Search
Search

Lots of work for IT professionals

Saxony was the first federal state to enshrine the EU directive on network and information security in law. NIS 2 affects significantly more sectors and companies. They now need IT specialists, but these are in short supply. Nevertheless, a major IT service provider from Dresden advises that it makes sense to take care of this early on.

Reading time: 4 Minutes

Ein stilisiertes Foto zeigt eine Hand sowie ein Schloss-Symbol.

By Annett Kschieschan

There are topics that everyone can relate to - on the surface. But what exactly is behind it, who is affected and in what way, often raises questions even where you should actually know better. Cyber security in the world of work is one such topic. It is no secret that there are hacker attacks on companies and that spam emails can turn out to be phishing attacks. But how should companies protect themselves effectively? How much cyber security does a metalworking company need, how much does a grocery store, doctor's surgery or public authority need? These questions are almost impossible for managing directors or office managers to answer today. And the topic is becoming increasingly complex, as Saxony is the first federal state to take a step forward in implementing the European requirements for increasing cyber security. By resolution of the Saxon state parliament on June 12, the European requirements of the so-called NIS 2 Directive will be anchored in the Saxon Information Security Act in the Free State of Saxony.

Who is part of the critical infrastructure?

The abbreviation NIS stands for Network and Information Security. The directive is intended to improve cyber resilience in the countries of the European Union. The focus is on so-called critical infrastructure, i.e. those areas that are essential for maintaining normal everyday life. This includes hospitals as well as utilities and waste disposal companies, banks, transport companies, but also service providers and manufacturers. With the new directive, more sectors than before are part of the so-called Kritis area, with a total of 18 sectors being differentiated. The specifications regarding the size above which a company must take special safety measures have also changed. For Saxony, however, the specific question now arises as to where the professionals who will take care of the implementation of NIS 2 in companies and administrations will come from. The job market for IT specialists is already virtually empty. Hardly any company is likely to be able to meet the security requirements of the future with on-board resources.

"Most companies will need support. And the sooner they deal with the issue, the better," says Christian Müller. As a technical consultant at the Dresden-based IT service provider SHD System House Dresden GmbH he knows the weak points in companies and administrations. And he knows that a tailor-made IT security concept requires good analysis and planning. Not every expensive and supposedly perfect all-round carefree package is suitable for every company. He and his colleagues usually start with an inventory as part of a short workshop and a so-called penetration test. The professionals attempt to crack the company's security system. Sometimes it's a matter of a few hours, sometimes a task that takes days. In the end, however, it is always clear through which gap cyber criminals could access internal company data or paralyze the entire company. After the initial shock, a concept is then developed together to prevent precisely this emergency.

Which companies need to act?

One thing is certain: the demand for professional help will increase in the coming months. SHD is prepared for this and is already broadly positioned. But new employees are also being sought here. "Anyone who wants to gain a foothold in the industry has the best opportunities right now," says Christian Müller. Not least due to NIS 2, the range of tasks for IT professionals will become even greater. Anyone who works for an experienced service provider will quickly become familiar with the requirements of a wide range of sectors and administrative structures.

 "As we have been an IT service provider for customers with critical infrastructures for many years, the new regulation is not new territory for us. When you are an IT service provider for university hospitals or public authorities far beyond the state level, you need in-depth technical expertise. This expertise lies not only in the minds of the specialists, but also in the technical requirements, particularly in the interaction with the IT security processes. We have invested a great deal here in recent years," says Marco Graef, Managing Director of SHD. Graef himself has been responsible for the architecture of data centers and critical IT infrastructures for decades and is therefore well placed to understand the current challenges. The IT forensic experts and information security consultants invest a great deal themselves in order to always be up to date. Independent certifications, including training directly at the Federal Office for Information Securityand annual recertifications are part of this. "We have respect for the high demand, but we feel well prepared. We have been preparing for this for years," says Marco Graef, also referring to DIRT. The German Incident Response Team is a group of companies with 50 so-called BSI incident experts and a total of 4,500 IT specialists. Dirk Henniges, Managing Director of the group of companies Compass GroupTogether with the 15 managing directors from the association, Marco Graef has set himself the task of raising cyber security in Germany to the highest level in the long term. Marco Graef is also one of them.

Register in good time

What is ultimately also an exciting challenge for the security specialists is likely to be a source of concern for many entrepreneurs between Neisse and Vogtland. Not without good reason, but professional Christian Müller warns against rushing into things out of necessity. "The implementation of the directive will probably only be reviewed after three years. So there is still enough time to develop a suitable safety concept. However, it is important that the companies affected register promptly," he says. Those who do their homework on NIS 2 now have a good chance of surviving the audit - i.e. the review by external experts - and, more importantly, being well protected. This is because the number of cyber attacks has been increasing for years. According to statistics from the Federal Criminal Police Office, attacks from abroad alone increased by 28% last year and caused damage totaling more than 200 billion euros.

With the implementation of the NIS 2 Directive, the safety net will be "even tighter", according to the Saxon State Chancellery. The country's information security officer is now also taking on the role of a supervisory authority. He is to review the implementation of security measures and report security incidents in important state authorities to the European Union.

More security for everyone - that should be in everyone's interest. However, NIS 2 also poses a further challenge for companies, which once again demonstrates the consequences of the shortage of skilled workers in a very practical way.

This might also interest you: