Skip to content
Blog Cyber Security Nordic Netox – Preparing for NIS2
Article

Preparing for NIS2

Published

It’s hard to believe that October, filled with NIS2 preparations, is already looming. There is still no national law, but that doesn’t mean we can sit back and do nothing. The directive will come soon, and then it will be a bit too late to be compliant if you haven’t started preparing yet.

NIS2 is not the monster many companies think it is. Often, when we start a discussion with an entity under NIS2, there’s a deep sigh, thinking it will cost a fortune due to the massive amount of technology needed. But when we start approaching topics like risk management, documentation, staff competence, and processes, many are surprised. Cybersecurity can’t be achieved without heaps of hardware and technologies. The mindset that security comes from boxes and software, rather than how they are used and configured, still persists. Not to mention how staff awareness of their actions or inactions impacts cybersecurity.

Another common issue is the typical Finnish modesty, thinking “we don’t have anything anyone would want” or “our actions don’t affect others.” Yes, they do! Cybersecurity is a collective effort. When everyone does their best, the overall security level rises significantly. This project indeed requires everyone’s contribution for the best outcome. Well, “outcome” might be misleading, as cybersecurity is one of those projects that is never finished, but let’s not tell anyone that so people keep pushing forward. 😄

Although cybersecurity awareness has grown significantly in recent years, there’s still much work to be done to reach a level of sufficient understanding and competence among companies and individuals. NIS2 will increase cybersecurity awareness somewhat forcibly among the entities it affects. Understanding of NIS2 can also be enhanced, for example, with FISC’s NIS2 guide. The official version 1.0 is coming soon, and the beta version has been available for a while. Things are progressing, great! There’s also plenty of guidance available for ordinary people who don’t need to apply NIS2 requirements in their lives to handle the mysterious cyber world. Cyber actors in Finland are doing good educational work through their channels, the National Cyber Security Center educates as much as it can, and the EU is also doing good work, for example, through the Cyber Citizen program. It’s worth seeking information from reliable sources to expand your understanding of cyber. Cybersecurity is not a monster; it’s not something that exists in the stratosphere. It’s ultimately quite simple stuff that everyone can learn at the level they need to apply it in their lives.

Have a cyber-safe autumn!

Read more