There is an observed ongoing movement towards digital transformation during the very last years, not only in private and enterprise environments but also in critical national infrastructure operators, such as energy and water supply, banking, healthcare and transportation. It's a well-recognized moto that, with change, comes opportunity. However, there's a double dimension regarding those who benefit: apart from the primary groups which actually tranform digitally, there's the group of the adversaries who take advantage of the new conectedness models the new era of digital transformation proposes. In other words, digital transformation introduces increased cyber risk; thus, a proactive management model is crucial.
Especially for organizations related to critical national infrastructure, the risks are broader and have a heavier impact, as we're talking about essential services delivered to the public and an interruption of any essential service, such as electricity distribution or water supply can be easily imagined. History has shown that these types of attacks are not fictional:
Digital transformation should not be considered a facile modernism. It's a great enabler but there's a challenge in proper management of the new era of systems and processes. This challenge intensifies for 2 reasons:
By exploiting these factors, adversaries perform successful attacks which can remain undetected, at least at the time of actually happening. There are numerous breaches which were detected but it was several weeks or months after the actual incident.Proactive actions, visibility and continuous improvement are the answer.
European Commission introduced the EU 2016/1148 NIS Directive as part of the EU Cybersecurity strategy. The NIS Directive is the first piece of EU-wide cybersecurity legislation and its goal is to enhance cybersecurity across the EU, targeting mainly critical national infrastructure or Operators of Essential Services, and Digital Service Providers as the terms officially appear in the Directive. It was adopted in 2016 and subsequently, being an EU directive, every EU member state has started to adopt national legislation, which follows the directive. The NIS Directive sets three primary objectives:
SpearIT, being already involved in cybersecurity consulting and governance operations in the filed of critical national infrastructure, has compiled a services bundle in a holistic approach, customizable according to your organizational and legislative requirements. View Solutions
Especially for Greek interested parties, SpearIT has published an informative whitepaper on the greek legislature under EU NIS Directive, available for download right below: