{"id":1303,"date":"2022-08-30T07:46:00","date_gmt":"2022-08-30T07:46:00","guid":{"rendered":"https:\/\/beta.seersco.com\/articles\/?p=1303"},"modified":"2024-06-10T11:11:08","modified_gmt":"2024-06-10T11:11:08","slug":"cyber-security-nis-directive","status":"publish","type":"post","link":"https:\/\/seersco.com\/articles\/cyber-security-nis-directive\/","title":{"rendered":"Cyber Security and The NIS Directive"},"content":{"rendered":"\n

NIS Directive (EU 2016\/1148)<\/h2>\n\n\n\n

Nowadays, cyber-attacks are on the rise! Targeted attacks on organizations have grown from an average of 350,000 cyber incidents in 2017 to 4000 cyberattacks per day during the COVID-19 pandemic in 2020. The NIS directive is relevant to this discussion. <\/p>\n\n\n\n

\u2713 Digital security infrastructure<\/h4>\n\n\n\n

Today\u2019s digital security infrastructure can prevent 87% of the attacks. But, even with that level of security, organisations are looking at anywhere in the range of 2 to 3 breaches per month. What if essential services like banking or telecom services are breached or manipulated by these attacks? It can turn the life of citizens upside down and even topple a country\u2019s economy.<\/p>\n\n\n\n

\u2713 GDPR privacy protection<\/h4>\n\n\n\n

General Data Protection Regulation (GDPR)<\/strong> is a powerful privacy protection measure that will be affecting the way organizations deal with the data of EU residents. But, there is another set of regulations that some organizations must follow in addition to those laid down by the GDPR. This regulation is called the Network, and Information Systems (NIS) Directive<\/a>\u00a0<\/strong>and it deals with the issue of cybersecurity concerning the critical national infrastructure. So, what exactly is the NIS Directive, and what are its implications?<\/p>\n\n\n\n

Need for the NIS Directive<\/h3>\n\n\n\n

The cybersecurity<\/strong> breaches survey 2017 showed that for the 74% of the surveyed businesses, cyber essential<\/a> is an essential requirement for senior management. However, the survey came out with a startling finding that despite the evident significance attached by businesses to cybersecurity, all the UK businesses (covered by the survey) faced cybersecurity risks. More needs to be done in this regard and organisations should at least conduct a cyber secure audit<\/strong> to identify their key risks and recommendations to address these risks.<\/p>\n\n\n\n

\u2713 Cybersecurity, not a concern just for large organisations<\/h4>\n\n\n\n

Unlike popular perception, cybersecurity<\/strong> is not a concern for only large enterprises, but also small and medium-sized businesses (SMEs). The latter are at a higher risk since they neither have the funds nor the expertise. They incur significant costs on account of these breaches, and the customer data is also compromised. SMEs can greatly benefit from the innovative and competitively priced compliance solutions covering consent management<\/strong>, assessments & certifications<\/strong>, policies & documentation<\/strong> and privacy experts<\/strong> offered by Seers<\/a><\/strong>.<\/p>\n\n\n\n

\u2713 More people<\/h4>\n\n\n\n

With more and more people going online, with businesses storing consumer and corporate data on the cloud, and with the emergence of technologies like 5G that can facilitate faster data connectivity, it is only natural for lawmakers to pay greater attention to the concerns of rising cyber threats. The NIS Directive<\/strong> was under discussion since 2013 and finally came into effect in 2018.<\/p>\n\n\n\n

What is the NIS Directive?<\/h3>\n\n\n\n

The objective of the NIS Directive<\/strong> is to improve the security of the digital infrastructure \u2013 including both information systems and networks \u2013 across the entire EU. The law governs the cybersecurity standards followed by the providers of essential services in the EU and providers of digital services to the EU residents.<\/p>\n\n\n\n

Implementation of the NIS Directive<\/h3>\n\n\n\n

Before implementing the NIS Directive, cybersecurity <\/strong>concerns were tackled on a national level by the EU. However, the EU countries already have many connected digital networks. The gaps, in terms of legislation, created a multitude of complexities and made it difficult to target the cybercriminals.<\/p>\n\n\n\n

The NIS Directive bridges these gaps definitively. It also creates a much safer online environment for the dispensing of essential services, which are critical for the smooth functioning of the information security infrastructure of a nation and the structures supporting these.<\/p>\n\n\n\n

NIS Directive requirements<\/h3>\n\n\n\n

It demands that the EU member states put in place a fully equipped national framework to counter the attacks related to cybersecurity. The framework broadly has three components:<\/p>\n\n\n\n