Staticus enlisted the services of NRD Cyber Security for its Security Operations Centre (SOC)

Staticus is one of the largest contractors in Northern Europe, offering comprehensive façade design and installation services. With over 720 employees, the company operates not only in Lithuania, but also in Scandinavia, the United Kingdom and the Netherlands. Its commitment to quality and creating value for customers and society has ensured the company’s stable growth. To remain competitive, Staticus pays close attention to the digitalisation of processes and the strengthening of cyber resilience.

According to Evaldas Povilaitis, Head of IT and Digitalisation at Staticus, an organisation’s approach to cybersecurity depends heavily on the understanding of its leaders and management team that it is essential for stable operations. When this mindset is shared, it becomes much easier for the IT manager to demonstrate the need for cybersecurity solutions and centralised cyber event monitoring and prevention services such as a Security Operations Centre (SOC). This is exactly the case at Staticus – strengthening cyber resilience is considered across the entire organisation, not only within the IT department.

Like any other company with IT infrastructure, systems and digitised processes, manufacturing organisations must also take care of their cyber resilience. According to E. Povilaitis, the EU market offers not only incentives but also regulation encouraging companies to invest in cyber resilience. Cybersecurity is becoming increasingly regulated, with obligations to monitor infrastructure and eliminate vulnerabilities, meaning the cybersecurity bar is naturally rising.

Augustinas Daukšas, a cybersecurity consultant at NRD Cyber Security, agrees that proactive measures to strengthen cyber resilience – such as monitoring one’s environment – help develop cybersecurity maturity:

“With the entry into the TIS2 regulation and the update to the Lithuanian Cyber Security Law, a significant number of companies have not only been encouraged but required to improve their information security maturity and hygiene. Staticus is an example of an organisation that proactively invested in strengthening its cyber resilience even before regulation was tightened. The value and purpose of SOC services are understood at the highest level, and information security is not viewed as a one-off project with a fixed end.”

Acquiring cybersecurity solutions starts with understanding your environment

The cybersecurity technology market certainly offers many popular and effective solutions (e.g. security information and event management (SIEM) tools). However, such solutions are typically implemented by partner specialists without considering the company’s overall security strategy. Using these tools in isolation, without complementary solutions and policies, brings limited benefit.

E. Povilaitis says that achieving overall visibility is a key: “The first step should not be to purchase the most popular tool, but to assess the overall threat and vulnerability landscape and decide what is needed. Only then we will have a unified and effective defence system, rather than a random collection of tools.” SOC helps organisations to choose the most appropriate solutions by monitoring their environment. “It is not an audit, but continuous observation and improvement.”

Reliability is an important criterion for choosing a partner

The Head of IT and Digitalisation at Staticus confirms that the company explored the possibility of establishing an internal SOC division to monitor its IT infrastructure and analyse cybersecurity incidents in-house:
“We considered setting up an internal centre because the organisation is large and rapidly growing. However, no matter how we assessed it, it did not seem like a suitable or economically viable solution. Assembling such a team, finding the right specialists, purchasing all necessary tools and creating the required processes appeared to be a challenging, high-risk project.”

Once the decision was made to purchase SOC services from external providers, the company evaluated an increasing number of suppliers. E. Povilaitis notes that the selection process was far from spontaneous, and several criteria were applied:

“Our own research had a major influence: which solutions exist and what the market offers. Lithuania is a small market, so there are many acquaintances within the IT and cybersecurity communities – you can ask for opinions, feedback or recommendations. Of course, we did not rely solely on recommendations – we compared both the technical and organisational/procedural aspects of the services offered, i.e. how well the service is structured and how communication works across the various service stages. We are entering a long-term partnership, so the provider’s focus on collaboration is important.

Price always plays a role – we could spend the entire company’s profit on cybersecurity, but would that be the best or most optimal solution? It must be proportionate to the services delivered and the value received. And, of course, partner reliability matters – there are many new SOC providers entering the market, but we knew that the NRD Cyber Security team has been doing this work for many years and has extensive experience across the board.”