Scroll Top

Vulnerability management and NIS2: are you prepared?


As the Network and Information Security (NIS) Directive of 2016 undergoes a major upgrade with the introduction of NIS2, European companies face heightened cybersecurity responsibilities. The revamped directive mandates comprehensive measures for managing and handling vulnerabilities and will require swift action from affected companies.

A significant change in NIS2 — the most comprehensive cybersecurity legislation ever to come out of the EU — is that it makes directors personally and jointly responsible and liable for compliance. In other words, no one can hide behind the decisions or negligence of others — employees, for example. In addition to fines, failure to comply could now also have legal consequences for senior management. For example, a CEO could face a temporary ban from holding a managerial position.

Delay is out of the question

In short, you better take NIS2 seriously and implement the mandated measures as quickly as possible. In the second half of 2024, NIS2 will officially replace the existing guidelines in both Belgium and the Netherlands. Then you’ll have 18 months, until early 2026, to become fully compliant. But the sooner you get it done, the better, of course, especially given that the directive is part of a growing wave of EU cybersecurity regulation, from the 2014 eIDAS to 2023’s GPSR directive. And further legislation is expected next year.

Automation helps

To comply with the NIS2 you’ll need to take a number of measures to manage your cybersecurity risks. In concrete terms, there are ten cybersecurity domains to cover. One of those is vulnerability management, with patch management as a key element.

Manually handling patch management or, even worse, the entire vulnerability management process, is both labor-intensive and time-consuming. While it’s essential to good security, it otherwise creates little added value. In other words, it’s an ideal process to automate. You can learn how to best approach automating your patching workflow through BRYXX at one of the targeted workshops that we organize for our customers.

Implement tools

And we don’t limit ourselves to the theory — we also provide the tools you need to make automation a success for your company, and we can help you implement them today. Puppet, a specialist in IT automation software, provides great tools that allow you to manage the different phases of your IT infrastructure’s life cycle, including the patching that reduces your attack surface and your vulnerability.

But before you take on that job, you should first carefully map out how compliant you already are with NIS2. There’s a tool for that too — Puppet Comply. This assesses your infrastructure based on CIS Benchmarks, which are the best practices for configuring systems securely, from the Center for Internet Security (CIS). And the icing on the cake is that Puppet automatically takes care of all systems that are either not compliant or insufficiently compliant.

Food for thought, right? Don’t hesitate to get in touch if you’d like to explore this issue further or if you have any questions at all!