Why NIS2: Cybersecurity for Critical Infrastructures:
When will NIS2 come into force
Is your organisation subject to NIS2 regulations?
Very critical | Critical |
Transport | Manufacture |
Energy | Waste Management |
Banking and Financial Market Infrastructure | Postal and Courier Services |
Healthcare | Food production, processing, and distribution |
Drinking water | Chemical and Pharmaceutical Production |
Wastewater | Digital Service Providers |
Digital Infrastructure | Research |
Management of ICT services (B2B) |
|
Government |
|
Space travel |
|
Are you Essential or Important?
| Very critical = Essential | Critical = Important |
| For 'Essential' organisations monitoring must be strictly proactive and clearly reflected within processes, with regulators checking that these organisations are applying these measures and complying correctly. | For ‘Important’ organisations, monitoring will be reactive when there is evidence of a cyber incident. |
Four key requirement areas
- Risk management - Organisations need to address all potential risks including human error, system failure, malicious actors, natural disasters, and the physical and environmental security of systems.
- Corporate accountability - NIS2 holds C-level executives responsible and requires management to oversee, approve, be trained on, and address risks to their organisation’s cybersecurity. Executives will be held personally liable through measures such as suspension from holding management positions if they fail to do this.
- Reporting obligations – NIS2 has detailed requirements for reporting security incidents, so if your organisation is applicable to NIS2 it is vital that you have processes in place for promptly reporting security incidents.
- Business continuity – As NIS2 applies to providers of services that are vital to the functioning of society, these organisations must have plans in place to keep their services running if they experience a major security incident. These plans should include system recovery, emergency procedures, and creating a crisis response team.
Minimum security measures you are required to cover under NIS2
- Policies on risk analysis and information system security.
- Incident handling.
- Business continuity - such as backup management and disaster recovery, and crisis management.
- Supply chain security - including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers.
- Security in network and information systems acquisition, development, and maintenance, including vulnerability handling and disclosure.
- Policies and procedures to assess the effectiveness of cybersecurity risk management measures.
- Basic cyber hygiene practices and cybersecurity training.
- Policies and procedures regarding the use of cryptography and, where appropriate, encryption.
- Human resources security, access control policies and asset management.
- The use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications, and secured emergency communication systems within the entity – where appropriate.
Ensuring you meet the requirements of NIS2 – How Konica Minolta can help you
Now is the time to take action, as Martin Mølvig, Head of Security Services Europe at Konica Minolta commented, "The launch of NIS2 has brought cybersecurity concerns sharply into focus for many organisations that were unaffected by the original NIS regulations and that may not have been aware beforehand. It is vital that all organisations consider how they are affected and what they must do to be compliant.”
Martin added, “It may be tempting to avoid investing in the right cybersecurity protection, but NIS2 raises the bar for everyone. For example, from a Business Continuity point of view there may be workarounds to keep the business going through to recovery. But what do you say to stakeholders, customers, and the press etc when there are interruptions to your operations?”
Konica Minolta offers a number of professional security solutions that can help to address some of the key NIS2 requirements, such as:
- Incident handling and maintenance, including vulnerability handling and disclosure.
- Business continuity with backup management.
- The use of multi-factor authentication.
Incident handling and maintenance, including vulnerability handling and disclosure
Konica Minolta's endpoint protection service Workplace Intrusion Patrol, which is based on Microsoft Defender, protects IT endpoints such as PCs/laptops, tablets and mobile phones, as well as servers, regardless of where employees work and even short periods when they are not connected to a network. The service detects and neutralises stealthy attacks that have managed to bypass other protective security measures (such as passwords and traditional anti-virus tools) and are now present in the IT environment, stopping intruders before they can use the endpoint as a springboard for wider or more serious attacks on central systems and data. In the event of a threat, this cloud-based service isolates the device and eliminates the threat before it spreads further in the IT environment.
The leading-edge anti-virus solution Bitdefender can be embedded in Konica Minolta's multi-functional printer bizhub i-Series’ firmware and monitors all scanned files and documents transferred to and from it in real time. It immediately detects viruses and malware and informs about the potential threat. It also enables manual scanning on hard drives as well as scanning on demand. This prevents the spread of viruses to other PCs and servers and ensures that the multifunction device does not become a springboard for the loss of corporate information.
Further, with Shield Guard - Konica Minolta's cloud service for remote security monitoring and management for MFPs - security settings of multiple MFPs can be monitored from anywhere. It collects information about the security status of all devices, sends notification in the event of an incident, and performs mitigation.
Business continuity with backup management
Konica Minolta’s Workplace One is a comprehensive solution that includes a managed Microsoft 365 environment, managed backup services, proactive remote monitoring and enabling online services such as Exchange, Teams, OneDrive, etc. in Microsoft 365. Workplace One’s Managed Backup service provides a fully managed, automated backup and recovery service to avoid data loss and costly business interruptions. With its management services and daily backups, Konica Minolta ensures that all your emails and files – including OneDrive, SharePoint and Microsoft Teams – are always protected and restores the data backed up to the Date Centre in the event of data loss due to a cyber-attack threat. The data is hosted in Konica Minolta's ISO27001 certified data centres in Germany and Sweden. Download eBook
The use of multi-factor authentication
On top of this, Workplace One offers multi-factor authentication (MFA) which prevents unauthorised access to sensitive information. With MFA, your users must present a combination of two or more credentials to verify their identity for login. Konica Minolta’s cloud print solution Workplace Pure offers also MFA.
You can try Workplace Pure for free for 30 days (with no obligation) here.
