Nederlands
The Network and Information Systems Directive (NIS2) is a European Union regulation enacted in November 2022 that sets out cybersecurity requirements for providers of essential services and digital service providers. The directive aims to “achieve a high common level of cybersecurity across the Union”.
At its core, NIS2 requires organizations to implement security measures to prevent and mitigate cyber threats and report security incidents to the relevant authorities. A large part of preventing and mitigating cyber threats is accomplished by performing regular pentests and vulnerability scans.
Pentesting is a process by which a third party (the "pentester") tests an organization's networks, systems, and applications for vulnerabilities. This gives organizations insight into any vulnerabilities in their infrastructure and helps them identify and correct them. Vulnerability scanning is a process by which security tooling software automatically searches for known vulnerabilities in systems and applications. This can help identify and correct any hazards quickly.
Pentest as part of NIS2 compliance
The NIS2 guideline sets cybersecurity obligations for organizations that operate or manage critical infrastructure. In addition, the so-called 'important' companies and all suppliers will have to deal with this new directive. This also applies to small and medium-sized enterprises.
Request a quote for a pentest for NIS2 compliance, view the various options, or contact us for more information.
What must companies do to comply with the NIS2 regulations?
Organizations can regularly perform pentests and vulnerability scans to ensure their networks and systems are secure and comply with NIS2 legislation. It is, therefore, essential to implement these security measures regularly to ensure that the organization is protected against the latest cyber threats.
Why is NIS2 being introduced?
- Firstly, cybercriminals are constantly developing new ways to attack organizations, and the current NIS legislation from 2018 in Europe is not applied or enforced in the same way everywhere. This can cause problems for companies that do business with European countries or have offices in several countries. There was, therefore, a need for a new law that was followed throughout Europe.
- Secondly, cybercrime is increasingly a significant problem. According to figures from the European Commission, 28% of all European SMEs experienced at least on type of cybercrime in 2021. Therefore, action must be taken to improve security and reduce the number of cyber attacks.