Was ist NIS2 und wer ist in Österreich betroffen?

NIS2 ist die EU-Richtlinie zur Netz- und Informationssicherheit (Network and Information Security Directive). In Österreich betrifft sie kritische Infrastrukturen wie Energie, Verkehr, Gesundheitswesen, sowie wichtige Wirtschaftssektoren. Unternehmen ab 50 Mitarbeitern oder 10 Mio. EUR Umsatz in betroffenen Sektoren müssen die Anforderungen erfüllen. vetosec unterstützt bei der NIS2-Compliance mit Gap-Analysen und Beratung.

Was sind Managed Security Services?

Managed Security Services bedeuten, dass ein spezialisierter Anbieter Ihre Cybersicherheit kontinuierlich überwacht und verwaltet. Dies umfasst 24/7 Bedrohungsüberwachung, Endpoint Detection and Response (EDR), Incident Response, und Security Operations Center (SOC) Funktionen. Ideal für Unternehmen ohne eigenes Security-Team.

Wie lange dauert eine ISO27001-Zertifizierung?

Eine ISO27001-Zertifizierung dauert in Österreich typischerweise 6-12 Monate, abhängig von der Unternehmensgröße und bestehenden Sicherheitsmaßnahmen. Der Prozess umfasst Gap-Analyse, Implementierung eines Information Security Management Systems (ISMS), interne Audits und das externe Zertifizierungsaudit.

Was ist der Unterschied zwischen NIS2 und DORA?

NIS2 gilt für kritische Infrastrukturen und wichtige Wirtschaftssektoren in der gesamten EU. DORA (Digital Operational Resilience Act) ist spezifisch für Finanzinstitute und konzentriert sich auf digitale operationale Resilienz. Beide erfordern Cybersicherheitsmaßnahmen, aber DORA hat zusätzliche Anforderungen für Finanzdienstleister in Österreich.

Warum brauchen österreichische KMU Cybersicherheit?

Österreichische KMU sind zunehmend Ziel von Cyberangriffen, insbesondere Ransomware. Zusätzlich erfordern neue EU-Richtlinien wie NIS2 und DSGVO angemessene Sicherheitsmaßnahmen. Ein Sicherheitsvorfall kann zu Datenverlust, Betriebsunterbrechungen, hohen Strafen und Reputationsschäden führen. Professionelle Cybersicherheit schützt Ihr Geschäft und Ihre Kunden.

Cybersecurity | IT Solutions

Security is not a product you add on at the end. We build it into every layer of your IT, from the single laptop to the way people get into your company network.

What is included

The building blocks we take care of for you.

Device protection

Protection on every laptop and PC that spots attacks and stops them before they do damage.

Secure access

Strong sign in with a second factor. Only the people who should get in actually get in.

An eye on everything

We keep track of what happens in your IT and react when something looks off.

Ready for the worst case

Clear steps for when something does happen. Everyone knows who does what.

Common questions

Briefly and clearly answered.

What is EDR?

Endpoint Detection and Response. Protection on every laptop and PC that not only blocks attacks but also watches and flags anything unusual.

Am I affected by NIS2?

Probably yes if you have more than 50 employees or if you are part of critical infrastructure or its supply chain. We can clear that up in a short call.

Who is watching my IT when I am not?

This is genuinely our speciality. We watch both your cybersecurity and the infrastructure behind it. The infrastructure side is often forgotten, yet a server that quietly fails is usually only noticed when half the day is already gone. For this we use response software we built ourselves. Incidents land on our phones in real time, so we can step in immediately, no matter where we are. There is more to it: we only expose to the outside what is actually needed. Backups are kept geo-redundant, encrypted, and tested regularly. And several more pieces, because this is what we do best.

Do attackers really target small businesses?

The focus has clearly shifted toward smaller and mid sized businesses. Large corporations are no longer the main target. Austria is particularly interesting here, because according to WKO and Statistik Austria around 99 percent of local companies have fewer than 250 employees. There are even specialised search engines such as Shodan that list vulnerable, internet facing devices in your region within seconds. Where protection is missing, breaking in pays off quickly. National agencies such as the German BSI point this out in their annual cyber threat reports.

Do I really need two factor everywhere?

On every account that matters. Especially email, cloud, accounting and online banking. A password alone is not enough today. By the way, you can check for yourself, free of charge, whether your passwords are already circulating for sale online. Copy this address into your browser: haveibeenpwned.com

What happens during a ransomware attack?

Your data gets encrypted, the attacker demands money. Without a clean backup and incident plan, businesses can stand still for days. With both, you are back to work in hours.

How often should staff get security training?

At least once a year, ideally twice. Most incidents start with an email someone opens. Short, regular training works best.

Shall we look at this together?

A short call is enough to find out what makes sense for your business.

Get in touch

Built in cybersecurity