The art of cyber defence: How Tietoevry puts business process before technology

Cyberattacks are no longer the isolated incidents they once were. Today, public and private digital infrastructure is under near-constant attack from criminal networks and nation-state affiliates. These actors have turned ransomware and data theft into some of the world’s most profitable illicit enterprises, while sowing fear and chaos across societies. 

Tietoevry’s Nordic Cyber Resilience Report 2024 revealed the extent of this threat. Over half of surveyed organizations in Finland, Norway and Sweden admitted to having experienced significant disruptions from cyberattacks in the preceding year. Nearly 90% anticipate that cybercrime will only escalate in the coming years.

Despite this clear awareness of the threats, the report also highlights a troubling gap in preparedness. Only 32% of organizations feel confident in their ability to detect and respond to incidents, while 42% of respondents say their governments provide insufficient assistance in combating cybercrime.

Against this background, Tietoevry Tech Services has stepped forward with solutions that help organizations to address the growing threat. Contrary to popular perception, cybersecurity is not only about installing and managing technology that repels attacks. It’s also about helping organizations build digital resilience into their ways of working.

“You cannot solve this challenge with technology alone. Companies also need a governance model for cybersecurity, so they can make informed decisions to keep their business running. We help companies to align their operational processes with their security needs,” explains Sigrun Hansen Bock, Head of Cybersecurity Professional Services at Tietoevry Tech Services.

Tietoevry Vulnerability Management builds resilience

One of Tietoevry’s key cybersecurity projects was to develop a vulnerability management framework for a Swedish financial institution. The organization had a security framework in place, but services and processes were fragmented. This led to inefficiencies and a lack of clarity around vulnerabilities and risk-management responsibilities. 

Tietoevry’s security experts comprehensively studied the organization’s processes and internal policies, identifying the vulnerabilities that needed to be addressed. This entailed collaborating across both internal teams and external suppliers.

“Security means different things to different people within a company,” says Hansen Bock. “Some expectations can be addressed simply by adjusting underlying operational processes. The challenge was to link all these areas and make security seamless for the organization. We essentially acted as a wheel in the middle, orchestrating all the different requirements.”

Hansen Bock’s team continues to work with the financial institution, evolving the vulnerability management framework as the threat landscape changes. Tietoevry has also adapted the framework for other clients in different business segments.

“While the specific implementation varies based on each customer’s risk landscape, the process remains consistent and repeatable,” says Hansen Bock.

Tietoevry Automated Security Testing: more tests, lower costs

Another key Tietoevry cybersecurity project concerned automated security testing for a Finnish industrial company. Operating across more than 30 entities, the company needed to ensure there were no vulnerabilities in its digital infrastructure. This was in part driven by regulatory requirements. 

The challenge is that traditional manual testing methods are time-consuming and costly. The organization needed a solution that would deliver consistent quality while controlling costs. Tietoevry stepped in with its automated security testing concept, which enables testing cycles to be conducted in a fraction of the time.

“We use very modern tools that automate a lot of the manual work. Planning, setup, execution and reporting are all streamlined. This allows us to cover much more testing throughout the year,” explains Hansen Bock.

The automated testing setup allows the customer to see how a specific cyberattack could move through their IT environment. The tests identify weaknesses across architecture and applications, while also illustrating how vulnerabilities could be exploited due to unintentional user behaviour.

Tietoevry has since rolled this concept out to other clients too, adapting it for smaller environments or large-scale operations. As the process is automated, the frequency of the tests can be scaled up or down according to customer needs.

“Whether testing a new application, launching a complex project or meeting the latest regulatory requirements, our automated process has you covered at an affordable cost,” says Hansen Bock.

“Cybersecurity is inherently complex, but Tietoevry has the tools and processes to reduce that complexity and build trust in your digital environment,” she says.