Quote Now
LINE

Grayteq
EU Compliance

Meet the EU
cyber security standards

NIS2 DORA
NIS2 Compliance

Meet the strictest
EU cyber security standard

EU Compliance DORA
DORA Compliance

Meet the EU cyber security standards for the Financtial and Telecom sector

EU Compliance NIS2

Shaping the Cyber Future of the EU

The new Cybersecurity Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices, and agencies of the Union entered into force on 7 January 2024.

The new legal framework follows the proposal of the Commission for the Cybersecurity Regulation in March 2022 and the political agreement reach by the European Parliament and Council in June 2023. The regulation contains comprehensive measures to reach a high level of cybersecurity emphasize the importance of establishing an internal cybersecurity risk management, governance, and control framework tailored to the needs of each Union entity and taking into account the evolving nature of cyber threats and the interconnectedness of digital systems.

The regulation introduces the Interinstitutional Cybersecurity Board (IICB) to oversee and assist in the implementation of the regulation, ensuring that Union entities work towards achieving a unified cybersecurity standard. The Computer Emergency Response Team for EU institutions (CERT-EU) is being expanded under this regulation in order to serve as a central hub for threat intelligence, information exchange, and incident response coordination - it has been renamed the Cybersecurity Service for the Union institutions while retaining the acronym "CERT-EU".

What is the NIS2 Directive About?

The NIS2 (Network and Information Systems) Directive, effective since January 16, 2023, marks a significant shift in the European Union’s approach to cybersecurity. Expanding the scope to include more sectors and companies, it aims to bolster the resilience of critical infrastructures against cyber threats. With its implementation deadline set for October 17, 2024, businesses need to be proactive in understanding and complying with its requirements.

What is the DORA Directive About?

The Digital Operational Resilience Act (DORA) is a mandatory European Union (EU) regulation that entered into force on January 16, 2023 and will apply as of January 17, 2025. The regulation aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms. The goal is to help ensure that the financial sector in Europe can stay resilient in the event of a severe operational digital disruption. DORA requirements bring harmonization of the rules relating to operational resilience for the financial sector applying to 20 different types of financial entities and ICT third-party service providers.

Scope and Applicability
NIS2 (Network & Information System) Directive: Applies to essential and important entities across various sectors expanding the scope of its predecessor, the NIS Directive.
Essential entities include sectors such as energy (including electricity, oil, and gas), transport (air, rail, water and road), banking, financial market infrastructures, health care, drinking water, wastewater, and digital infrastructure. Essential entities are those whose disruption would cause significant impacts on public safety, security, or economic or societal activities.
Important Entities covers postal and courier services, waste management, manufacture, production and distribution of chemicals, food production, distribution and sale, manufacturing of medical devices, computers and electronics, machinery equipment, motor vehicles, digital providers such as online marketplaces, online search engines, and social networking services platforms, and certain entities within the public administration sector.

Learn more about NIS2
DORA (Digital Operational Resilience Act): Specifically focuses on the resilience of the financial sector to ICT risks, encompassing a wide range of entities that play pivotal roles in the financial ecosystem.
This includes credit institutions, investment firms, insurance and reinsurance companies, payment institutions, electronic money institutions, crypto-asset service providers, central securities depositories, central counterparties, trading venues, managers of alternative investment funds and management companies of undertakings for collective investment in transferable securities (UCITS).
Additionally, it covers ICT third-party service providers to these financial entities, emphasizing the importance of digital operational resilience not just within financial entities themselves but also within their extended digital supply chains.

Learn more about DORA

Key Changes and their Impact:
What is New in NIS2?

Expanded Scope
Encompassing 18 sectors, including 7 new Important Entities, NIS2 widens its net to ensure more companies are prepared for cyber threats.
Mandatory Cyber Risk Management
Companies must now rigorously assess and manage cyber risks, including those in the supply chain.
Stringent Reporting
NIS2 enforces strict reporting obligations, ensuring timely and transparent communication with relevant authorities
The Five Pillars of DORA

DORA is organized into five fundamental pillars that define the requirements and expectations for various elements of operational resilience. Below is a summary of these pillars and how we can help you fulfill the requirements associated with each one:




ICT Risk Management

CSA/BIA
ISMS Framework
Technical Security Standards
Cloud Security Review
Cyber Security Review
Penetration Testing

Incident Reporting

Cyber Incident Response
Managed Detection & Response
Fully Managed SOC
vCISO

Digital Operational Resilience Testing

Testing & Excercise
Purple Team Testing
Work Area Recovery
Disaster Recovery
Data Protection & Recovery

