• Home
  • News
  • NTEC acted as a business partner of the 4th annual seminar of Infopark Association

NTEC acted as a business partner of the 4th annual seminar of Infopark Association "Prospects and directions of cybersecurity development in the banking sector"

08 October 2024

On September 5-6, 2024, the annual seminar of the Infopark Association “Prospects and directions of development of cyber security in the banking sector” (CyberSecurity Bank Education - 2024) was held at the Training and Recreation Complex “Forum” of the Ministry of Finance of the Republic of Belarus.

The event attracted the attention of information security experts and managers. The seminar became a platform for discussing topical issues of cyber threats and methods of their prevention, as well as for sharing experience among the participants. The seminar covered important topics such as the state of cyber security in the country, aspects of using automated incident handling systems, staffing of cyber security centers, as well as issues of building cyber centers and the services they provide.

During the event, Yulia Sokolova, Head of the ROZUM International Education Center, presented a report on current opportunities for professional development in the field of information and cyber security. Existing educational programs on cybersecurity were presented, and the launch of new programs - Ethical Hacking and Fundamentals of Cyber Literacy - was announced.

At a recent cybersecurity conference, Dmitry Yavorsky, head of the NTEC's cybersecurity center, gave a presentation on the hot topic: “SOC In-House or Outsourced. 

In his presentation, Dmitry Yavorsky discussed in detail the key aspects of each approach and provided the audience with comprehensive information that will help companies make an informed decision on whether to create their own security operations center (SOC) or outsource these functions to certified cyber centers.

Highlights of the report:

1. In-House SOC Approach: Main Advantages and Disadvantages

Advantages:

  • Full control over processes: An internal SOC allows a company to keep all cyber defense processes under its own control. This is especially important for organizations dealing with sensitive data, such as those in the financial sector or government agencies.
  • Flexible and Adaptable: In-House SOC can adapt to the needs of a particular company, adjusting to unique internal processes and requirements.
  • Quicker response: Because all decisions are made internally, incident response times can be shorter than with outsourcing, which requires information to be outsourced.

Disadvantages:

  • High cost: Setting up and maintaining your own SOC requires a significant financial investment. Not only is it necessary to purchase hardware and software, but also to hire qualified personnel, which can be a major expense for small and medium-sized companies.
  • Staffing Shortage: There is a severe shortage of cybersecurity professionals, making the task of finding and retaining competent employees extremely challenging.

2. Outsourced SOC Approach: Advantages and Challenges

Advantages:

  • Saving resources: Outsourcing SOC functions allows companies to save money on infrastructure investments and staff training. This is especially true for small and medium-sized businesses that cannot afford to maintain an entire staff of cybersecurity professionals.
  • Access to advanced technology: Outsourcing companies that specialize in cybersecurity typically have access to the latest technologies and defense techniques, allowing clients to benefit from the latest cybersecurity advances at no additional cost.
  • Round-the-clock support and expertise: Outsourced cyber centers offer 24/7 services and have experience with a wide range of cyber threats, making them particularly effective in preventing and responding to incidents.

Disadvantages:

  • Limited control: When companies outsource, they lose a significant amount of control over their cybersecurity processes. All decisions are outsourced, which can be a problem for organizations with high security requirements.
  • Delays in incident response: The process of communicating data and coordinating actions can increase incident response times.
  • Privacy Risks: The transfer and management of data to third-party organizations always carries the risk of information leakage or breach of confidentiality.

3. How to decide: selection criteria

Dmitry Yavorsky emphasized that the decision between In-House and Outsourced SOC depends on many factors, including company size, budget, security requirements and available resources. He suggested several key criteria for making the decision:

  • Business size and specifics: Large organizations with large amounts of data and high security requirements may prefer In-House SOC for complete control. Small and medium-sized companies, on the other hand, may benefit from Outsourced SOC to reduce costs.
  • Data privacy level: If company data requires strict confidentiality, it is better to consider an in-house SOC where leakage risks can be minimized.
  • Resource Availability: If a company can't find or afford cybersecurity experts, an Outsourced SOC can be a great alternative.
  • Complexity and scale of threats: For organizations facing persistent and complex threats, outsourcing can offer access to highly skilled expertise and advanced tools.

Dmitry Yavorsky stressed that there is no one-size-fits-all solution, and each organization must weigh its risks, needs and budget. Understanding the pros and cons of both approaches is a key step toward creating an effective cybersecurity system.

His presentation sparked a lively discussion among the participants, many of whom recognized that the choice between In-House and Outsourced SOCs is a strategic issue that requires careful analysis and justification. The report was an important milestone in the discussion of modern approaches to cybersecurity and provided conference participants with useful guidelines for decision-making.

Overall, the workshop was an important step toward strengthening cooperation between participants, regulators, solution developers, and representatives of the education sector and another step toward advancing national security.