Artea Bank enlisted the help of NRD Cyber Security to monitor cyber threats 24/7

Although cyberattacks against various types of organisations are constantly increasing in Lithuania and around the world, financial institutions remain among the most attractive targets for cybercriminals. According to data from the Lithuanian Banking Association, the number of targeted cyberattacks against banks operating in Lithuania increased fivefold last year. As cybercriminals operate without time or geographical limitations, continuous monitoring of cybersecurity events is becoming increasingly important. Organisations can establish their own team of cybersecurity specialists (a Security Operations Centre, or SOC) to work 24/7, but this is complex and resource-intensive. An alternative is to outsource a service that continuously monitors IT infrastructure in real time, identifying and preventing cyber incidents. This is exactly what Artea Bank, the largest Lithuanian-owned bank in the country, has done. NRD Cyber Security, a cybersecurity consulting, services and technology company, provides the external CyberSOC service to the organisation.

The bank improves its visibility of cyber threats

“The demand for external security operations centre services in Lithuania is growing. This shows that organisations are looking for ways to better control their cybersecurity posture in order to ensure their cyber resilience more effectively. We launched the CyberSOC service in 2014 with just a small team, but concern for cybersecurity in Lithuania and expectations for service quality have grown significantly since then. As more organisations seek to minimise the response time to cyber incidents, we expanded our CyberSOC operations and started providing services 24/7. This extends threat monitoring by up to four times, as it covers non-working hours and weekends. This is particularly important for banks, which do not operate solely during office hours – their online services are accessible around the clock. By using a service that monitors IT infrastructure continuously, the bank ensures a significantly higher level of security. We are very pleased to contribute to this,” says Augustinas Daukšas, cybersecurity consultant at NRD Cyber Security.

Mindaugas Vingilis, Artea Bank’s IT Security Officer, notes that the bank makes every effort to protect its customers and normal banking operations from threats. High-level security solutions are therefore one of the bank’s top priorities, especially as the number of cyber threats continues to grow.

“The security of customer data and the continuity of service provision are extremely important to Artea Bank. Until now, we used an IT infrastructure monitoring service provided by NRD Cyber Security for 9 hours a day, 5 days a week. However, given the changing geopolitical situation, we realised that we needed to strengthen our threat monitoring further. We wanted a solution that would ensure uninterrupted monitoring carried out by competent cybersecurity analysts rather than automated systems, with consistent response times regardless of the hour. From now on, the CyberSOC team monitors our IT systems 24/7, analyses security events, and reports only those requiring action,” says M. Vingilis.

Artificial intelligence and technology cannot replace humans

Several factors prompted the bank to purchase a continuously delivered SOC service from an external provider rather than building capability internally. Firstly, outsourcing enables it to avoid the significant shortage of security analysts in Lithuania and the risks related to staff turnover. Creating an internal SOC operating 24/7 would require 4-5 analysts. In addition, outsourcing allows for more effective cost management.

“Our organisation places significant emphasis on security and uninterrupted service delivery. We have IT staff who work outside standard hours and are ready to respond to threats identified by our partners at any time. As NRD Cyber Security has many external SOC clients, it sees a wide range of threat patterns and is able to identify and verify potential weaknesses in our IT infrastructure, even when there are no visible signs of attack. We are informed and instructed on what actions our team must take to mitigate threats. In this way, we continually strengthen the cyber resilience of our IT infrastructure,” notes M. Vingilis.

According to A. Daukšas, SOC services are among the most valuable cybersecurity capabilities on the market due to constant monitoring and threat detection. However, they are also among the most complex, as they involve people as well as a variety of technological and IT infrastructure considerations.

“We use a range of systems for threat monitoring, hunting and prevention, including SIEM, XDR, EDR and NDR, as well as vulnerability scanners and other essential tools. However, automated technologies and artificial intelligence-based solutions cannot yet replace humans. Hackers know security technologies well and understand how to exploit weaknesses. In reality, they are often a step ahead – particularly when it comes to the human factor, which remains the most effective and most common attack vector for malicious actors. Security events frequently require detailed analysis, specialist experience and an understanding of threat patterns and monitored infrastructure – all of which are extremely difficult to automate. The greatest value of a 24-hour SOC is achieved when real analysts monitor cyberspace 24/7, with the most advanced security technologies supporting their work,” explains A. Daukšas.