Essential everyday services, such as water, energy, transport, healthcare and IT services will be better protected from online attacks following changes to laws which set the UK’s cyber security standards. The UK government has announced the strengthening of the Network and Information Systems (NIS) Regulations to better protect the UK’s essential services, including the digital supply chains they rely on, against cyberattacks.
MSPs (Managed Service Providers), such as cloud computing and online search engines, are key to the functioning of essential services, and will be brought into scope of the regulations to improve security of digital supply chains.
“MSPs provide IT services such as security monitoring and digital billing and can have privileged access to their customer’s IT networks. This makes them an attractive target for cyber criminals who can exploit MSP software vulnerabilities to compromise a wide range of clients,” the announcement stated.
So what exactly do the revised NIS regulations mean?
Ultimately these changes will boost security standards of essential services and their suppliers, and increase reporting of serious cyber incidents to reduce risk of attacks causing disruption:
- A risk based approach of key services and their digital suppliers: The Information Commissioner will be able to take a more risk-based approach to regulating digital services and will be allowed to take into account how critical providers are to supporting the resilience of the UK’s essential services.
- Improved/increased reporting: Both essential and digital services must improve their cyber incident reporting to regulators such as Ofcom, Ofgem and the ICO, including notifying regulators of a wider range of incidents that disrupt service or which could have a high risk or impact to their service, even if they don’t immediately cause disruption
- Transparent enforcement options: Regulators will establish a transparent cost recovery system that takes into account the wider regulatory burdens, company size, and other factors to reduce taxpayer burden.
- Fines for non compliance: Organisations which fail to put in place effective cyber security measures can be fined as much as £17 million for non-compliance.
The cyber security challenges of diverse networks
At a time when critical infrastructure networks are becoming more expansive and complex, the number of tech solutions required to keep essential services running can present significant cyber security challenges.
Whilst many MSPs say they take responsibility for securing their individual tech and solutions, MSPs are not cyber experts, so do you really know how secure your supply chain is?
Differing technologies managed by multiple MSPs, not only increases your attack surface, but makes your organisation more vulnerable as there will be security gaps in between solutions, platforms and providers.
So who is overseeing the complete infrastructure of how all the MSP pieces fit together?
Your organisation may be considering developing an in-house cyber team. However not every company has the resources to manage network wide cyber security in house as this can be expensive. And it’s worth noting, not every security expert is an expert in all fields of cybersecurity, suitably qualified and experienced resources can be a challenge to find and retain in an industry with a skills shortage.
Now is the time to find a full spectrum MSSP to ensure compliance with the NIS regulations
It makes more commercial and cyber sense to work with a full spectrum dedicated MSSP (Managed Security Services Provider) who will take that holistic view and can provide the complete package of products, solutions and services to keep your organisation secure.
By appointing an MSSP you can benefit from the expertise of an entire team, and gain value for money. What’s more, cyber crime isn’t a mon-fri 9-5 activity, to stay alert and to be able to respond quickly to suspicious events, your business needs round-the-clock cyber-protection 365 days of the year.
A full spectrum MSSP will have the skills and resources available to provide the end to end management of your cyber strategy across your entire network, including licences, installations, updates and the provision of 24/7 threat detection and incident response services.
How to choose the right MSSP
Hiring an MSSP is a less expensive, more effective option than creating your own security team. As with any supplier selection it’s important to ask the right questions. Take a read of the top questions to ask when selecting an MSSP.
Gaining the best security protection for your critical infrastructure
Infosec Partners are a dedicated cyber business. We have been established for 20 years and in that time have built strong relationships with leading vendors, enabling us to secure you the best prices possible for security products. We invest heavily in the training and certification of team members for the installation and management of those products, we are recognised as the most certified Fortinet partner globally, and for also providing the highest levels of customer support.
Get in touch for a chat today about how we can help you comply with the NIS regulations.