Featured image
Truesec pattern
Case
NLTG to stop threat actors in time

Copiloting the Cyber Threat Landscape in the Travel Industry

Surveillance 24/7 and access to the best experts – when Nordic Leisure Travel Group (NLTG) decided to embark further on its journey in cyber, it knew exactly what to demand of a partner. Today, NLTG is co-piloting the cyber threat landscape with Truesec.

“It’s important for us to work with a partner combining both worlds: deep knowledge and broad experience from advanced cyber attacks.”

Sami Breinholt

Group Head of Technology Services, NLTG

“It’s important for us to work with a partner combining both worlds: deep knowledge and broad experience from advanced cyber attacks.”

“Thanks to NLTG’s proactive approach, today, we can help them immediately following an incident.”

Mats Hultgren

Director of Operations, Truesec Incident Response

“Thanks to NLTG’s proactive approach, today, we can help them immediately following an incident.”

"Due to the decreased number of incoming alarms, some previous tasks in our Business IT team have disappeared.”

Sami Breinholt

Group Head of Technology Services, NLTG

"Due to the decreased number of incoming alarms, some previous tasks in our Business IT team have disappeared.”
Share

While typically busy arranging exotic and unforgettable travel experiences for its customers, Nordic Leisure Travel Group (NLTG) recently embarked on an important and inspiring journey of its own.

Destination? Cybersecurity 3.0.

Travel partner? Truesec.

"The supreme art of war is to subdue the enemy without fighting."

The famous quote from The Art of War has nothing to do with romanticizing warfare. On the contrary, it’s an illustrative metaphor for understanding the basic principles of strategic cyber defense, as well as NLTG's approach to strengthening its cyber resilience.

With roots originating in 1956 and a history of surviving crises such as volcanic eruptions, tsunamis, and covid – it's fair to say that NLTG is an experienced and pragmatic problem-solver. Perhaps that's a contributing factor to its proactive cyber approach.

If you’re a Nordic citizen, you've most likely heard about the group’s well-known brands, such as Ving, Spies, or Tjäreborg – all family members of Nordic Travel Leisure Group (NLTG). And in an industry filled with real-time tracking data from flights and ships, financial transactions, and lots of sensitive customer data spread over multiple platforms and applications, cybersecurity has always been a top priority at NLTG.

Properly Prepared for Worst-Case Scenarios

The numerous vulnerable, and thus attractive, attack vectors in the travel industry have caught the threat actors’ attention.

  • What would happen with NLTG’s operations in the event of a ransomware attack?
  • How could NLTG function and manage its passenger logistics without access to their data?
  • What would happen in case of the theft of financial assets or breach of sensitive customer data?

These are just a few rough questions Sami Breinholt - experienced cyber professional, NLTG veteran of 22 years, and currently Group Head of Technology Services – is thinking about daily.

There have been no incidents, Sami calmly explains but with 2,300 employees and approximately 1,3 million travels sold annually, unified resilience and cyber hygiene is key. Ranging from pilots, warehouse workers, and receptionists at the group’s hotels, raising awareness and continuously implementing improved cyber security routines is not a tiny challenge.

No man is an island, and the same goes for companies: Even the good and experienced ones could do with a trusted copilot close by. Cybersecurity has always been a top priority at NLTG, and in 2022, Sami and his team members were ready for the next step. What would it take to achieve an even higher level of cybersecurity? The team decided they wanted a partner.

Sami explains several reasons they chose to partner with Truesec.

– We wanted to gain access to the best experts, get surveillance coverage 24/7, and sleep better at night. It’s important for us to work with a partner combining both worlds: deep knowledge and broad experience from advanced cyber attacks.

A Nordic staff and, if needed, quick access to additional services such as Cyber Law, Human Threat Detection, and the most experienced Incident Response team in northern Europe also strongly contributed to their decision.

Cyber CCTV On: Integrating Truesec’s SOC

Getting started with Truesec’s Security Operations Center (SOC) was one of the first projects NLTG and Truesec initiated, and with good reason. The number of threat actors is increasing, and so are the severity, complexity, and effects of their attacks.

– It’s not a question of if, but when. That’s the reason we’re doing this, Sami says.

He also added that he may have a very pragmatic attitude but doesn’t believe in a “that’s not going to happen to us” approach.

– If you relax too much, what will you do when your operations suddenly are down? It may very well be goodbye then. We’re doing this for our operations and customers to ensure they can continue traveling and experiencing their best weeks of the year.

