Skip to Content
Security Jun 11, 2024

Staying aligned with NIS2 requirements

By Dónal Munnelly CyberSecurity Proposition Manager, BT Ireland

The last blog in a three-part seres (Assess - Implement - Manage) on achieving NIS2 compliance

European directive NIS2 exists to ensure that essential industries and services are sufficiently resilient to survive fast-evolving cyberthreats. Its introduction reflects concerns in the EU Commission about how our economies have become over-reliant on technology that is vulnerable to attack.

The new regulations are an update on the original Network and Information Security directive of 2016, so it’s very likely that further updates will be coming down the track, expanding the scope for compliance as new threats and risks emerge.

A 2023 EU briefing document on NIS2 highlighted the importance of preparing member states for the digital decade ahead, and a need to continually improve cyber-resilience. With the emergence of generative AI and the growing threat of state-sponsored cyberattacks, there is no doubt that any new regulations will need to be amended over time. All of this means that organisations affected by the regulations must plan for the long term, rather than focus on simply achieving compliance in the short term. They need to devise a managed response that can evolve, ensuring they are better placed to align with whatever cybercriminals do next. Not easy, but it’s possible.

Ready for today and tomorrow

BT is recognised globally for delivering outstanding managed security services, forging long-lasting relationships with multinational companies. Any organisation with a footprint in Europe that finds itself in scope for NIS2 can trust BT to ensure compliance by the October 18 deadline and put your organisation on a sound footing for the future.

Firstly, we can advise on your immediate requirements around continuous security monitoring and conducting regular cybersecurity risk assessments, two pillars of NIS2. We can help on the necessary policies and procedures needed to meet the directive’s demands when an incident occurs.

Secondly, we will recommend procedures to protect sensitive data and advise on the necessary training needed to make sure every employee understands the security risks that relate to their work. We will make sure you are consistent with security around your supply chain, whether it’s with suppliers or customers.

Demonstrable layers of security must include a 24-hour early warning system for detecting a suspicious incident. If it turns out to be malicious, an official notification has to be released in 72 hours that includes an assessment of what happened. Following up, the national CSIRT (Computer Security Incident Response Team) will expect an intermediate status report, and after a month, a final report into everything that occurred.

We can cover all these requirements with our preferred vendors, but the real value from a BT engagement is the ongoing management we can provide, standing over your security environment, making sure that your investments are proportionate to the risks you face and continuously improved to stay ahead of the threat curve.

Changing with the times

BT’s fully managed SIEM (Security Information and Event Management) service, is customisable to each client’s needs, and leverages the latest technology from industry-leading partners. Monitored around the clock, our expert security team will mitigate threats and prevent business-damaging compromises and data loss. Access to our Cloud SIEM dashboard will let you see your organisational risk posture and generate on-demand compliance reports.

Our other services include threat priority reporting, where we use our own threat intelligence to highlight and prioritise the threats that pose the biggest danger to your business. We will revisit and evaluate your risk levels on an ongoing basis and make recommendations on improving your security monitoring.

In response to the growth of cloud computing, mobile usage and hybrid working, we have developed a Secure Access Service Edge (SASE) solutions, which provides protection regardless of the user's location or device. It allows you to create secure and agile network infrastructure outside of the traditional office perimeter. It is precisely this kind of product that will allow our multinational clients to stay compliant with regulatory requirements as they continue to evolve.