You need to implement NIS2? - Cyber resilience is (not) a question of backup
Try a 1-month free demo and choose a cyber resilience backup solution that combines AI-based anomaly detection and fully managed service at a great price.*
*Special offer for a limited time only
Implementing NIS2 with a cyber resilience orchestration backup solution
NIS2 sets high cyber resilience requirements for so-called "essential" and "important" companies from this year, which will now become legally binding this year (2024) as a Europe-wide directive since the IT Security Act (2015) and NIS (2016): Having come into force on 16 January 2024, businesses affected now have until 17 October 2024 to implement NIS.
NIS2 - how to identify helpful solutions?
NIS2 is the "second directive on measures to ensure a high common level of security of network and information systems across the Union" and brings together all measures that strengthen the cyber security of companies.
For the first time, the aim is not only to strengthen security and thus prevent attacks, but also to strengthen cyber resilience:
- The ability to identify anomalies, i.e. to become better at detecting cyber incidents, which today often remain undetected for months, as early as possible
- Being able to quickly respond once the system has been attacked, i.e. to restore data as quickly and completely as possible.
This is where we are already in deeply specialised backup territory. The NIST framework (2013) has illustrated this logic well, as NIS2 now requires of companies.
Which companies have to implement NIS2?
Sectors, such as energy, transport, health and digital infrastructure, will have to implement NIS2 and constantly review and, where necessary, adapt their risk management in future and are subject to reporting obligations. Management and board members are now personally responsible for complying with these obligations and may be subject to severe penalties if deficiencies are identified or the reporting obligations are not complied with.
Organisations from 18 sectors with more than 50 employees and/or EUR 10 million turnover are considered to be systemically important and therefore obliged to comply with NIS2.
(detailed information on affected operators and sectors can be found at OpenKritis.de)
Critical sectors (essential)
- Healthcare
- Energy sector
- Transport
- Banking and financial market infrastructure
- Healthcare
- Drinking water and wastewater supply
- IT and telecommunications (digital infrastructure, ICT services)
- Space
- Public administration
Further sectors (important)
- Postal and courier services
- Waste
- Digital services
- Chemicals
- Food services
- Industry
- Research
Impact
- Penalties of up to 2 million euros or 2% of turnover
- Direct liability of the Executive Board
- Increased security standards in the areas of policies, incident management, business continuity management, supply chain security, asset management, training, reporting obligations.
- Incident reporting obligation:
- Incident reporting up to 24 hours after the incident
- Indicators of compromise report up to 72 hours after the incident
- Final report up to 1 month after the incident)
- The supervisory authority is the BSI
Benefits
- Improved protection against cyber attacks
- Increased resilience
- Compliance as a competitive advantage
- Risk minimisation (also in insurance cover)
- Efficient use of AI
Do you have questions about Cyber Resilience in connection with the NIS2 implementation and VIKING Backup Guardian? Get in touch with us!
Markus Stumpf, Head of Data Protection Services, Business Development Manager
Phone +49 172 541 45 67
Benefits of the NIS2 implementation
You read right: Despite all the effort these regulations entail - in the medium AND long term with these sanctions - NIS2 even offers you decisive advantages, as customers and partners will check business relationships for compliance with the NIS2 guidelines in future: If you differentiate yourself from the competition by proactively implementing NIS2, you will also have a head start on better protecting yourself against cyberattacks.
Increasing the company's resilience minimises cyber risks and can even lead to a more favourable cyber insurance rating. In addition, such measures are now simpler, faster and more effective thanks to the use of AI-based technologies.
NIS2 requirements and ways to implement them
Empalis is a pioneer in cyber resilience: in one of our core areas, the IBM Storage Protect environment, we based ourselves on the criteria of the NIST framework at an early stage.
Our resilience experts support our customers in implementing what the NIS2 guideline requires today as simply as possible.
You can use our NIS2-optimising VIKING Backup Guardian solution immediately, regardless of the products and solutions you already use in-house.
What VIKING Backup Guardian provides for your NIS2 transformation
To secure business continuity, NIS2 demands a backup management system that includes incident management as well as preventive cyber hygiene (cyber resilience):
- Being able to securely detect, analyse, contain and react to incidents,
- Be able to respond in an emergency.
Our fully managed service approach VIKING Backup Guardian significantly improves your cyber protection:
- Regular malware scanning and clean-up of all relevant data to keep your backups ransomware-free.
- Regular updates keep applications up to date.
- Automatic recovery tests
VIKING Backup Guardian is an all-round service package that allows you to respond quickly in the event of an attack and consistently restore your data from the backup when you need it.
NIS2 requires that your backup is immutable and encrypted thanks to a reliable, granular backup management system (snapshots) in order to enable you to completely and quickly restore your data in an emergency.
With integrated orchestrated measures such as immutability, encryption and snapshots, VIKING Backup Guardian ensures that your data is protected against deletion, modification and premature expiry.
NIS2-compliant policy concepts require risk analyses and security for information systems, especially for HR security, access control and asset management.
- The 3rd copy approach of VIKING Backup Guardian ensures that your data is stored in a German ISO27001-certified data centre as a secure offsite copy, immutable, encrypted and optimally protected by zero trust measures.
- Access controls, access management, authorisations etc. can be quickly restored in the event of a cyberattack.
Get state-of-the-art cyber resilience with the VIKING Backup Guardian campaign offer*
*Limited time only! These conditions can be booked as part of our promotion until 30.09.2024. Thereafter, our standard offer of € 960/year/VM applies.
VIKING Strategy Consultancy
Not sure which components can be effectively implemented in your IT architecture and how, or what you need to consider for the implementation of NIS2?
- Strategies and concepts for measures
- Incident management
- Continuity of operations (business continuity)
- Training and education
- Asset management
- Documentation obligations
VIKING solutions ans services are based on sound strategic consulting approaches. Get in touch in order to learn more!
Contact us and find out more about our VIKING strategy consulting services.
Andreas Wagener, Head of Data Protection Consulting
Phone +49 172 761 94 15
