Article   May 27 2024

The food sector - what’s new with NIS2?

With a wider coverage of sectors, stricter requirements for risk management and incident reporting and more hard-hitting penalties for non-compliance, the new NIS2 directive is the most comprehensive European cybersecurity directive yet. The food sector is considered an important sector under the coming NIS2 directive because any major interruption in it could cause destructive ripple effects throughout society.

NIS2
Information security
Privacy
NIS2 agriculture

Image: Piqsels.com (royalty free)

Covering every aspect from farming to food processing, packaging, transportation, and retail sales. With the increasing digitization and interconnectivity of the food sector, it has become more vulnerable to cyber threats. In recognition of the risks posed by cyber attacks to this sector, NIS2 categorizes the food sector as an important entity.
 
The food sector consists of a complex supply chain involving millions of small organizations that operate on tiny margins. To some extent, this complexity makes it hard to implement proper security - a challenge for the whole sector. The food sector is also increasingly relying on IoT devices to monitor and control processes in areas such as food storage and transportation. These devices can be vulnerable to cyber attacks. Food companies often rely on third-party vendors for key services, including logistics and transportation, and these vendors can present vulnerabilities that could be exploited.
 
The NIS2 directive will encourage stronger collaboration between EU Member States and international partners to improve cybersecurity in the food sector. This could lead to the development of new standards, best practices, and cybersecurity initiatives. In the longer run, this can benefit the entire food sector globally, strengthening the protectioin against physical attacks on food infrastructure or the introduction of contaminants into the food supply chain.
 
The NIS2 directive also encourages supply chain management as an essential component of cybersecurity. This will require food sector organisations to ensure that their suppliers and partners meet the same cybersecurity standards that they themselves are required to comply with.
 

Awareness training – one of 10 key cyberhygiene measures

The NIS2 directive requires that the food sector and other essential and important entities implement 10 baseline security measures to address specific forms of likely cyberthreats.
 
  • Risk assessments and security policies for information systems. 
  • Policies and procedures for evaluating the effectiveness of security measures. 
  • Policies and procedures for the use of cryptography . 
  • A plan for handling security incidents. 
  • Security around the procurement of systems and the development and operation of systems.  
  • Security procedures for employees with access to sensitive or important data.  
  • A plan for managing business operations during and after a security incident. 
  • The use of multi-factor authentication. 
  • Security around supply chains and the relationship between the company and direct supplier.  
  • Cybersecurity training and a practice for basic computer hygiene. 
 
Cybersecurity training is not only ‘on the list’. It’s a well-known fact that awareness training is an essential part in creating the organisational security culture needed for organisations to be compliant with many of the other security measures mandated by NIS2. Without awareness training all year round, many of the operational procedures will eventually fail – due to human errors.
 
Our new updated 2024 edition of Information Security Awareness training is targeting all employees and managers. Our  Digital security for top management is tailored to meet the needs of executives and boards and is one important part of being NIS2 compliant.  

Or why not kickstart with our NIS2 Introdution course? This will give your management a better understanding of what your organisation need to be NIS2 compliant.
Article   May 27 2024