Spotlight: IT-Security by Riedel

Cyber risk is now daily business. Ransomware and credential theft keep rising, and attackers automate discovery of weak spots across endpoints, cloud and third-party links. ENISA’s latest threat review ranks ransomware among the most disruptive threats, with steady activity across Europe. ENISA

Leadership also has new duties. The EU’s NIS2 framework raises the bar for security, governance and incident reporting across many sectors, with management accountability and potential penalties. The Commission’s overview is the best starting point to check scope and obligations. Shaping Europe’s Digital Future

A simple starting plan that works

1. Map what matters
List critical services, data, suppliers and identities. Keep it short and current. This becomes your north star for priorities. Guidance in NIS2 focuses on risk management and supply-chain control, so anchor your map there. Shaping Europe’s Digital Future

2. Close the top doors

• Strong authentication everywhere, with phishing-resistant MFA for admins
• Patch internet-facing systems first and automate where possible
• Protect endpoints with EDR and block macros and unsigned scripts
• Segment access using least privilege and device health checks
  These moves align with patterns ENISA highlights for reducing ransomware blast radius. ENISA

3. Backups that actually restore
Keep immutable, offline copies and test restores on a schedule. Treat backup credentials like crown jewels.

4. Detect and respond fast
Set up centralized logging and alerting. If your team is lean, use a managed SOC to get 24x7 eyes and playbooks. Time to containment is what limits damage.

5. Train people in what they really face
Run short simulations for phishing and invoice fraud. Measure outcomes and repeat. Human-centric controls stay effective against common entry tactics in EU reporting. ENISA

6. Prove readiness with a one-page IR plan
Define who decides, who talks to customers and regulators, and how to reach vendors after hours. Store it offline. NIS2 requires timely incident reporting, so have templated briefs ready. Shaping Europe’s Digital Future

7. Check if NIS2 applies to you
Use official guidance to assess inclusion, sector rules and deadlines, then map gaps to the steps above. Shaping Europe’s Digital Future

What to do this month

• Patch exposed services
• Test restoring one critical system from backup
• Run a 30-minute tabletop on a ransomware scenario
• Draft a two-page security brief for the board covering risks, actions and NIS2 status, with links to the Commission page for scope and timelines Shaping Europe’s Digital Future

Why this works

You are cutting the biggest risks first, aligning with the EU’s risk-based approach and the trends ENISA tracks across the region. You get quick wins, measurable progress and a path that scales to formal compliance. Shaping Europe’s Digital Future

Read the full whitepaper with more insights on Riedel's Page