#Cybersecurity
03/07/2024
Strengthen your security, yes, but how do you comply with the new NIS2 directive, soon to come into force? Our experts, Matthieu Jungers, Manager at Rsecure, and Kevin Carlens, Manager Cloud Public, show you how our Rsecure solutions and Microsoft tools can help you ensure compliance with the NIS2 directive.
Adopted in 2022, the NIS2 directive strengthens cybersecurity within the European Union. Its main aim is to enable mission-critical businesses to guarantee their resilience in the face of cyber threats, while optimizing their strategies and budgets. It also strengthens Europe’s cyber position by establishing cyber incident response centers in all member countries and promoting communication between impacted entities.
Adopted in 2022, the NIS2 directive strengthens cybersecurity within the European Union. Its main aim is to enable mission-critical businesses to guarantee their resilience in the face of cyber threats, while optimizing their strategies and budgets. It also strengthens Europe’s cyber position by setting up cyber incident response centers in all member countries, and promoting communication between impacted entities.
Overall, NIS2 defines the guidelines of a regulation that must be transposed into national law by the various member countries. Each country will therefore have its own adaptation of the regulations.
Implementation of the NIS2 directive is progressing at different speeds in different countries. In Belgium, the process is already well underway, thanks to the transposition of the law based on the “Cybersecurity Fundamentals” framework drawn up by the Centre pour la Cybersécurité. In Luxembourg, although the regulatory details are still being defined, ILR has already identified six key security measures to help companies anticipate and prepare effectively :
1 : Incident management and business continuity
Prepare to detect and manage incidents with high-performance tools. Draw up a plan for classifying and notifying incidents to the CNPD and ILR, and define who is responsible internally for managing these notifications effectively. Also test your continuity plans, guarantee rapid restoration of your backups, and establish relationships with national authorities to better manage crises.
2 : Staff awareness and training
Raise your employees’ awareness of good cybersecurity practices. Train managers and senior executives (C-level) in risk management and the use of IT tools, thus guaranteeing security within the company.
3 : Asset and risk management
Maintain a detailed inventory of your hardware and software assets. Microsoft Intune, for example, is an effective solution for managing peripherals (smartphones, computers). It allows you to centralize configuration and application management, ensuring greater control over software updates.
In addition, Microsoft’s security score offers you a continuous assessment of your security posture, based on different pillars such as data, identities, applications and devices. In addition, the exposure score enables you to identify vulnerabilities thanks to Microsoft Defender’s advanced analyses, giving you a clear vision of where you need to strengthen.
4 : Protecting systems, networks and communications
Secure your systems with basic solutions such as antivirus, firewalls and VPN, and apply secure configurations to network equipment. ZTNA technology, combined with Microsoft 365 services, gives you the ability to filter access to critical applications with granular control, guaranteeing significantly enhanced security.
5 : Secure logical and physical access
Adopt robust authentication methods, such as MFA, and establish strict access control policies for both IT systems and sensitive areas, such as servers. By securing both logical and physical access, you can further refine protection based on various signals such as location, device compliance, and detected risks.
6 : Software and system maintenance and updates
Keep your software up-to-date by applying a rigorous patching procedure. Microsoft Defender performs vulnerability scans, enabling you to identify vulnerabilities which are then patched via Microsoft Intune. To further strengthen your security, set up regular tests to assess the effectiveness of your systems’ protection.
In conclusion…
The NIS2 directive marks a major turning point for corporate cybersecurity in Europe. Preparing for these new requirements means implementing rigorous measures to protect your assets and ensure business continuity.
Don’t wait any longer, contact us today to prepare for compliance and strengthen your organization’s security at contact@rsecure.lu !
Prepare for compliance with Microsoft now !