On the 17th of October 2024, the European Union is putting its NIS2 Directive into action. While every member state will create its legislation based on the directive, the goal is the same for everyone: to boost the overall cybersecurity of the EU. Here is how Lansweeper can help you to prepare for NIS2.
Webinar – NIS2 Directive Legislation
Learn how to prepare and navigate the complex terrain of NIS2 compliance.
WATCH THE WEBINARWhat is the NIS2 Directive?
The NIS2 Directive is an EU-wide cybersecurity legislation. Every member state must convert the directive into national law to boost the overall cybersecurity of the EU. NIS2 replaces the first NIS (Network and Information Security) Directive introduced in 2016. It is much broader in scope and has been updated to keep up with increased digitization and the evolving threat landscape.
Each member state is responsible for converting this directive into national law. As the deadline of October 17, 2024 approaches, pay attention to any communication surrounding NIS2 from your government.
Ensure NIS2 Compliance
Get started by discovering your entire technology estate.
FREE TRIALHow Lansweeper Helps You Prepare for NIS2
As everyone knows by now, you can’t protect what you don’t know you have. The requirements for the NIS2 directive are extensive and meeting them will require a concerted effort from all stakeholders, but everything starts with knowing your IT environment. Here is how Lansweeper can help you prepare.
Robust Cybersecurity Through Full Visibility
-
NIS2 Article 21
“Member States shall ensure that essential and important entities take appropriate and proportionate technical, operational, and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services.
These measures shall be based on an all-hazards approach that aims to protect network and information systems and the physical environment of those systems from incidents, and shall include at least the following:
(a) policies on risk analysis and information system security;
(b) incident handling;
(c) business continuity, such as backup management and disaster recovery, and crisis management;
…(g) basic cyber hygiene practices and cybersecurity training;
(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;
(i) human resources security, access control policies and asset management;
…”
As mentioned above, good cybersecurity starts with good visibility. Lansweeper helps you discover and keep track of every IT, OT, and IoT device in your IT estate. Manage not only your devices but also your AD users and groups to ensure proper access control.
Use Lansweeper’s best-in-class discovery alongside risk insights to do risk analysis. Discover misconfigurations like missing AV installations, lack of encryption, unauthorized local admins, outdated certificates, and outdated software and drivers. Keep an inventory of your backup agents and versions to ensure that backup and disaster recovery services are always enabled & up-to-date.
If you have a security incident, use Lansweeper to identify all vulnerable machines. Using diagrams, you can see all connected devices that might be at risk within the same network segment.
Discover Your OT Estate
-
Preamble 53
“Utilities are increasingly connected to digital networks in cities, … Those digitalised utilities are vulnerable to cyberattacks and run the risk, in the event of a successful cyberattack, of harming citizens at a large scale due to their interconnectedness. Member States should develop a policy that addresses the development of such connected or smart cities, and their potential effects on society, as part of their national cybersecurity strategy.”
In many industries in the scope of the NIS2 directive, operational technology plays a crucial role. In contrast to IT environments, OT systems are often not patched or upgraded regularly, which leaves them open to devastating cyberattacks.
Lansweeper’s OT scanner detects, identifies, and scans OT devices from well-known manufacturers. The complete and accurate OT asset inventory Lansweeper provides allows you to plan and manage maintenance and protect against firmware vulnerabilities before they become an issue. Use Lansweeper to keep your OT devices secure and up-to-date at all times.
Clean Up Your Cyber Hygiene
-
Preamble 49, 50, and 89
“Cyber hygiene policies provide the foundations for protecting network and information system infrastructures, hardware, software and online application security, and business or end-user data upon which entities rely. Cyber hygiene policies comprising a common baseline set of practices, including software and hardware updates, password changes, the management of new installs, the limitation of administrator-level access accounts, and the backing-up of data, enable a proactive framework of preparedness and overall safety and security in the event of incidents or cyber threats. …”
“Cybersecurity awareness and cyber hygiene are essential to enhance the level of cybersecurity within the Union, in particular in light of the growing number of connected devices that are increasingly used in cyberattacks. Efforts should be made to enhance the overall awareness of risks related to such devices, …”
“Essential and important entities should adopt a wide range of basic cyber hygiene practices, such as zero-trust principles, software updates, device configuration, network segmentation, identity and access management or user awareness, …”
The NIS2 directive attaches a lot of importance to cyber hygiene policies. Lansweeper not only discovers every device connected to your network but also gives you insight into data encryption, out-of-date software, unauthorized local admins, backup creation, user and user access, and so much more. The unrivaled width and depth of IT assets and user data that Lansweeper gathers allows you to proactively manage and report on weak spots and suspicious behavior to strengthen your security posture against possible threats.
Ensure Security Framework Compliance
-
Preamble 59
“The Commission, ENISA and the Member States should continue to foster alignments with international standards and existing industry best practices in the area of cybersecurity risk management, for example in the areas of supply chain security assessments, information sharing and vulnerability disclosure”
The NIS2 Directive is far from the only cybersecurity framework out there. Compliance with any other existing frameworks can help strengthen your cybersecurity posture. Many of these frameworks have proper visibility into your IT estate and IT asset management as one of their first requirements, as they can all agree that you can’t protect what you don’t know you have. Use Lansweeper to comply with frameworks like CIS, ISO, or NIST.
Cybersecurity Outside the NIS2 Scope
-
Preamble 13
“Given the intensification and increased sophistication of cyber threats, Member States should strive to ensure that entities that are excluded from the scope of this Directive achieve a high level of cybersecurity and to support the implementation of equivalent cybersecurity risk-management measures that reflect the sensitive nature of those entities.”
Cybersecurity doesn’t just concern the entities within the NIS2 scope. Even if your organization is out-of-scope, the NIS2 recommendations are a reliable guideline to help you improve your cybersecurity posture. Large companies that provide essential services may be more attractive targets for cybercriminals, but even non-essential small businesses can benefit from robust cybersecurity measures. They safeguard against data breaches, financial fraud, and reputational damage and foster customer trust, regulatory compliance, and sustained business continuity.
NIS2 Compliance – What You Need to Know
Learn more about the scope and timeline of the NIS2 Directive.
LEARN MORE