The new EU cybersecurity directive: how to prepare…

With NIS2, the EU wants to counter increasingly sophisticated cyber threats. Oliver Albel, CTO of Fabasoft, talks to Eva Komarek, “Die Presse”, about the challenges of implementing NIS2.

From autumn onwards, stricter cybersecurity requirements will apply to EU member states with the entry into force of the second version of the EU Network and Information Security Directive, NIS2. Eva Komarek from “Die Presse” spoke to Oliver Alp, CTO of Fabasoft, about the most important questions. Cyber ​​threats not only concern critical infrastructure, but also affect management and medium-sized companies.

Implementation in companies also requires the core competencies of Fabasoft, one of the leading software products and cloud service providers for managing digital documents, processes and files in Europe. At Fabasoft Solutions, everything revolves around the themes of digitization, simplification, quality improvement and acceleration.

Recommended: Audits with effectiveness checks

Fabasoft is ready for NIS2 to come into effect. “We have thirty years of experience in IT and cybersecurity, and at the same time we keep a close eye on developments and new technologies in this area,” explains Oliver Albel. “We also recommend audits with effectiveness reviews, in which not only the design of the controls is examined, but the auditor also checks whether they have actually been implemented correctly over a one-year monitoring period.”

The Linz-based company specializes in cloud and cloud-native technology, where cloud technology has security advantages in the NIS2 sense: “With cloud native, containers come from microservice-based applications instead of large applications. If a microservice only sends SMS, emails and notifications, it does not need to access the database or documents. This results in a small attack surface in the source code.” Fabasoft has proven the security of its European data centers with numerous internationally recognized certifications and has also implemented extensive physical protection measures, including strict access controls to the servers.

“Fabasoft PROCECO Ecosystem” is the core of the system.

A core part of the Fabasoft product suite is the PROCECO ecosystem, which can be particularly useful for customers when it comes to security and NIS2 readiness. All monitoring mechanisms also apply when customers use the ecosystem, as Fabasoft’s reporting and information obligations are contractually guaranteed. There are also special protection functions in the application, especially regarding access, or the ability to seamlessly track changes.

The NIS2 Directive is far from the end of the road, as companies will continue to face more security regulations in the future. For example, the provisions of the NIS2 system, in which risk metrics are defined, are still pending.