Newsroom Expert comments and analysis on the latest Infinigate news, with headlines from UK, Europe to MEA and Africa.
Partner Enablement services At Infinigate, we believe that your IT distributor should be able to give you all the answers – and that’s…
Partner with us Based on in-depth consultancy, account management and technical support, and partner enablement tools, we can help you identify high-margin opportunities,…
Unriddling NIS2: How the IT channel can help with cybersecurity directives From 17 October 2024, EU member states must translate NIS2 into legal requirements for business. NIS2 will strengthen cybersecurity and resilience for companies in critical sectors; 11 are deemed “essential”, including energy, transport, and healthcare. A further seven are classed as “important”, such as manufacturing, postal services, and food and beverage. 6 mins read | Published on 9 Oct 2024 The Pulse Blogs The legislation has two focus areas. First, enhanced security measures and training to prevent cyber breaches and prepare businesses to respond effectively to incidents. Second, improved incident reporting, with a mandate for organisations to report an incident 24 hours after it becomes known. Failure to comply with the directive could result in penalties of up to €10 million or 2% of annual global turnover. Affected companies should start implementation sooner rather than later – the journey to NIS2 compliance may require time and effort, with organisations at many different stages of cybersecurity maturity. Disparity equally exists at a governmental level, illustrated by the unequal progress of EU member states in transposing NIS2 into national law; Belgium, Hungary, Croatia, Latvia, and Italy are the most advanced, having completed transposition into local legislation (stage 4, image below), while the majority of countries, such as Germany, Finland, the Netherlands, Austria and Sweden, still belong in stage 3, having submitted a draft proposal. It is worth noting that NIS2 comprises both organisational and technical measures as part of risk management, with the former category representing a substantial part of the directive, to ensure processes are in place to identify risk areas and react rapidly and effectively in case of a breach. Standards such as ISO 27001 or IEC62443, both international standards to manage information and operational security, go a long way to guide business in establishing the correct processes towards achieving NIS2 compliance. The IT channel has an opportunity to assist business customers in helping decode the complex NIS2 directive, guiding them on the road to compliance.. Doing so serves to ensure business continuity and protect against costly disruptions. Here are five things channel partners can do to prepare and help customers, drawing on expert insights shared during Infinigate’s recent NIS2 decoded webinar. Five ways to help decode NIS2 Familiarise yourself with the regulations – “NIS2 is more gain than pain, as it will help business increase their security maturity and protect their assets,” according to Marco Eggerling, Global CISO at Check Point Software, who explained that this mantra will be key for channel partners.Customers looking to demystify NIS2 will be looking for expert advice and guidance on how to comply. “NIS2 is bringing structure to compliance and raising the maturity of security programmes, helping organisations across industries and countries come to a level playing field,” explained Marco.To fill this gap, partners could offer a Data Protection Officer (DPO) -as-a-service consultancy to help customers with compliance needs and to respond to requests from regulatory bodies. Risk management is key – The channel can help customers make sense of complexity. Many customers must deal with an expanding attack surface, complicated by a host of IT and Operational Technology (OT) devices to manage and track.According to Armis’ Account Manager, Cathrin Pyromalys, dealing with legacy systems is not an easy task: “Historically asset management has been done in silos, with different tools to manage different assets. Having a complete overview and keeping on top of changing assets and configurations is key to keeping your business secure.”Partners can help customers take a proactive approach to asset and risk management, and making it into an ongoing process. “There must be a more proactive approach to asset and risk management. Instead of reacting to incidents, organisations need to anticipate threats, identify vulnerabilities, and build a robust security posture to mitigate risks,” explains Cathrin. Find the security gaps – Security is a maturity process according to Ivanti’s Bernhard Steiner, RVP Sales Engineering EMEA. “In the last 10-20 years, enterprises have made significant strides in digital transformation, but security hasn’t kept pace. NIS2 is refocusing attention on security, intending to protect and secure business processes that have been automated.”Channel partners are best placed to assist customers in assessing their current state of cybersecurity maturity and working through an individualised step-by-step guide to compliance. This involves taking a platform approach to link and connect assets, and create a holistic approach to NIS2 compliance.Or as Bernhard puts it, “Channel partners can assist customers in assessing their existing environments, identifying gaps and helping to select the right modules from an overall platform that helps to avoid silos.” Create integrated frameworks for OT and IT – As Mirco Kloss, Business Development Director at TX One explains, organisations need to rethink their approach to OT and IT, “There must be an integrated governance framework across OT and IT to ensure the NIS2 directive can be applied, as well as the steps needed to maintain compliance.”The channel can help organisations to implement best practice frameworks. These will provide the standards and guidelines that can be adopted across the enterprise to ensure compliance.According to Mirco, these standards and guidelines will create a robust security framework, “IT and OT integration is key. So too is the clear definition of roles and responsibilities when it comes to protecting security. For example, OT tends to have legacy systems that require a different approach in patching, which is a major challenge if you don’t have the right skill set. Training is vital to enable OT and IT understanding across the business.” Don’t overlook the supply chain – It is important not to overlook supply chains as part of the OT segment and to protect them from cyber risk, as Heiko Adamczyk, Business Development Manager, OT Security at Fortinet explains: “Nowadays, there is usually no strong secure development lifecycle process on the manufacturing side, which is the biggest problem from the end-customer perspective. That is why supply chain management as part of NIS2 is so important, as it can significantly reduce risk. “Managing OT supply chains is complex, but one area where channel partners can help.“NIS2 is particularly important for suppliers, but the upcoming CRA addresses specifically the security development lifecycle on the supplier side. The combination of CRA and NIS2 is a win-win situation for both supplier and end customer.” concludes Heiko. Expert Advisory Services: the channel’s time to shine NIS2 is an opportunity for the channel. Firstly, from an advisory position partners can help customers determine if they fall under the categories of “essential” or “important” entities. Secondly, partners can offer a range of professional services to ensure customers abide by NIS2, including compliance audits, asset detection, and risk assessments. This includes reporting services, such as establishing reporting mechanisms and training staff on how to report incidents to the relevant authorities within the required timeframe. Partners can also recommend and implement relevant security technologies while developing security measures to ensure all parts are in place for incident prevention, detection, and response. Channel expertise will be vital as we have seen NIS1 evolve into NIS2. This means there will likely be a NIS3 in the future, which could bring higher requirements and harsher penalties to protect us from escalating risk.