Third-Party Risk Management

BCM Planning Tool
BIA Consultancy
Supply Chain Review

Information Sharing Arrangements

Cyber Incident Reporting

NIS2:
Overarching Categories
  • Organizational and risk management strategies: Organizations must develop and execute cybersecurity and risk management plans to protect its digital assets from threats posed by malicious entities.
  • Technical and organizational measures: Organizations needs to establish necessary security protocols and conduct ongoing information security training to strengthen its cybersecurity framework.
  • Incident reporting: Organizations are required to inform the appropriate authorities about major cybersecurity incidents within a 24-hour timeframe.
  • Information exchange: Organization are obligated to exchange insights regarding cybersecurity threats with the NIS2 community to enhance cyber resilience across the EU.
NIS2:
The Ten Commandments
  • 1. Organizations must perform risk assessments and create security policies for information systems.
  • 2. Your organization must evaluate the effectiveness of security measures through routine policies and procedures.
  • 3. Organizations are required to develop guidelines and procedures for cryptography and encryption.
  • 4. Organizations must create comprehensive incident response strategies.
  • 5. Organizations must maintain system security during both development and operational phases through activities like vulnerability management and incident reporting.
  • 6. Organizations must provide cybersecurity training and promote fundamental cybersecurity hygiene practices , such as using strong passwords and adhering to the principle of least privilege.
  • 7. When employees have access to sensitive data, organizations must implement data access policies. Organizations must also have real-time visibility and control over sensitive data.
  • 8. Your organization is obliged to integrate incident response planning with regular backups and business continuity measures.
  • 9. Organizations must deploy multi-factor authentication and single sign-on, as appropriate, in suitable contexts.
  • 10. Organizations must adopt a cyber-aware strategy for managing supply chain risks, ensuring that adequate security practices are applied to each supplier relationship.
NIS2 has arrived!

Are you Prepared?

The Pillars in details
ICT Risk Management This pillar mandates that financial entities implement comprehensive frameworks to identify, assess, manage, and mitigate ICT-related risks. It encompasses risk management strategies, policies, and procedures to protect against potential threats.
Incident Reporting: Financial entities are required to establish mechanisms for the timely reporting of significant ICT-related incidents to regulatory authorities, including detailed documentation and analysis of incidents to prevent future occurrences.
Digital Operational Resilience Testing: Regular testing of ICT systems is mandated to ensure resilience. This includes advanced testing methodologies such as Threat-Led Penetration Testing (TLPT) to identify and address system weaknesses.
Third-Party Risk Management: Financial entities must have stringent oversight over their third-party ICT service providers, including contractual obligations, performance monitoring, and exit strategies to manage third-party risks.
Information Sharing: The final pillar, information sharing promotes a collaborative approach to managing cyber threats, ensuring that financial entities can collectively enhance their defences and respond more effectively to incidents.

NIS2:
Non-compliance Penalties
The requirements of the NIS2 are legally binding on the entities that fall under its purview. Member States have the discretion to penalize non-compliant entities with dissuasive penalties as well as administrative fines.

In general, essential entities that fail to comply with its directives may be fined up to €10 million or 2% of their total turnover worldwide – whichever is higher.

Important entities that fail to comply with the NIS2 may be fined up to €7 million or 1.7% of global turnover.

In addition, non-compliant companies may be forced to suspend their business activities until they meet the NIS2 requirements and achieve 100% compliance.
Financial penalties: the cost of non-compliance

DORA establishes rigorous financial penalties for violations of its requirements. A breach could see institutions fined up to 2% of their total annual worldwide turnover or up to 1% of the company’s average daily turnover worldwide. Individuals and companies could face fines of up to €1.000.000. Critical third-party ICT service providers, integral to financial entities, could incur even higher fines—up to €5.000.000 or €500.000 for individuals if they fail to meet DORA’s stringent standards.

For comparison, financial penalties associated with non-compliance with the General Data Protection Regulation (GDPR) can reach €20.000.000 in most severe cases or 4% of the total global turnover. One can anticipate that a company failing to comply with DORA and GDPR will face almost certain financial peril.

Leveraging Grayteq for EU Cyber Security Compliance
Leveraging Grayteq for NIS2 Compliance
Leveraging Grayteq for DORA Compliance
  • 24/7 Monitoring: Grayteq DLP provides constant vigilance, ensuring cyber threats are detected and addressed promptly. This is crucial for essential entities that cannot afford downtime.
  • Skilled Incident Response: Grayteq offers expert assistance to help you respond to and remediate cyber threats, reducing the risk of damage to your systems and ensuring compliance with the Directive.
  • Full-scale Data Coverage: Grayteq DLP protects all digital information, from documents to special file-types, helping you comply with the extensive protection requirements of the Directive.
  • Compliance Reporting: Grayteq DLP generates comprehensive reports on cybersecurity measures, demonstrating your adherence to the requirements of the Directive.

Summary
  • Medium to large organizations in the EU are required to adhere to NIS2, a robust cybersecurity regulation, by October 2024.
  • Grayteq DLP can assist in fulfilling NIS2 obligations by implementing security measures, enforcing encryption policies, offering cybersecurity training, and restricting data access.
  • Our solutions incorporate advanced Rights Management, Endpoint Protection, Application Security and straightforward deployment to achieve compliance with NIS2.

Grayteq DLP can get you comply with NIS2 and protect your valuable corporate data from being exposed!

Detect and protect.

Grayteq DLP offers an innovative solution for organizations to combat persistent and frequently unnoticed dat threats originating from various sources. Through Grayteq DLP's Security Orchestrator platform, organizations can identify tthat occur in their systems, including those that were not previously recognized.

Live Demo Contact us
Grayteq Data Loss Prevention Solutions
95 Bartok Way Budapest, Pest County H-1113 HU
Email: support@grayteq.com Website: www.grayteq.com
0
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more »