Skip to content
Blog Cyber Security Nordic Microsoft – Worried about NIS2? This is how we will succeed together
Article

Worried about NIS2? This is how we will succeed together

Published

The cyber threat environment is constantly evolving. NIS2, Network and Information Systems Directive 2, is the European Union’s response to make sure that citizens, businesses, and organizations alike are protected against the threats as well as possible. The directive, which will take effect on 17 October, directly affects mid-size and large organizations in the EU across sectors classified as “essential”, such as energy, waste and water companies, digital infrastructure and providers, transport and postal services, production of chemicals and food, and public administration.

A recent study by Microsoft and IDC Research reveals that while most organizations understand NIS2’s objectives and associated costs, only 14% are fully prepared for it, and 9% have not even started preparing for NIS2 yet. However, a challenge shared by all organizations is the tight timeline of the compliance requirements.

  • Risk analysis and information system security policies: Organizations must carry out risk analyses and establish information system security policies, for instance, for cybersecurity incident management and business recovery.
  • Supply chain security assessments: Businesses must understand and assess the security of their supply chain, including relationships between suppliers and service providers in the procurement chain.
  • Cybersecurity training: Organizations must offer cybersecurity training to their employees and document cyber hygiene practices.
  • Encryption methods: Businesses must implement encryption methods and document the policies and procedures related to their use.
  • Identity and access management: Businesses must ensure procedures related to access management, as well as general security. This can include the use of multi-factor authentication (MFA) or continuous authentication solutions.

Many of these obligations require organizations to set up completely new procedures, which is likely to raise many questions in cybersecurity teams. Luckily, we are all on a shared journey to prepare our organizations to comply with the upcoming directive.

At Microsoft, we are committed to offering tools and guidance that help you fulfil the obligations required by NIS2, such as risk evaluation, MFA, encryption services, cybersecurity training, as well as incident response plans.

NIS2-compliant organizations need a fully integrated approach to protection, as well as streamlined threat investigation and response. I would like to highlight three Microsoft Security solutions that provide these:

By implementing advanced security features, you can detect threats and respond to them before they cause damage. Identity and access management ensure that only authorized individuals have access to sensitive information and systems. Cloud-based applications provide the most secure and reliable platform for managing and protecting data and systems.

Inside your organization, we encourage you to involve the leadership team and the Board of Directors to be part of the NIS2 compliance process and communicate clearly what NIS2 means for the organization. Your NIS2 project team should have versatile competencies and consist of CISO, CIO, legal, and compliance leaders due to the various aspects of the incoming directive.

To support you on your NIS2 journey, cybersecurity experts at Microsoft and our partners are ready to evaluate your current situation and design a new cybersecurity plan that matches your needs. Together, we are able to provide services that protect your systems and data with industry-leading solutions, in line with Zero Trust principles. With good cooperation and modern solutions that fulfil the most recent requirements, we want to ensure peace of mind for cyber experts.

To get you started, Microsoft has also published a practical guide with three principles and learnings to help you set up a high-level NIS2 strategy in your organization:

  1. Transforming your workforce into cybersecurity champions
  2. Building a plan for preventing and responding to incidents
  3. Teaming up with a partner can improve your cybersecurity posture

You can download the NIS2 Guiding Principles Guide here.

Author:
Juha Karppinen
National Technology Officer, Microsoft Finland

Read more