Back NIS2: The next challenge for industrial companies
NIS2: The next challenge for industrial companies
On the 29th, ZIUR held a webinar on the NIS2 Directive together with the company specialising in industrial networks, Cibcom Technologies. The aim was for industrial companies in Guipuzcoa to learn how they are affected by the entry into force of this European legislation on cybersecurity, which applies to medium and large companies, whether public or private, in highly critical sectors and other critical sectors that provide their services or carry out their activities in the European Union.
The European NIS2 regulation is revolutionising the cybersecurity requirements of industrial companies, since the new obligations derived from it affect the protection of critical infrastructures of industrial companies, as well as OT/IT integration.
In this regard, the general director of ZIUR, María Penilla, offered participants a contextualisation of vulnerabilities and exposure in the field of OT technology, in which she spoke, among other aspects, about the exposure derived from insecure connectivity. In his presentation, he stated that “by 2028 the number of OT attacks using remote access will grow to represent 15% of attack vectors,” according to Gartner.
On the other hand, Penilla made an introduction to the NIS2 Directive, as well as a list of aspects affected by its entry into force, so that companies are prepared to comply with this regulation, avoiding sanctions and vulnerabilities in operations that may compromise their reputation, and avoiding costly cyberattacks.
Thus, he put the regulation into context and cited the most important changes with respect to its predecessor, the NIS1 Directive, among which it is worth highlighting its focus on the protection of the supply chain and the expansion of its scope of application with more sectors. In this sense, he listed the sectors to which the directive applies, emphasizing the manufacturing industry and SMEs, and shared measures to manage cyber-risk, as well as support technologies to comply with the regulation.
Finally, the director of the Gipuzkoa Industrial Cybersecurity Centre highlighted the work of the Foundation in this area, presenting the new tool developed by ZIUR for consultation on aspects of NIS2, nicknamed 'ADI', which is based on Artificial Intelligence.
For his part, Aingeru Costa Calvo, industrial cybersecurity technician at Cibcom Technologies, shared a series of good practices to end the meeting related to segmentation and microsegmentation, and continued with the approach to a Disaster Recovery plan for the recovery of data and functionalities.
With this event, ZIUR aims to keep the Gipuzkoan business community informed and aware of the latest developments in cybersecurity so that their companies can guarantee the security of their systems and competitiveness in an increasingly regulated environment.