By the 9th May 2018, the UK will be implementing the EU directive which began in 2013 regarding the security of network and information systems, more commonly known as the Networks and Information Systems (NIS) directive.
The NIS directive is aimed at specific organizations that play a critical role within society with the services they provide. These include from electricity and water, freight and transport, healthcare & public sector.
What’s common across all these sectors is clear: any disruption to the services they provide, comes great impact to society, the economy and potentially people’s welfare.
Because of this, it also means these sectors are a rather attractive target for threat actors to cause as much disruption as possible and in the public spotlight. We saw this with the WannaCry ransomware (amongst many others) and I have no doubt more sophisticated attacks will follow. What we need to ensure, and with the guidance of objectives set out by the NIS frameworks, is that we (as organisations) are more prepared to prevent the fines which comes with neglect, and the ‘It wouldn’t happen to us attitude’.
Through many of the reports released in 2017, the two most commonly used attack vectors were unsecured remote access tools and compromised privileged accounts. This paints a clear picture as to why the NIS have identified ‘Objective B - Protecting against cyber attacks’ as one of the most important objectives of the framework. What’s more interesting is how specific these objectives get, and what they include:
- Identity and access controls
- Securing Access to all systems
- Preventing unauthorized access to critical data
- Building resilient networks and network segmentation
- Enforcing policies & process to critical services
- Supply chain
According to Gartner, through 2021, organizations with privileged access management solutions will have at least 50% lower risk of impact by threats as compared to their peers without the appropriate tools in place1.
With this directive quickly approaching, organisations need to get serious about protecting business critical systems. Bomgar provides leading privileged access and identity management solutions that enable customers to easily and rapidly implement a true defense-in-depth approach to cybersecurity to protect their most critical systems and sensitive data against today’s advanced threats.
Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But this is only half the battle. Securing the access pathways is just as crucial to protect your critical systems and data from cyber threats. Check out this on demand webinar, which outlines the six steps companies need to take to secure privileged access, while simultaneously improving business productivity – to help meet standards and upcoming regulations, such as the NIS directive.
[1] “Best Practices for Privileged Access Management, 2017”, Anmol Singh, Felix Gaehtgens, September 12, 2017.
