The NIS2 Directive Will Impact The Security Ecosystem Across The EU

Uploaded on 2024-08-29 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

In our increasingly digital and interconnected world, it’s little surprise that business leaders and governments are focusing on the cybersecurity of everything connected to the Internet. As the Internet of Things (IoT) expands, so do the opportunities for malicious actors to exploit devices, either as gateways to larger cyberattacks or to access data.

Indeed, the European Union Agency for Cybersecurity, ENISA, sees new threats to cybersecurity emerging because of the wealth of data that devices can now collect and the advances in AI that now make cyber-attacks more complex and scalable.

Here Comes The NIS2 Directive

The NIS2 Directive, a Europe-wide legislation that aims to improve the cybersecurity of network and information systems across the EU, goes some way in combatting the increased risk of cyber-attacks. It is a continuation of the first NIS Directive, with an expanded remit including digital infrastructure such as cameras and IoT devices. Any business that uses cameras and other connected devices will need to take additional steps to protect video network security and its data from 18 October 2024. 

Europe has had a long track record of leading the way in terms of data protection, with GDPR being a recent example. So, we can expect the NIS2 Directive to have some sway over other governments’ legislation in the coming years. It’s a savvy move for all organisations to follow the practices and guardrails put in place by the legislation, especially if they operate in, or do business with, Europe. 

Complying With The NIS2 Directive 

The NIS2 Directive focuses on two main areas: Protecting networks and information systems through proactive measures; and responding quickly when under a cyberattack.

Protecting your video network and other devices
Your video and IoT network is a unique target for hackers thanks to the data it collects, and which can be used to gain confidential information, for blackmail, or even to inform future cyber or physical attacks, through mapping out a building’s floor plan and schedules. 

Checking the fundamentals are in place to secure cameras is the first to-do on any user’s list. You can separate this into two main areas: asset management and access management. 

Asset management involves securing the hardware within your security system. That’ll include cameras, servers, and sensors. 

Of course, every device in your network will become vulnerable if its firmware isn’t kept updated. Users should check for the latest version as soon as it is installed, as some time can pass between a camera leaving the factory and its installation. Likewise, camera drivers should be updated to the latest software version. Some camera models come with factory passwords and these need to be changed quickly.

This brings us to access management best practices. Password sharing is common in many workplaces, but it can introduce significant vulnerabilities through stolen or misused passwords. Without unique login credentials, you cannot track who is in your system, and what they are doing. So, every individual needs their own access credentials for a video system. 

Individuals should be granted the level of access appropriate to their role, and that extends to a physical space too. If someone isn’t directly working on the maintenance or administration of the hardware and software, they shouldn’t have access to a server room and shouldn’t have admin rights. 

Getting the basics of video cybersecurity right will greatly reduce a system’s attractiveness to malicious actors. 

Rapid Cyber-Attack Responses
If the worst-case scenario happens and you find that someone has gained unauthorised access to your system, you’ll need to respond quickly. Where separation exists between a video network and wider IT infrastructure, containment will be relatively straightforward (hence, this is greatly advised to have in place!). 

Users should identify the affected devices and networks and, if possible, take them offline to disconnect them and prevent a widespread gateway attack. Checking audit reports will help understand who has accessed the system, what they did, and when.

It’s worth simulating an attack on your video system on a regular basis. This’ll allow you to test response times and processes, identify unused licenses or other vulnerabilities, and train your team. Under pressure, people often revert back to their habits and training, so ensuring that they understand what to do and what to avoid can make a huge difference in a cyber-attack. 
Your choice of partner matters
Partnering with a responsible manufacturer who puts cybersecurity at the core of product development can make a serious difference to cyber-resilience. 

Compliance with NIS2 Directive is just the start for anybody working in the digital realm. Governments worldwide are making concerted efforts to improve cybersecurity. Working together with a reputable manufacturer, organisations can rest assured that their video security ecosystems won’t be an easy target.

Jos Beernink is VP EMEA at Milestone Systems

Image: 

You Might Also Read:

Resilience As Regulation: Preparing For The Impact Of CER:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Mobile & On-Line Banking Cyber Security [extract]
For Many Businesses Experiencing MultiCloud Data Breach, Multi-Cloud Security Could Be The Answer »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Everything Blockchain

Everything Blockchain

Everything Blockchain offer solutions that transform enterprise data-management capabilities. Increased efficiency, super-charged performance and all with government grade security.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.

Access Talent Today

Access Talent Today

Access Talent Today is an AI/ML and cyber security talent provider.