, like cameras and access control, is necessary for protecting digital infrastructure from complex physical attacks. At the same time the number of Internet of Things (IoT) devices used by operators and the vast amounts of data they generate increase the attack surface.

The digital infrastructure sector, will be heavily impacted by the NIS2 directive, affecting every operational aspect. Demanding upgrades to physical security measures and better incident response and recovery planning. Operators in the digital infrastructure sector may experience increased regulatory oversight, as EU supervisory authorities take steps to enforce the requirements of the NIS2 directive and hold companies accountable for protecting their critical systems and networks.

Awareness training – one of 10 key cyberhygiene measures 

The NIS2 directive requires that the Digital Infrastructure sector and other essential and important entities implement 10 baseline security measures to address specific forms of likely cyberthreats.

  • Risk assessments and security policies for information systems.
  • Policies and procedures for evaluating the effectiveness of security measures.
  • Policies and procedures for the use of cryptography.
  • A plan for handling security incidents.
  • Security around the procurement of systems and the development and operation of systems.
  • Security procedures for employees with access to sensitive or important data.
  • A plan for managing business operations during and after a security incident.
  • The use of multi-factor authentication.
  • Security around supply chains and the relationship between the company and direct supplier.
  • Cybersecurity training and a practice for basic computer hygiene.

Cybersecurity training is not only ‘on the list’. It’s a well-known fact that awareness training is an essential part in creating the organisational security culture needed for organisations to be compliant with many of the other security measures mandated by NIS2. Without awareness training all year round, many of the operational procedures will eventually fail – due to human errors.

Our new updated 2024 editions of Information Security Awareness training is targeting all employees, managers, executives, and boards and is one part of being NIS2 compliant.

Or why not kickstart with our NIS2 Introdution course? This will give your management a better understanding of what your organisation need to be NIS2 compliant.

Article   November 14 2023