The Public administration sector is facing different types of challenges where many are a combination with an overall low lack of awareness, limited resources, and large complex ICT-systems. Three attack vectors stand out: Ransomware, Phishing and State sponsored attacks need to be high on the public cybersecurity agenda. Being a sector where employees are rarely educated on cyber threats, makes the Public administration sector specifically vulnerable to cyberattacks.
The NIS2 will have broad implications for the public administration sector, as security breaches in this sector could jeopardize sensitive citizen information and disrupt essential public services, creating destabilization on a local and national level. According to the NIS2 directive, the Public Administration sector need to implement enhanced security measures to protect sensitive information, such as personal data of citizens, financial information, and critical infrastructure data from cyberattacks.
Along with this comes the demand for continual risk assessments. The purpose of this is to ensure that organizations have the capacity to identify areas where improvement is needed, to ensure that essential services provided are available and functioning even in the event of a cyber incident.
To comply with the upcoming NIS2 requirements, organizations in the public administration sector must invest in employee cybersecurity training. This is especially important given the varying degrees of cyber awareness levels among employees in this sector, which represents a significant security risk in itself. The new focus on employee education and regulatory compliance is set to strengthen the sector’s defenses, while the requirement for regular risk assessments and incident response planning can help ensure that the sector remains vigilant.
Awareness training – one of 10 key cyberhygiene measures
The NIS2 directive requires that the Public Administration sector and other essential and important entities implement 10 baseline security measures to address specific forms of likely cyberthreats.
- Risk assessments and security policies for information systems.
- Policies and procedures for evaluating the effectiveness of security measures.
- Policies and procedures for the use of cryptography.
- A plan for handling security incidents.
- Security around the procurement of systems and the development and operation of systems.
- Security procedures for employees with access to sensitive or important data.
- A plan for managing business operations during and after a security incident.
- The use of multi-factor authentication.
- Security around supply chains and the relationship between the company and direct supplier.
- Cybersecurity training and a practice for basic computer hygiene.
Cybersecurity training is not only ‘on the list’. It’s a well-known fact that awareness training is an essential part in creating the organisational security culture needed for organisations to be compliant with many of the other security measures mandated by NIS2. Without awareness training all year round, many of the operational procedures will eventually fail – due to human errors.
Our new updated 2024 editions of Information Security Awareness training is targeting all employees, managers, executives, and boards and is one part of being NIS2 compliant.
Or why not kickstart with our NIS2 Introduction course? This will give your management a better understanding of what your organisation need to be NIS2 compliant.