With all the talk of GDPR you may not have noticed that another major piece of legislation came into force on May 9th.
The NIS Directive is an EU directive on the security of networks and information systems. Primarily targeted at organisations overseeing and operating critical infrastructure, the directive aims to ensure that they are protected from cyber attacks and network failures. The health, energy, water, digital infrastructure and transport sectors, plus Digital Service Providers, now have to demonstrate that they are effectively implementing the directive.
Failure to report breaches or network outages within 72 hours can now result in a fine of up to £17 million by the authorities. However, these fines do not apply if an organisation has proven that it has carried out risk assessments and taken appropriate measures to defend against cyber-attacks.
While GDPR is focused on the protection of personal data of people in the EU, NIS focuses on making sure that vital services which are reliant on technology remain resilient to cyber-attacks. 2017’s WannaCry ransomware attack which almost crippled the NHS highlights the importance of improving the cyber security of key services.
By using CyberScore™, you will be able to demonstrate improvements to your cybersecurity posture as well as measure the vulnerability of your organisation to attacks. It allows you to monitor and track your continuous remediation of these vulnerabilities as well as provide evidence of the actions taken to secure the organisation.
With the energy sector being a prime target due to the major implications to the safety and integrity of the nation’s infrastructure, Drax one of the UK’s leading power infrastructure companies has deployed CyberScore™.
CyberScore™ has allowed Drax to support its suppliers and subsidiaries throughout its vast supply chain, allowing its own security and IT teams the time to focus on further strengthening the defences of the organisation as a whole.
“With outside threat actors targeting infrastructure far more frequently than before, and Category One attacks now considered an inevitability by the NCSC and industry, a tool such as CyberScore™ enables us to remain as secure as possible in our networks to avoid a potentially crippling cyber-attack,” says Martin Sloan – Group Head of Information Security at Drax.
With regular scans, you will be able to stay informed of any vulnerabilities you face as well as receive expert advice on how to remediate them. Your CyberScore™ timeline and your current CyberScore™ allows you to demonstrate that you are creating and improving security features on an ongoing basis.
The timeline shows the result of this commitment. Being able to demonstrate that you regularly scan for weaknesses and monitor continuous improvement of security measures is a powerful statement to make if the worst were to happen.
Reports and get-well plans based on empirical data will help your organisation create a paper trail of any issues, helping you to provide evidence that action was taken when a breach occurs proving that you are NIS Directive Compliance.
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try out CyberScore™ for free now!