Centric Public Report 2020

Cyber Defense Services

Along with the growing digitisation, digital risks are increasing drastically worldwide. Both organisations and individuals are still too often underestimating these risks. The negative consequences of a successful attack on critical systems go much further than just material, financial and/or emotional damage. It is therefore very important that everyone is aware of the dangers and knows how to protect themselves against cybercriminals. This is one of the reasons why Centric has further developed its portfolio of penetration tests, which we use to provide insight into the risks and vulnerabilities in the security of applications, IT infrastructure, networks and hardware.

The further expansion of our portfolio in 2020 provides us with more insight into possible risks, enabling Centric to ensure that its own infrastructure, IT systems and networks, and those of customers, are and remain safe. Through our close collaboration with the Software Improvement Group and the Dutch Centre for Information Security and Privacy Protection, we are also continuing to work on our Secure Software Development (SSD) programme so that our developers are also aware of the biggest and latest cyberthreats. SSD provides better visibility into Agile and DevOps processes, facilitating the continuous delivery of software and updates.

Expanding the cybersecurity portfolio 2020 was all about setting up CDS and expanding our portfolio of services in the field of cybersecurity. In these endeavours, we take into account recent developments in the market, and we respond to the needs and wishes of our customers and commissioning authorities. We have chosen to integrate this unit into our organization and have it contribute to our own security processes. This also ties in well with the collaboration with Microsoft. In addition to expanding our service portfolio, we have invested a lot in the development of our consultants, both in their hard and soft skills. Alongside this, significant steps have been taken to achieve ISO 27001 certification for Cyber Defense Services in 2021 to demonstrate unequivocally that we are in control of the security risks as well as the security of the personal data and company information we manage on behalf of our customers.

Red Team Portal We have further digitised and optimised the available tooling – the Red Team Portal – and new tooling has been procured to take our service to a higher level. In addition, we have further invested in marketing activities to increase our brand awareness and findability. In addition to internal and external penetration tests on mainly online and offline applications, Cyber Defense Services has also performed a number of forensic investigations on the hardware of external customers.

Outlook for 2021

In 2021, we will continue to invest in raising the level of knowledge among our end users. Security is a matter for the entire supply chain and not just for Centric. The weakest link determines the strength of the entire chain. Now that the market is increasingly moving to the cloud (about 30% is now in the cloud), Centric is also increasingly organising security across the entire supply chain. In 2021 and beyond, we will be integrating our application and infrastructure security teams further, which will enable us to monitor the entire supply chain. The key topic for CDS is supply chain integration within the public and hybrid cloud domain so that we can cover the entire SaaS supply chain for our customers. In all of this we use the latest knowledge, supported by state-of-the-art tooling from Microsoft and other partners.