How to Protect Your Systems in the Context of NIS2
The updated version of NIS is here and making waves across companies in Europe. But what does this new directive mean for your organization? How can mid-size companies optimize their strategy to make the most of their cyber investment?
Implemented in 2016, the NIS Directive was the first major cybersecurity regulation at a European level – designed to ensure the resilience of essential services and infrastructure including implementing business continuity plans. However, as cyber threats evolved rapidly, it soon became clear that it was necessary to increase the level of cyber protection for a wider range of services and businesses. In November 2022, European deputies voted to adopt NIS2.
Now covering vital, essential and key sectors – from digital infrastructure to waste management – NIS2 will mean that far more companies need to rethink their approach to managing and mitigating cyber risk. Requirements are wide-reaching including carrying out risk analysis, implementing incident management & notification processes and rigorous cyber security for the entire supply chain. Key data and networks need to be segregated and a robust protection strategy implemented – and communicated across the organization.
Companies and institutions across Europe are waiting to discover the details of how NIS2 will be implemented locally by their governments. Some already have a clear strategy that they are poised to adapt to enhance their cyber protection in line with NIS2. Others, often mid-size companies, may well leave it longer before deciding what investments to make – to select and implement most appropriate products and monitoring solutions based on the details unveiled.
Turning Towards Turnkey Solutions
“Until now, we have mainly worked with large institutions and ministries that often have the in-house skills to integrate and monitor their cyber protection strategy. As the scope of NIS2 widens, we are now also looking at how to adapt our existing offer to provide large and medium-sized companies looking externalize with turnkey solutions,” highlights Olivier Besson, Cyber Protection Director, Thales.
While continuing to cater for existing customers, Thales is currently working to simplify some of its cyber protection products, for example, our MISTRAL network encryption system so it can be deployed much like an internet box. These packaged offers will be enhanced and delivered with support and technology from partners like the French leader : SecLab. It specializes in cybersecurity for critical systems, using patented electronic protocol disruption technology to secure network communications and remote control of cyber-physical systems. Their solutions, certified by the French National Cybersecurity Agency (ANSSI), are designed to protect the most sensitive assets with a simplified approach that maintains the highest level of security.
“Whatever, the size of the organization, it is essential to segregate sensitive assets, so that they are better protected if attacked. Whether using cloud-based solutions – like those from S3NS, our new venture with Google – or taking a hybrid approach. This kind of segregation alone will protect the organization from as many cyberattacks,” highlights Olivier.
Thales has developed a wide range of solutions to provide segregation and a high level of protection based on the needs and size of the organization – bringing together different teams, business lines and partners to offer customers a comprehensive approach aligned with NIS2 requirements.
As part of our Cybels Network Security offer, MISTRAL is a turnkey network encryption system including encryptors and centralized management software.
ELIPS high-end gateways and diode products enable the secure transfer of information between classified or critical networks.
ERCOM’s Cryptobox provides a collaboration and file transfer solution with end-to-end encryption, while Cryptosmart secures mobile or PC communications, data and devices.
S3NS has developed cloud-based solutions to protect sensitive data including customer data encryption
As we wait to see how NIS2 will be applied, our teams at Thales continue to adapt our offer to accompany companies as they upgrade their approach – whether they are a ministry with in-house expertise or a mid-size company looking to externalize their cyber protection.
More information?
