The EU-wide legislation on cybersecurity provides legal measures to boost the overall level of cybersecurity in the Union. The rules were originally introduced in 2016 and updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape. By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
In accordance with the NIS2 Directive and the local regulation that implements it in Hungary organizations had registered with the national authority SZTFH as subjects to the updated law by the end of June this year. They are in the process of finding and assigning a partner/advisor/integrator with whom they will strengthen their cybersecurity posture and achieve and maintain compliance - they have to signe a contract for their first security audit by December 31, 2024 and will have to perform it by the end of 2025.
ComputerTrends: Why do businesses and other organizations need to think differently about their security - and IT infrustructure - as well to be able to address these current and future challenges?
Bogdan Tomanović: Evolving cyber threat landscape is making businesses and organizations need to rethink their security and IT infrastructure, and there are several key reasons why organizations need to think differently about security. The cyber threat landscape is dynamic, with new types of attacks and advanced persistent threats emerging regulary. IT Environments are complex - nowdays organisations are mostly facing a mix of on-premises systems, cloud services and hybrid environments - each of these bringing its own security challenges. As a result their attack surfaces are becoming ever biger and more digital, with the number of potential security entry points (devices, applications etc.) increasing as well.
On top of these we could also mentioned requirements for regulatory compliance, new regulations and standards, challengies arising from remote work and mobility and especialy data protection. This all leads organizations to think differently about security and to take more proactive and adaptive approach in order to protect themselves.
CT: What is Lenovo's definition of future ready cyber security - and IT infrustructure - that evlolves with the changing threats and business needs? What are the advantages and business benefits of implementing such modern cyber defences and IT infrastructure?
Bogdan Tomanović: Lenovo is commited to continuously develop future-ready cybersecurity and IT infrastructure solutions that are designed to evolve with changing threats and business needs. This approach focuses on creating flexible, resilient, and adaptive IT environments that can effectively respond to emerging challenges and opportunities. Some of the examples on how Lenovo envisions future-ready cybersecurity and IT infrastructure include proactive and adaptive security measures, flexible and scalable IT Infrastructure, comprehensive and holistic solutions, continuous improvement and innovation.
Main advantages and business benefits of this approach may include enhanced security posture, increased operational efficiency, improved business continuity, cost savings, competitive advantage, flexibility and agility.
CT: What is icluded in the ThinkShield portfolio - originally announced almost six years ago - and which are the leatest, most advanced capabilities of ThinkShield solutions and services?
Bogdan Tomanović: Lenovo ThinkShield is designed to support the transformation towards future-ready cybersecurity and IT infrastructure by providing a comprehensive suite of security solutions, software, and services. This portfolio helps organizations address evolving threats and adapt to changing business needs through a range of advanced capabilities.
Lenovo ThinkShield works across the three layers of endpoint security: supply chain, below-OS, and OS-to-Cloud, to protect, detect, and alert in case of attacks. This enables strong security even while users take their meetings from a coffee shop, answer emails while vacationing abroad, and so on.
Components of the ThinkShield portfolio include hardware-based security, endpoint protection, identity and access management, secure remote management, advanced threat protection. Here we can also mention latest capabilities that may include zero trust security model, AI and machine learning, firmware and BIOS protection, data privacy solutions, automated incident response, remote endpoint management and security.
For detailed informations as well as terms and conditions for above mentiones solutions, we encourage readers to get in touch with local Lenovo representative.
CT: Could you mention some ThinkShield customer success stories from our region as examples?
Bogdan Tomanović: Lenovo ThinkShield is a comprehensive security suite and being part of customers environment is usually treated as sensitive information. This is because it may containt data on how our customers are deploying security solutions based on industry standards, regulations and best practices. We do invite your readers to visit official Lenovo website dedicated to case studies and customer success stories that we are able to share.
CT: How can Lenovo help customize comprehensive security solutions for businesses in our region and in Hungary?
Bogdan Tomanović: Lenovo offers tailored security solutions for businesses in various regions, including Hungary, through a comprehensive process that involves customization, local expertise, and industry-specific considerations. This may include consultations and assessment, solution design, implementation and integration, training and support.
Lenovo's approach to customizing security solutions involves a collaborative process with local partners, leveraging specialized Centers of Excellence, and providing industry-specific services. This ensures that businesses in Hungary and other regions receive tailored, effective security measures that meet their unique needs and compliance requirements.
CT: Back to NIS2 compliance what is your advice to Hungarian companies that need expert advice and help to meet the upcoming deadlines later this year?
Bogdan Tomanović: For Hungarian companies aiming to meet the upcoming NIS2 compliance deadlines later this year, it's essential to approach the process strategically and proactively. Independent security risk assessment workshop is a step recomended to be conducted no matter how far an organization has already gone through in preparation for NIS2. This is due to continuos need for security process improvements.
Neverthless, key steps to be taken depending on current organization stage of preparation for NIS2 may include understanding NIS2 requirements, conduct a gap analysis, develop a compliance strategy, implement required measures, training and awareness, and other steps ensuring to also have proper documentation and reporting in place as well certification if needed.
By following these steps, Hungarian companies can effectively prepare for and achieve NIS2 compliance. Engaging with local experts, leveraging available resources, and implementing robust cybersecurity measures will help ensure that organizations meet the deadlines and maintains compliance with the directive.