Blog Five ways that NIS2 can raise the standard of any complicance program

“You can raise the bar or you can wait for others to raise it, but it's getting raised regardless”.

Stephen Hearty
Head of Symantec Product Marketing EMEA

April 4, 2024

5 Min

NIS2 picks up from the previous NIS by providing a cybersecurity framework for essential and important services while offering a more manageable standard for any organisation to meet. Whether or not NIS2 is mandated for your organisation, its principles are an exemplar for any compliance program.

Here are five reasons why NIS2 can raise the bar of your compliance program:

  1. Keep the bad guys out. Robust cybersecurity measures.
    For essential and critical services, NIS2 mandates robust cybersecurity measures such as incident management, stronger supply chain security, enhanced network security, better access control, and encryption, to protect critical infrastructure and digital services. By implementing similar measures, any organisation can fortify themselves against ever-evolving cyber threats, safeguarding sensitive data, systems, and networks from unauthorised access, disruption or manipulation.
  2. Quantify the risks. Enhanced incident reporting mechanisms.
    By understanding the potential consequences of non-compliance, operators of essential and important services can make informed decisions and take steps to implement security measures to ultimately reduce and mitigate risk (Those who fall foul of NIS2 can expect to face significant penalties). That requires establishing reporting mechanisms to promptly notify relevant authorities of cybersecurity incidents. Integrating these processes into compliance programs enables organisations to detect, assess and respond to security breaches far more effectively, minimising the impact of incidents.
  3. Don’t just talk the talk. Adopt a consolidated policy system.
    Within NIS2, it is important to demonstrate compliance both internally and externally (e.g. to auditors, trade bodies, regulators) that you ‘have a grip on your data’. It’s important to be able to show you know where your data is, you can track its access and use, you can apply relevant controls and you have access to the right information to investigate and remediate data loss incidents.

    Without using a consolidated system for policies, the workload needed to achieve all this can be huge, even to the point of being unworkable – especially when regulations like NIS2 demand breach notification in short timeframes.

    For policy consistency, enforcement and authorisation, consider products such as Symantec Data Loss Prevention (DLP), Cloud Secure Web Gateway (Cloud SWG) and Zero Trust Network Access (ZTNA).

    Symantec DLP has a ‘single policy engine’ i.e. if you need to ensure data complies with a new privacy standard, you can develop that policy once and then deploy it everywhere you need. DLP eliminates the need to iterate multiple policies with the risk of inconsistent or missed detections. With DLP, organisations can define data protection policies seamlessly across endpoints, networks, and cloud environments. Symantec Cloud SWG extends this capability by enforcing that policy, securing web traffic, and preventing access to, or by, malicious content. Meanwhile, Symantec ZTNA adds another layer of protection by ensuring only authorised users and devices can access critical resources.

    By adopting such a consolidated approach to policy management, businesses can achieve and maintain compliance with NIS2 and ensure that they are not leaving sensitive data lurking in the shadows.
  4. Sharing is caring. Cultural emphasis on cybersecurity.
    NIS2 fosters a culture of cybersecurity awareness and accountability among operators of essential and important services. Likewise, organisations can cultivate a similar culture by prioritising cybersecurity education, training and awareness programs for employees at all levels. By instilling a shared commitment to cybersecurity best practices and risk management principles, organisations can empower their workforce to actively contribute to compliance efforts and mitigate security risks.
  5. Business as usual. Ensuring operational continuity.
    NIS2 emphasises the importance of maintaining business continuity in the face of cyber incidents. That includes backup and recovery strategies and testing response procedures to minimise downtime and mitigate financial and reputational losses. Aligning business continuity efforts with cybersecurity objectives not only enhances overall resilience but speeds recovery from cyber threats which can lead to a sustained competitive advantage.

Any goal needs a plan. Start Early

Achieving NIS2 compliance can be an intricate process for any organisation. It demands thorough implementation of new security protocols and comprehensive organisational education. For the estimated 160,000 organisations in Europe who will need to comply, the deadline is 17 October 2024. There is still time but delay only increases the risks of costly compliance blunders.

Even if you’re not covered by NIS2, set yourself an artificial deadline to give you that imperative to drive the change and ensure highest levels and consistent compliance…. Cyber threats are everywhere and rapidly evolving. The cybersecurity bar is being raised so don’t wait for others or you may get left too far behind.

How can Symantec cybersecurity solutions help you to comply with the NIS2 Directive?

It is important to understand that no software vendor, including Symantec, can claim that a solitary product will fulfil all NIS2 requirements. However, the Symantec portfolio possesses all the necessary cybersecurity capabilities and is trusted by many of the world’s largest and complex organisations, where a strong focus on risk and compliance is required. Those same technologies can help you drive, define and maintain your organisation’s compliance with its NIS2 obligations.

Back to Blogs