IT Security

The EU has responded to the ever-increasing number of attacks on the IT systems of many small and medium-sized enterprises and adopted the Network and Information Security Directive 2.0 (NIS2) in 2022. This affects companies in certain sectors with 50 or more employees and a turnover of more than EUR 10 million and must be transposed into German law by October 2024. What is new is that the size categories have been significantly expanded and that, in addition to the “usual suspects” such as banks, healthcare and energy suppliers, the chemical industry and the manufacturing industry or manufacturers of goods are now also covered.

These must take the following measures, among others:

• Concepts for risk analysis and security for information systems
• Prevention, detection and management of security incidents
• Business continuity (e.g. backup management) and crisis management
• Security in purchasing, development and maintenance of IT systems
• Cyber hygiene (e.g. updates/patches) and training in cyber security
• Cryptography and encryption where applicable
• Personnel security, access control and asset management
• Multi-factor authentication or continuous authentication
• Securing voice, video and text communication

SMEs – including those from sectors not covered by NIS2 – are increasingly being targeted by attackers anyway, now that large companies have protected themselves extensively. The attackers’ motivation ranges from “sporting” ambition to economic and competitive espionage to sabotage or simple blackmail using ransomware – otherwise the IT will be paralysed or confidential data published.

Let’s talk about the security of your IT. >>> Get in touch

We support you conceptually and technically …

• with a “health check” of your IT structure
• with an analysis and prioritisation of your key risks
• by hardening your IT security in all elements (firewall, AV software, end point protection, DL protection, anomaly detection, …)
• with pen testing/vulnerability scanning/red teaming
• with training for your employees and sensitisation for phishing and social engineering
• in complying with legal requirements (ITSiG, NIS 2.0)
• in preparation for certifications, e.g. in accordance with ISO 27001/BSI basic protection
• with business continuity concepts and crisis exercises