Cyber Resilienz aufbauen: Wie Unternehmen NIS2 schnell und vereinfacht zu wesentlichen Teilen umsetzen können

You need to implement NIS2? - Cyber resilience is (not) a question of backup

Try a 1-month free demo and choose a cyber resilience backup solution that combines AI-based anomaly detection and fully managed service at a great price.*

 

*Special offer for a limited time only

Benefit now

Implementing NIS2 with a cyber resilience orchestration backup solution

 

NIS2 sets high cyber resilience requirements for so-called "essential" and "important" companies from this year, which will now become legally binding this year (2024) as a Europe-wide directive since the IT Security Act (2015) and NIS (2016): Having come into force on 16 January 2024, businesses affected now have until 17 October 2024 to implement NIS.

A simplified illustration of what NIS2 is intended to achieve is provided by the NIST framework (diagram). From our point of view, NIST clearly describes what the BSI basic protection catalogue in Germany or other frameworks also say.
NIST-Framework

NIS2 - how to identify helpful solutions?

 
NIS2 is the "second directive on measures to ensure a high common level of security of network and information systems across the Union" and brings together all measures that strengthen the cyber security of companies.
 

For the first time, the aim is not only to strengthen security and thus prevent attacks, but also to strengthen cyber resilience:

  • The ability to identify anomalies, i.e. to become better at detecting cyber incidents, which today often remain undetected for months, as early as possible
  • Being able to quickly respond once the system has been attacked, i.e. to restore data as quickly and completely as possible.

This is where we are already in deeply specialised backup territory. The NIST framework (2013) has illustrated this logic well, as NIS2 now requires of companies.

Which companies have to implement NIS2?

Sectors, such as energy, transport, health and digital infrastructure, will have to implement NIS2 and constantly review and, where necessary, adapt their risk management in future and are subject to reporting obligations. Management and board members are now personally responsible for complying with these obligations and may be subject to severe penalties if deficiencies are identified or the reporting obligations are not complied with.

Organisations from 18 sectors with more than 50 employees and/or EUR 10 million turnover are considered to be systemically important and therefore obliged to comply with NIS2. 

(detailed information on affected operators and sectors can be found at OpenKritis.de)

Critical sectors (essential)

  • Healthcare
  • Energy sector
  • Transport
  • Banking and financial market infrastructure
  • Healthcare
  • Drinking water and wastewater supply
  • IT and telecommunications (digital infrastructure, ICT services)
  • Space
  • Public administration

Further sectors (important)

  • Postal and courier services
  • Waste
  • Digital services
  • Chemicals
  • Food services
  • Industry
  • Research

Impact

  • Penalties of up to 2 million euros or 2% of turnover
  • Direct liability of the Executive Board
  • Increased security standards in the areas of policies, incident management, business continuity management, supply chain security, asset management, training, reporting obligations.
  • Incident reporting obligation:
  • Incident reporting up to 24 hours after the incident
  • Indicators of compromise report up to 72 hours after the incident
  • Final report up to 1 month after the incident)
  • The supervisory authority is the BSI

Benefits

  • Improved protection against cyber attacks
  • Increased resilience
  • Compliance as a competitive advantage
  • Risk minimisation (also in insurance cover)
  • Efficient use of AI
Markus Stumpf

Do you have questions about Cyber Resilience in connection with the NIS2 implementation and VIKING Backup Guardian? Get in touch with us!

Markus Stumpf, Business Development Manager
Phone +49 172 541 45 67

Benefits of the NIS2 implementation

You read right: Despite all the effort these regulations entail - in the medium AND long term with these sanctions - NIS2 even offers you decisive advantages, as customers and partners will check business relationships for compliance with the NIS2 guidelines in future: If you differentiate yourself from the competition by proactively implementing NIS2, you will also have a head start on better protecting yourself against cyberattacks.

Increasing the company's resilience minimises cyber risks and can even lead to a more favourable cyber insurance rating. In addition, such measures are now simpler, faster and more effective thanks to the use of AI-based technologies.

NIS2 - Requirements automatically fulfilled by VIKING Backup Guardian
NIS2 - Requirements automatically fulfilled by VIKING Backup Guardian

NIS2 requirements and ways to implement them

Empalis is a pioneer in cyber resilience: in one of our core areas, the IBM Storage Protect environment, we based ourselves on the criteria of the NIST framework at an early stage.

Our resilience experts support our customers in implementing what the NIS2 guideline requires today as simply as possible.

You can use our NIS2-optimising VIKING Backup Guardian solution immediately, regardless of the products and solutions you already use in-house.

What VIKING Backup Guardian provides for your NIS2 transformation

To secure business continuity, NIS2 demands a backup management system that includes incident management as well as preventive cyber hygiene (cyber resilience):

  • Being able to securely detect, analyse, contain and react to incidents,
  • Be able to respond in an emergency.

Our fully managed service approach VIKING Backup Guardian significantly improves your cyber protection:

  • Regular malware scanning and clean-up of all relevant data to keep your backups ransomware-free.
  • Regular updates keep applications up to date.
  • Automatic recovery tests

VIKING Backup Guardian is an all-round service package that allows you to respond quickly in the event of an attack and consistently restore your data from the backup when you need it.

NIS2 requires that your backup is immutable and encrypted thanks to a reliable, granular backup management system (snapshots) in order to enable you to completely and quickly restore your data in an emergency.

 

With integrated orchestrated measures such as immutability, encryption and snapshots, VIKING Backup Guardian ensures that your data is protected against deletion, modification and premature expiry. 

NIS2-compliant policy concepts require risk analyses and security for information systems, especially for HR security, access control and asset management. 

  • The 3rd copy approach of VIKING Backup Guardian ensures that your data is stored in a German ISO27001-certified data centre as a secure offsite copy, immutable, encrypted and optimally protected by zero trust measures.
  • Access controls, access management, authorisations etc. can be quickly restored in the event of a cyberattack.

Get state-of-the-art cyber resilience with the VIKING Backup Guardian campaign offer*

*Limited time only! These conditions can be booked as part of our promotion until 15.01.2025. Thereafter, our standard offer of € 960/year/VM applies.

1 month free trial demo

€ 80 / month per VM to be backed up

€ 880 / year per VM to be backed up

Cloud-fähige und vor Ransomware schützende Backup Solution VIKING von Empalis

VIKING Strategy Consultancy

Not sure which components can be effectively implemented in your IT architecture and how, or what you need to consider for the implementation of NIS2?

  • Strategies and concepts for measures 
  • Incident management 
  • Continuity of operations (business continuity) 
  • Training and education 
  • Asset management 
  • Documentation obligations 

VIKING solutions ans services are based on sound strategic consulting approaches. Get in touch in order to learn more! 

Learn more

Andreas Wagener

Contact us and find out more about our VIKING strategy consulting services.

Andreas Wagener, Head of Data Protection Consulting
Phone +49 172 761 94 15

Are you interested in NIS2 and cyber resilience? Then these topics might also interest you