Last year, organizations in Romania faced a massive increase in the volume of IT threats, especially at the end of the year. In June, STS reported an intensification of DDoS attacks (also confirmed by the National Cyberint Center within the SRI), and in September, the IT Security Incident Response Center (CERT-INT) within the Ministry of Internal Affairs announced the identification of over 6 million of events and issuing 5,682 security alerts.
The situation becomes more complicated if we take into account the lack of cybersecurity specialists, which the National Cyber Security Directorate estimates at about 2,500-3,000 people, but also the adoption of very strict regulations, such as the NIS 1 Directive transposed into law 362/2018, or the more recent ones – the NIS 2 Directive or DORA (Digital Operational Resilience Act). This context is driving more and more organizations to look for solutions for monitoring, managing and reporting cyber security incidents.
It’s time for CERT
Currently, the most used method to deal with these needs is the use of a CERT (Computer Emergency Response Team) or CSIRT (Computer Security Incident Response Team), to cover the entire spectrum of necessary services, from monitoring, detection and analysis, to remediation and reporting.
A CERT is generally responsible for identifying, analyzing, and mitigating cyber threats and vulnerabilities, as well as providing recommendations to prevent future incidents. The importance of such a team is that it provides a coordinated and efficient way to respond to cyber incidents, which can help minimize the damage and disruption caused by such incidents.
Additionally, a licensed CERT has specialized expertise and resources that can be used to quickly and efficiently address the technical and logistical aspects of a cyber incident. CERTs also collaborate with other similar entities (public or private) which contributes to the fluency of communication and information exchange in the event of a cyber incident.
In Romania, Safetech Innovations owns a private CERT established since 2015 (called STI CERT®), which includes a team of 15 certified experts on multiple leading technologies. STI CERT is accredited by Trusted Introducer – the European Community of Computer Emergency Response Team Organizations (www.trusted-introducer.org).
STI CERT differentiates itself from other providers through its three-level support structure (detection, response, advanced support), and its capabilities are complemented by the extensive expertise of the other technical teams within Safetech, which provide complementary, preventive services covering the areas of consulting for governance, systems integration, penetration testing, vulnerability management and security auditing.
Is creating your own CERT justified?
Creating and operating a CERT are complex and expensive processes. These require advanced skills and specialized human resources, a CERT being staffed by security analysts with advanced expertise in using various security solutions and identifying the most important types of cyber attacks. However, according to the statements of the National Cyber Security Directorate (at the CIO Council 2022 Conference), at the end of last year, Romania registered a deficit of around 2,500-3,000 specialists in the field of IT security, a deficit that will continue to grow. The situation is similar at the global level, with the recorded minus exceeding 3.4 million cybersecurity specialists ( according to Cybersecurity study data Workforce 2022 https://www.isc2.org/Research/Workforce-Study ).
Also, the actual operation of a CERT is not cheap – according to data from the European Union Agency for Cyber Security (ENISA – the study ” How to setup up CSIRT and SOC” https://www.enisa.europa.eu/publications/how-to-set-up-csirt-and-soc ) costs can reach 120-180,000 euros/year for a small CSIRT (3 members ) and over 480,000 euros/year for an extended center (+12 members) capable of providing services 24/7 for 365 days a year.
Outsourcing to Safetech? What are the benefits?
By outsourcing monitoring, analysis and response to attacks attempts, companies have access to a higher level of expertise and cyber resilience. An accredited CERT operates on the basis of well-established procedures and processes adapted to each client’s security infrastructure.
Moreover, with a large range of customers, specialized teams can quickly identify various types of attacks and propose preventive measures at the level of all customers, before they become victims of cyber attacks.
Standard workflow within Safetech’ CERT includes: event notification and takeover, assignment to a specialist and escalation to a higher level of support (if necessary), impact minimization, remediation and recovery, as well as post-remediation analysis, documentation, closing and reporting the incident.
Companies that have used Safetech’s CERT services benefit from:
– Extended coverage of security risks.
Safetech Innovations is a specialist company with extensive experience in this field and offering an extensive range of cyber security services. Access to advanced security tools and Threat Intellligence services, as well as its customer base, allow the STI CERT specialists to capitalize on the knowledge gained regarding certain incidents (indicators of compromise, attack surfaces, exploited vulnerabilities, types of attacks etc.) from other similar cases. The experience and the ability to extrapolate security information provide the necessary support for a proactive approach to each client’s specific risks.
– Availability 24/7, 365 days ensured by a team with validated procedures and methodologies.
STI CERT ensures permanent monitoring and management of threats through a team of 15 specialists, assigned to three levels of support. Safetech contractually declares its response time and its services are covered by an insurance policy.
– Financial predictability.
By outsourcing security operations to STI CERT, companies gain financial stability, efficiency and predictable costs, and the services delivered allow customers to detect the first steps of attack attempts, preventing operational interruptions and data loss, thus managing risks and avoiding damages.
– Certified services at the highest level.
The technical and operational quality of the services provided by STI CERT is confirmed by multiple accreditations ( Trusted Introducer , for example) but also the multiple personal certifications of the team members, through (ISC)², ISACA and EC-Council.
– Reducing pressure on own security teams and avoiding overload.
Outsourcing CERT services offered by Safetech compensates for insufficient human resources as well as the lack of internal expertise of clients.
In order to provide efficient services, the specialists from STI CERT need visibility into the security posture of the client’s IT systems, both at the network and endpoint level, by using specific cyber security tools such as SIEM (Security Information and Event Management), NDR (Network Detection and Response), EDR (Endpoint Detection and Response), NGFW (Next-Generation Firewall), XDR (Extended Detection and Response), PAM (Privileged Access Management) etc. Depending on their existence, the procedure for contracting and activating the services offered by Safetech Innovations also differs.
A guarantee for the quality of services is also the experience of the STI CERT staff, the team having over 15 years of experience in securing IT systems and solid expertise in field-specific technologies.
Customers, the best recommendation
The volume and complexity of cyber threats creates difficulties for any organization, whether or not they have in-house skills. In addition, compliance requirements and new cybersecurity regulations are becoming more stringent and require additional work. Safetech Innovations’ portfolio of specialized cyber security solutions and services helps companies in any field overcome these challenges.
Numerous Romanian organizations have chosen Safetech’ solutions, as well as its services of system integration, consulting, vulnerability management, operations outsourcing, security audit, for improving their level of cybersecurity. The company have clients from the sectors of utilities, health, insurance, industrial production, retail, public. Also, seven of the ten largest banks in Romania have chosen Safetech as their cybersecurity service provider.
Safetech Innovations has been involved in over a hundred critical infrastructure security projects in the United States, Canada, Brazil, Morocco, the European Union, Singapore, the Philippines, India, China and New Zealand.
Safetech Innovations SA is listed on the BSE (BSE: SAFE) and has locations in UK and UAE.
For more information about our services, commercial offers or practical evaluations, we invite you to contact us by email at sales@safetech.ro or by phone at 021 316 05 65.
