The Acme Group sets high standards for cyber resilience and begins cooperation with NRD Cyber Security

The Acme Group is an organisation operating in the Baltic countries. It brings together 33 companies specialising in technology distribution, cinema and renewable energy. The group employs more than 450 people in Lithuania, Latvia and Estonia.

The organisation applies high quality and security standards across its commercial activities, services and internal processes. Strengthening cyber resilience is one of the group’s strategic priorities.

For cyber incident management – the Security Operations Centre (SOC)

According to Artūras Luckus, Head of Cyber Security at Acme Group, the updated Lithuanian Cyber Security Law states that the Security Operations Centre (SOC) is the key component for managing cybersecurity incidents and increasing cyber resilience:

“Our goal is to maximise our cyber resilience, which is why we focus on achieving a high level of cybersecurity maturity. Rather than relying solely on technological automation, we base our infrastructure monitoring on real analysts and threat hunters. We actively develop rules and assess their effectiveness to adapt to the specifics of our IT infrastructure and filter out false positives. A cybersecurity service provider should not simply ‘tick boxes’ to demonstrate compliance – it must ensure that all cyber incidents are detected, analysed and handled on time. They must also help us significantly increase our cybersecurity maturity through their professional insights and practical experience, while continuously monitoring and identifying security gaps.

In addition, the growing need to strengthen cyber resilience is already affecting many organisations and will impact even more in future, particularly within supply chains. The updated Lithuanian Cyber Security Law (aligned with NIS2) sets out the basic requirements for strengthening cybersecurity, which should be addressed not only by organisations themselves, but also by their supply chains. Therefore, we expect high security standards from our service providers as well.”

SOC service providers are growing rapidly, but experience is key

Augustinas Daukšas, a cybersecurity consultant at NRD Cyber Security, emphasises that, following the update to the Lithuanian Cyber Security Law in line with the NIS2 Directive, the cybersecurity services market has become more active. However, he believes that the main focus should be on the SOC team and its capabilities rather than on the monitoring tools:

“First and foremost, SOC services are about experts and their ability to use monitoring tools effectively. The global tendency is for monitoring tools to account for around 10-20% of a SOC contract’s value. If the figure is significantly higher, it raises the question of whether you are actually purchasing SOC services or simply paying for a threat monitoring tool, where alerts are passed on to the customer without analysis. In such cases, buyers are inundated with notifications without any clear guidance on how to respond.

Some processes can indeed be automated, particularly with artificial intelligence-based solutions. However, experience shows that humans are still irreplaceable in threat monitoring. The exception, of course, is when protection solutions (EDR/XDR, NDR etc.) are included, in which case the proportions naturally change.

Today, SOC services can be delivered using a variety of tools – SIEM; EDR/XDR with or without a data lake; and NDR – whether from well-known cybersecurity vendors or open-source technologies. However, when choosing a SOC provider, we recommend focusing on the desired outcome, the provider’s competencies and experience, and client feedback rather than on the tools themselves. What matters far more is who operates the tools and whether they use them properly.”

A.Luckus agrees that too much attention is paid to monitoring tools:

“It is not uncommon for SOC service providers to lack sufficient cybersecurity professionals, or for their employees to lack practical experience and appropriate qualifications. Monitoring technologies are very useful, but identifying a threat is only part of the job. High-quality analysis and the continuous improvement of monitoring are crucial to ensure that the volume and value of information increases over time.

This makes finding the right cybersecurity service provider increasingly difficult. At Acme Group, we selected our cybersecurity partner based on the composition of its professional team, its experience in Lithuania and internationally, and customer references. While strengthening cyber resilience is a top priority for Acme Group, we also made sure to carefully assess the price-quality ratio.”