Arm­ing SMEs against cy­ber­crime: fo­cus on NIS 2 com­pli­ant solu­tions

The new EU Directive on Network and Information Security (NIS-2 Directive) significantly tightens the IT security requirements for small and medium-sized enterprises (SMEs). In the "KMU.kompetent.sicher." project, companies are supported with directive-compliant training content developed by Paderborn University, the University of Hohenheim, the InnoZent OWL innovation network and the IT service provider coactum GmbH. Training programmes tailored to the new directive help SMEs to assess their individual impact in relation to the NIS 2 directive, identify gaps and initiate suitable measures. The project will run for three years and is being sponsored by the Federal Ministry for Economic Affairs and Climate Protection with around one million euros.

The directive obliges companies in most sectors to implement comprehensive security strategies, carry out risk analyses and report security incidents. Due to the integration into supply chains and the digital networking often associated with this, it indirectly affects almost all companies, including SMEs. The requirements include measures such as zero-trust principles, regular software updates, secure device configuration and identity management. Employees should also be sensitised to threats such as phishing and social engineering. Business IT specialist Prof Dr Simon Thanh-Nam Trang from Paderborn University emphasises: "The NIS 2 Implementation Act will affect an estimated 30,000 companies in Germany, including many SMEs, which often struggle with limited resources in the field of IT security."

Customised and practice-oriented training units: Implementing NIS 2 requirements efficiently

The existing training and qualification programmes already developed by the project partners in the predecessor projects "KMU. Einfach Sicher." and "ITS.kompetent" projects are now being adapted to NIS-2 and transformed into action-orientated "learning nuggets", i.e. small learning activities. Prof Dr Julia Warwas from the University of Hohenheim, Chair of Business Education, sees many advantages in the learning units: "We want to package the multi-layered content on IT security into small, digital, modular learning units. These learning nuggets can then be completed at an individual pace and at a flexible time so that they can be easily combined with your everyday working life."

In order to provide users with low-threshold access to IT security topics, the project partners also rely on a practical approach with storytelling elements. "We use true crime examples in the training content to show how phishing, a form of internet fraud, works and what the consequences can be," explains Dominik Niehus, Managing Director of coactum GmbH. Real cases are analysed and it is clearly shown how attackers go about stealing sensitive data and what measures can provide effective protection. Alina Kornbach from InnoZent OWL summarises the relevance of skills development in the field of IT security: "A high level of cyber security will become an increasingly decisive competitive factor, especially for small and medium-sized companies."

Project consortium: Interdisciplinary basis for the development of NIS-2-compliant solutions

Paderborn University, represented by the Chair of Information Systems (Prof. Dr. Simon Trang) as part of the SICP - Software Innovation Campus Paderborn, contributes in-depth expertise in the fields of information security management and compliance. This is complemented by the University of Hohenheim, whose team led by Prof. Dr. Julia Warwas specialises in the didactic design of professional skills. The InnoZent OWL e.V. technology network offers practical support for SMEs thanks to its many years of experience in technology transfer. coactum GmbH contributes its experience in the development and operation of sustainable e-learning platforms.

This text was translated automatically.