Delavska hranilnica savings bank is pursuing a strategic approach to cybersecurity in its continuing push to go digital and offer advanced digital products. This makes it crucial to effectively detect and respond to potential cyber threats, a feat made possible by the NIL Security Operations Centre (SOC), which is considered by the bank as the most comprehensive SOC service on the market.
With 30 years of tradition, Delavska hranilnica (DH) wants to be the first choice for the country’s population, trade unions, associations, sole proprietors as well as small and medium-sized enterprises in Slovenia. In the wake of the most recent bank sales, DH has become the largest Slovenian-owned banking institution and wants to bring its wide range of high-quality financial solutions closer to the people. Such an approach makes the bank modern, safe, reliable, and competitive.
A part of implementing this strategy is going digital. DH offers advanced financial services such as the Dh Denarnik mobile wallet and the Dh Mobilni mobile banking solution as well as continuously develops new solutions. However, the bank is well aware that innovative, attractive, and up-to-date financial services are but one aspect of digitalization. In order to be truly successful as a financial institution in a digital world and keep the trust of their customers, the bank must ensure an adequate level of reliability and security. While developing new services, DH is, therefore, simultaneously optimizing internal processes and upgrading its cyber defense systems.
“Delavska Hranilnica sees cybersecurity as an integral part of customer relations, a key aspect of risk management and, above all, a great responsibility. Investment in services such as a managed SOC service confirm this, as it allows us to constantly and proactively monitor suspicious activities, which is an important ability for us in terms of risk management. Another important consequence of investing in the SOC is the general increase in security awareness throughout the bank. This was apparent during the SOC’s implementation and especially following its launch, as we keep exploring opportunities for overall improvement through SOC’s periodic recommendations. The board also perceives security as a process and it forms a regular topic of our conversations where we are constantly looking for new solutions. We believe that is the only proper approach to an effective, comprehensive, and long-term cyber defense strategy.“ Renato Založnik, President of the Management Board, Delavska hranilnica
Using a managed SOC is the most rational solution regarding technology and business
The October 2017 coordinated DDoS attacks on several local banks highlighted the threat that cyberattacks posed to the country’s financial sector. While DH was not affected by that particular attack, the event encouraged the bank to further consider its plans and procedures for responding to cyber threats. In addition, an extensive audit by the national regulator advised DH to further separate the supervisory and operational cyber defense functions.
The task was assigned to the bank’s IT management, which analyzed the situation and set concrete goals and requirements. For the bank’s business operations, these included limiting the probability of a successful cyberattack and resulting operational damage as well as optimizing the procedures in the event of a potential cyber incident. For IT operations, the two main goals were the continuous and comprehensive monitoring of the IT environment and minimizing the disruptions to the existing IT and security architecture. Based on the above, DH decided to introduce a Security Operations Centre (SOC) capability, which enables the effective detection of cyber threats, and allows for a quick and appropriate response.
“If a company takes cyber security seriously, the question of whether it should opt for an SOC becomes irrelevant. The sole remaining dilemma is whether to go for a managed service or to create an in-house solution. We believe that using SOC as a service is a better option, not solely in terms of cost. Human resources play a major role here, as it is very difficult to find qualified personnel with the required know-how. And even if they are found, it is quite common in practice to quickly impose additional duties on them in addition to cyber security concerns. The end result would definitely be lacking in such a case. We wanted to do things right at Delavska hranilnica. Our goal was to remain focused on continuous monitoring and maintaining 24/7 readiness by a dedicated and professional team. We presented those points to the management, so it was not surprising that the board unanimously supported the model of a managed SOC service.” Janko Zorman, IT director, Delavska hranilnica
NIL SOC stands out among the competition
DH scrutinized the available market solutions offered by numerous providers in its search for the right partner. The bank was looking for a qualified and experienced SOC team, compatibility with its IT environment, the ability to manage the existing SIEM platform, and, above all, a fully featured SOC service.
Of all the providers, NIL’s SOC met the bank’s requirements the best and, therefore, the implementation of the service began in December 2019 with full operational readiness in place by March 2020.
“Using a managed SOC service does not mean that our own IT teams are no longer working on cybersecurity. We are still planning, updating, and managing the bank’s IT infrastructure. We also communicate our own findings to the SOC. The main difference, however, is that we have a contact in the SOC who constantly monitors our digital defenses and is eminently qualified to do this job – a key advantage. We need not worry about inadvertently overlooking something due to other obligations or staff absence. We have a large team of top-shelf security professionals constantly monitoring security in our IT environment and I can sleep more peacefully. We are also extremely satisfied with the cooperation between our and NIL SOC teams. Reports and recommendations are part of the service, but we also share a lot of other information and long-term advice. The overall dedication is there for all too see. The result is a high-quality service, constant progress, and a high level of trust.” Janko Zorman, IT director, Delavska hranilnica
Raising cybersecurity maturity for the entire bank
By introducing NIL SOC services, DH has established a system of continuous (24/7) detection and response to cyber threats, using a combination of modern detection technology, including AMP (Advanced Malware Protection), EDR (Endpoint Detection and Response), and managed SIEM technologies.
Organizationally, a key benefit for the bank has been the constant improvements to the bank’s long-term security maturity and defense capability based on SOC recommendations. Furthermore, notifications and recommendations of the SOC are raising cybersecurity awareness at the level of the entire bank, from operational employees to top management, while providing the bank’s IT team with constant insight into the bank’s security posture. As a result of the SOC service, all of the important improvements and recommendations are presented to the management, ensuring constant defense evolution.
At the end of the day, the NIL SOC has allowed DH to upgrade its process capability to respond to cyber incidents, which has now been confirmed as a best practice by the national regulator.
NIL SOC business benefits:
Reduced cyber risks through efficient detection and response capability
Significantly lower costs compared to an in-house solution
Continuously improving security maturity
Raised cybersecurity awareness at the company level
Compliance with sectorial best practices and regulations
NIL SOC technical benefits:
Continuous (24/7) monitoring and response with strict SLAs
SIEM platform management as part of the SOC service
Additional monthly activity and trend reports
Customer portal with activity and SLA tracking
Excellent cooperation between bank IT and managed SOC teams
Do you want to know more about NIL’s SOC?
Feel free to reach out to discuss how to deploy effective threat detection and response capabilities in your organization.