New EU directive means many more businesses need better security, visibility and control
Imposing stringent new requirements, the revamped Network and Information Security (NIS) Directive will demand that many more EU companies take cybersecurity seriously.
In less than a year, NIS2 (as the new directive is known) will make it a legal requirement for a wide range of organizations to fully secure internal systems and ensure external interfaces aren’t vulnerable to attack and data theft.
It places a big emphasis on risk management, reporting and recovery, with fines for non-compliance set to reach €10 million or 2% of annual global revenues (whichever is higher).
Yet such fines could be the tip of a much greater financial iceberg.
With NIS2 applying to a far broader group of companies than its predecessor, the impact will ripple through supply chains. Cybersecurity will become a priority in procurement processes and could determine which businesses win new contracts.
Unfortunately, most organizations do not have the in-house skills to manage the new directive’s many requirements, particularly as their systems increasingly span multiple cloud environments and large numbers of staff continue to work from home.
NIS2 makes full visibility a must have
Covering any business that has more than 50 employees and an annual turnover that exceeds €10 million, NIS2 will apply to telecoms, food, waste management, digital platforms, public agencies, and delivery services. It will also have a major impact on essential services covered by the original NIS like energy, healthcare, banking, and transport.
As NIS2 is implemented by EU member states, affected businesses will need to ensure all external interfaces are protected, including the applications used to interact with customers and suppliers.
If a breach occurs, they will have to submit an early warning report within 24 hours of becoming aware of an incident, followed by an initial assessment within 72 hours, and a final report within one month.
Consequently, it will be essential for businesses to have full visibility of what is happening in their digital operations and their digital interfaces with customers, partners, and suppliers.
In an ideal world, a regulatory stick shouldn’t really be necessary: most commercial interactions now take place online, so business leaders should already be demanding that kind of visibility.
Nevertheless, many smaller businesses falling under the new directive's scope won’t necessarily have a security operations center and the related reporting tools needed to comply. What’s more, they’re unlikely to have the necessary skills and resources to build and engineer those tools in-house.
Needless to say, the pressure is on to deploy easy-to-implement mechanisms to meet NIS2 obligations. And to do so without adversely affecting their customers’ and partners’ experience.
In particular, they’ll need a centralized console through which they can manage their full application portfolio. Cloud-based application security and application delivery propositions, such as F5 Distributed Cloud Services, can meet that need.
It’s no walk in the park for larger organizations either. One of the biggest challenges presented by the intensified regulatory spotlight on security is the added complexity of both securing and monitoring a digital infrastructure that increasingly spans multiple clouds and in-house data centres.
Today, many run applications and their constituent microservices across several environments. While the front end of an app might be running in a public cloud, the back end could be in an internal data center. At the same time, employees are increasingly logging into systems and apps from many different locations, such as their homes and co-working spaces.
In order to secure this increasingly complex digital landscape in an NIS2-friendly way, many businesses will need a managed service equipped to span multiple different cloud, computing, and networking environments. Again, at F5, we have that expertise.
Although the clock is ticking ever louder, there is still time to act.
EU member states must incorporate the new directive into their national laws by 18 October 2024 , so the race is on for all impacted organizations ensure their security and monitoring capabilities are robust enough to avoid the fines, and, more importantly, the reputational damage associated with compliance failure(s).
Fortunately, the technology they need to thrive in this new regulatory environment is ready to go.
We’ll delve into the detail in a future blog post exploring how F5 is already helping customers comply with NIS2. Stay tuned!
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...