BT Ireland’s Michael McNamara talks about the upcoming NIS2 Directive and what leaders need to do to become more cyber resilient.
Later this year, the NIS2 EU Directive will come into effect and it strives to strengthen the cybersecurity requirement imposed on companies.
It began as NIS1 – the Network and Information Security Directive – which was introduced in 2016 and paved the way for significant change in the regulatory approach to cybersecurity in many EU countries.
Now coming to its second stage, the directive will look to boost the cyber resilience of companies even further, and will include cyber hygiene requirements, penalties for non-compliance, and a reduction in the time limit for reporting major cyber incidents to national bodies.
This, along with the Digital Operational Resilience Act (DORA), means companies have to step up their game when it comes to cyber resilience. But what do they need to think about?
Michael McNamara, senior security and compliance manager at BT Ireland said one of the key areas that is set to impact businesses is the security needs of the supply chain.
“It’s no longer good enough to look after the security within the four walls of your business; you now need to look at your supply chain and ensure that the right security measures are in place there as well,” he said.
“The most important things that companies need to do to ensure that they’re cyber resilient, the first one is to know the assets you have in your business, know what’s important to your business, and ensure that you secure them to that level of importance.”
He also said there are three main threats that companies should focus on. “The first one is phishing. It’s probably one of the oldest tricks in the book for cybersecurity criminals. For them, I suppose, it’s a low-risk, high-reward attack. For companies and defenders, it’s pretty hard to defend against,” he said.
“The second one is ransomware. Cybercriminals are still extorting assets and data from companies, encrypting them and looking for ransom. So, we’ve seen numerous instances of this recently across the industry. What we’re seeing now is double and triple extortion, they’re using different techniques to get a payload from the exact same attack.
“The third one then for me is supply chain attacks. These again are becoming more prevalent in the industry. What we’re seeing is trusted suppliers being attacked, and when the attacker uses an attack in the supply chain, they can hit numerous companies with a single attack.”
To build resilience against supply chain attacks in particular, McNamara said ensuring you have the right partners and staying connected with the industry is vital. “There’s loads of industry forums out there, there’s loads of help that you can get to make sure that you’re cyber resilient.”
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.