Cybersecurity Optimization in Accordance with NIS2 Directive

The NIS2 Directive (Network and Information Systems Directive 2) is an EU cyber security regulation designed to optimize cybersecurity and adapt it to the current threats. It thus firmly updates existing regulations and obligations in this area, which were introduced in 2016.  

 What does the NIS2 directive change? 

Most significant from the point of view of a local government official or entrepreneur is the significant expansion of the group of regulated entities: 

NIS2 abandons the distinction between core service operators and digital service suppliers, instead classifying organizations according to their importance and dividing them into key entities and important entities

Key entities according to NIS2: 

  • power industry, 
  • transport,
  • banking,
  • financial market infrastructure,
  • healthcare,
  • drinking water sector,
  • wastewater,
  • digital infrastructure,
  • ICT service management,
  • public administration,
  • space. 

Important entities according to NIS2:  

  • postal and courier services,
  • waste management,
  • production, processing and distribution of chemicals,
  • food production, processing and distribution,
  • production (in the broad sense),
  • digital services,
  • scientific activity. 

What does this mean in practical terms? 

In the case of local government units and the entities subordinated to them, where the previous obligations of the NIS Directive of 2016 were not in force, they will become mandatory.  

In places where these safeguards have already been put in place; the new directive imposes further obligations. These include the implementation of risk analysis and risk management solutions, the implementation of a systems security policy, safeguarding supply chains or the development of a Business Continuity Plan.

Importantly, local government officials can count on support from the government grant project: Cyber Secure Local Government. It allows more than 2,800 local government units to receive funding in the range of PLN 200,000 to PLN 850,000 for the implementation of safeguards under the directive. 

However, the deadline for submitting applications is very short and ends in mid-October 2024. So you should hurry. 

In the case of entrepreneurs, the implementation of the NIS2 Directive means that a huge number of entities will begin to be subject to the obligation to apply the safeguards it introduces - mainly in the sector of medium-sized companies (with up to XX employees) with data security previously being a matter of the individual approach of the company. This means, in a significant number of cases, the need to rebuild systems and procedures, and in particular the use of effective data backup systems. 

The deadline for implementation of the new requirements is 17 October 2024, and while this date may seem distant, meeting the advanced requirements detailed in the directive can be - especially for entities not yet covered by it - very time-consuming to implement. 

What if I do not meet the requirements of the directive? 

Unfortunately, failure to implement solutions from the directive may result in very severe sanctions. In the case of key entities, administrative fines may reach up to EUR 10 million or 2% of their total annual turnover. Important entities can be fined €7 million or 1.4% of their total annual turnover.  

How can we help you? 

At Hardware Direct, as experts in the segment of server solutions and their architecture, we have thoroughly analyzed the NIS2 directive guidelines. Our engineers have unanimously concluded that by far the biggest challenge facing entities implementing new solutions will be effective data backup to guarantee data security. In their opinion, most of the backup solutions available on the market only make copies of the data, without protecting it in any way against hacking or Ransomware attacks. Backup by itself in no way brings an entrepreneur or local government unit any closer to meeting the directive's obligations.

 Our system architects have thus prepared a comprehensive backup solution: encrypting and securing data. Its huge advantage is the instant access to the backup, which is not offered by the most popular solutions on the market, such as those based on tape libraries.  

Traditional solutions communicate with the backup medium (the place where the backups are stored) via CIFS or NFS protocols. Through the given protocols, data can be easily accessed during a hacking attack or by using ransomware. This can lead to data theft, encryption or deletion. 

"The solution we have designed uses a unique protocol that is encrypted and also requires authentication. This gives us confidence that in the event of an attack on our infrastructure, neither a hacking attack nor ransomware can penetrate our backup medium," states the documentation related to the implementation

The solution offered by Hardware Direct experts consists of both a Software layer (responsible for performing the backup), and a Hardware part (responsible for storing the non-editable backup). In addition, the Hardware version is designed with recertified units that are covered by a full guarantee. This allows us to offer not only an effective, but also an incomparably more affordable solution than others commonly used on the market.   

“We are aware of how much of a financial burden the implementation of NIS2 solutions will be. That is why we have designed our backup solution in such a way that, with its great efficiency and effectiveness, it is the most cost-effective one on the market. What is more, it is available as a subscription model, which allows us to spread the costs associated with it over time”, explains Robert Siemiński, Sales Manager at Hardware Direct. 

 Hardware Direct's backup solution is offered as PaaS (Platform-As-A-Service) under the OnPrem model, i.e. at your site. Technically, this means that you receive the licensed software and a dedicated hardware solution that is installed in the location you indicate. Hardware Direct provides technical support and helps in managing the infrastructure created under the agreement. Importantly, its architecture excludes the possibility of any access by Hardware Direct employees to the data: reading, copying or deleting it.   

Would you like to learn more about the cyberattack protection services that Hardware Direct can offer you? Are you looking for an effective, comprehensive and affordable cybersecurity solution? Do you need proprietary protection tailored to your needs that meets the obligations of the NIS 2 standard? Contact us today.