NIS 2 Directive: Higher standards for cybersecurity from October 2024

Updated on 2024-08-02 with new section “What Can You Do Now?” incl. “Guide to Preparing for the NIS-2 Law”.

In the wake of the new NIS 2 Directive, which comes into force in October 2024, companies will have to pay more attention to cybersecurity. Tools such as Cryptomator, which offers the highest security standards through end-to-end encryption and as open-source software, can help to meet the new requirements.

What Is the NIS 2 Directive?

The NIS-2 Directive (Network and Information Systems Directive) comes into force in October 2024. This is a new EU regulation that aims to raise the standards of cybersecurity within the European Union. This directive extends the scope and requirements of the original NIS Directive to improve the resilience and security of critical infrastructure against cyberattacks. It is aimed at a wide range of companies, including those in the energy, transportation, banking, healthcare and digital infrastructure sectors.

Who Is Affected by the NIS 2 Directive?

The NIS 2 Directive affects all companies that are classified as providers of essential services and operators of critical infrastructure. This includes not only large companies, but also many small and medium-sized enterprises (SMEs) operating in the sectors mentioned. These companies must now implement strict security measures to protect their networks and information systems.

Companies from the following sectors are particularly affected:

  • Energy: Electricity, gas and oil suppliers must secure their networks against cyberattacks. This includes both physical and digital infrastructures.
  • Transportation: Airlines, shipping companies, railroad companies and transport infrastructure operators must take cybersecurity measures to ensure smooth and secure operations.
  • Banking: Financial institutions and payment service providers are required to protect their systems from data leaks and attacks to ensure the integrity and confidentiality of financial transactions.
  • Healthcare: Hospitals, pharmaceutical companies and digital health service providers must protect sensitive patient data and ensure that their digital systems are secured against cyber threats.
  • Digital Infrastructure: Internet service providers, cloud services and data centers must secure their networks and data centers to ensure the availability and security of their services.

Consequences of Non-compliance

Non-compliance with the NIS 2 Directive can have serious consequences. Companies that do not meet the requirements can face significant fines and sanctions. In addition, inadequate cybersecurity can lead to serious security incidents that can cause both financial and reputational damage. Such incidents could disrupt operations, shake customer confidence and have a long-term negative impact on business.

How Cryptomator Can Help

Cryptomator is an innovative solution that helps organizations meet the requirements of the NIS-2 directive and improve their cybersecurity standards. Cryptomator protects data from unauthorized access by encrypting it in a simple and effective way.

Cryptomator Features for NIS-2 Compliance

Cryptomator offers a range of features that can help organizations meet the requirements of the NIS-2 directive:

  • End-To-End Encryption: Reliably protects data from unauthorized access, both during transmission and storage. This encryption technology ensures that only authorized users can access the data.
  • Zero-Knowledge Principle: Only the users have access to their encrypted data; even the developers of Cryptomator do not have access. This guarantees maximum security and confidentiality.
  • Cross-Platform Availability: Cryptomator supports various operating systems such as Windows, macOS, Linux, iOS and Android, which enables flexible and broad application.
  • Easy Access and Management: The user-friendly interface allows even non-technical users to securely encrypt and manage data without the need for extensive technical knowledge.
  • Transparent Encryption: Files can still be edited with common applications without having to remove the encryption. This simplifies the work process and increases efficiency.
  • Open Source Software: The source code is publicly accessible, which creates transparency and trust in the security measures. Users can check the code themselves and ensure that there are no backdoors.

Cryptomator Hub: Security for Teamwork

A special highlight is the Cryptomator Hub, which has been specially developed for team collaboration. Cryptomator Hub offers additional functions for managing and sharing encrypted files in a team environment.

Here are some of the benefits of Cryptomator Hub:

  • Centralized management: Manage access rights and encryption settings centrally for all team members. This simplifies administration and increases control over data security.
  • Secure collaboration: Share files securely within the team without compromising encryption. This enables efficient and secure collaboration, even in distributed teams.
  • Compliance: Ensure that your organization meets the requirements of the NIS 2 directive and that your data is protected at all times. Cryptomator Hub helps you to implement and maintain the necessary security measures.

What Can You Do Now?

The NIS-2 law passed the cabinet on July 24, 2024, but it has yet to be approved by the German Bundestag. Therefore, the Federal Office for Information Security (BSI) cannot currently provide detailed statements on the implementation of the law in Germany. The following information is therefore initially based on EU legislation. Once the law is finally adopted in Germany, appropriate adjustments and specific instructions will be published.

Guide to Preparing for the NIS-2 Law

  1. Conduct Impact Assessment: Use the NIS-2 impact assessment tool to determine if your company is affected by the NIS-2 Directive. The information provided is for guidance only and does not replace the comprehensive self-identification assessment.
  2. Registration and Proof Obligations: Companies subject to the NIS-2 Directive must register. Additionally, they must prepare evidence of their security measures.
  3. Enhance IT Security Measures: Ensure that your IT security measures meet the new requirements. This includes regular security reviews and documentation of corresponding measures.
  4. Implement Reporting Systems: Set up systems to promptly report IT security incidents to the BSI. This includes the identification and communication of incidents within a short timeframe.
  5. Training and Awareness: Develop comprehensive training programs for your employees to ensure that everyone understands the new legal requirements and the importance of IT security. Conduct regular awareness campaigns to increase awareness of IT security risks and measures.
  6. Monitor Legal Developments: Stay informed about changes and new requirements of the NIS-2 Directive by regularly reviewing BSI publications and other relevant sources.

By taking these steps, you can prepare early for the new requirements of the NIS-2 Directive and ensure that your company complies with the upcoming legal requirements.

Conclusion

The NIS 2 directive presents companies with new cybersecurity challenges, but with the right tools you can successfully meet these requirements. Cryptomator, with its end-to-end encryption and user-friendly, cross-platform application, offers an effective solution to protect your sensitive data and meet the new security standards. Especially for companies that operate as providers of essential services and operators of critical infrastructure, Cryptomator is an indispensable tool to ensure compliance and ward off cyber threats. Cryptomator Hub also enables teams to collaborate securely and efficiently without compromising on security.

You want to encrypt your cloud storage with Cryptomator?

Cryptomator secures your sensitive and confidential files in the cloud using end-to-end encryption. Cryptomator Hub manages team access and is ideal for teams and organizations.

Encrypt Your Cloud Storage Now