Fredrik Sjöberg, CEO of Truesec Detect, is responsible for Truesec’s SOC and shares Sami's point of view. With his team of 80 cyber experts in the SOC, Fredrik monitors, learns, battles, and stops the latest threats in real-time – every day, 24 hours a day, 365 days a year.

Fredrik Sjöberg, CEO, Truesec Detect AB
Fredrik Sjöberg, CEO, Truesec Detect AB
“A lot has happened on the threat side in the last five years. Due to the rapid development, surveillance only during daytime is not enough anymore”, Fredrik says. “Neither is just watching. Organizations also have to be able to act quickly upon threats. This is why Truesec always sets up the governance rules and allowed actions immediately when implementing the SOC for a new client”, Fredrik explains.

– This ensures the experts in the SOC can quickly act and isolate a computer or mobile device to stop cyber attacks before they spread to the corporate network or critical infrastructure. The analysts in the SOC manually investigate all events that could be signs of a data breach to eliminate false positives, resulting in fewer alerts being sent to the customer.

And it doesn’t stop there.

The SOC at Truesec also comes equipped with heavier tools.

To further understand the importance of truly holistic cybersecurity surveillance, Mats Hultgren, Director of Truesec’s Incident Response team, says most corporations' IT infrastructures today could be compared to a house.

Mats simplifies:

– Most houses require some renovations. Now, imagine you’re in the middle of renovating your house. You already know it will take some time before you can work on perfecting the details. Meanwhile, you still need to protect it from burglars.

Mats compares engaging Truesec’s SOC to installing CCTV and hiring a physical guard to patrol your house at night, ensuring nobody breaks in through rusty windows or a broken door. Now, with Truesec’s SOC in place, should someone still try to break into NLTG’s house, Fredrik’s team in the SOC will release the chains of their guard dogs.

Translated into cyber, that means immediately calling in Mats and his team and letting the battle-proven experts from the Incident Response team start chasing the threat actor.

Reaching Their Destination

For NLTG, having 24/7 surveillance by the SOC and instant access to the Incident Response team if needed not only ensures rapid response – it’s business critical. And proactively preparing for the worst is a crucial success factor.

“Thanks to NLTG’s proactive approach, today, we can help them immediately following an incident. It’s of the utmost importance to have agreements in place before anything happens; statistically, it takes at least 24 hours before all necessary legal agreements will be in place, and we can get into your environment and start working”, says Mats. "In a threat landscape where IT environments are fully encrypted within only 1-2 hours, it will not do”.
Mats Hultgren, Director of Operations, Truesec Incident Respons Team (CSIRT)
Mats Hultgren, Director of Operations, Truesec Incident Response Team (CSIRT)

And Sami and the Business IT team at NLTG are indeed calm and content with the setup. Navigating the threat landscape with Truesec has been a smooth ride; mile by mile, NLTG is reaching its destination. Having Truesec’s SOC in place has been an operational relief for his team, Sami says.

– Due to the decreased number of incoming alarms, some of our previous tasks in the Business IT team have disappeared. Within the rest of the organization, it’s also a relief knowing we have a specialist function supporting us.

The agile approach is something Sami appreciates with the partnership. He exemplifies this with an anecdote of how he and a colleague at Truesec chatted on a Friday night when they spontaneously decided to stress-test how well the incident response worked. Within about fifteen minutes, they were up to the task.

– Working together is easy; I think that’s a strength. It doesn’t have to be so complicated, not when you can focus on fixing the problems instead. I love working like this, Sami concludes.

About Nordic Leisure Travel Group

A Modern Holiday Company

  • Nordic Leisure Travel Group (NLTG) is a modern holiday company arranging charter trips with its flights and hotels, selling dynamically packaged holidays with scheduled flights and hotels.
  • The group sells holidays from Sweden, Denmark, Norway, and Finland.
  • NLTG is owned by the Norwegian Strawberry group (39.5%), the Swedish capital fund Altor (39.5%), and British TDR (19.75%), as well as management in NLTG (1.25%).

Managing Cybersecurity?

Sami's Advice for Increased Cybersecurity

  1. Determine your (organizational) risk appetite. How much risk are you willing to take? Then, adapt your level of security accordingly.
  2. Ensure management and the Board are on board as well. That’s a prerequisite for getting the budget and conditions required to get the job done properly.
  3. Conduct a GAP analysis. What competencies do you have in-house? Which do you need to purchase externally? I recommend having cybersecurity competence in-house but also adding external expertise. I don’t believe in having one or the other, as the threats will increase.

Talk to Us!

Interested in knowing how we can help you protect, detect, and respond to cyber attacks? We’re here to help and look forward to getting in contact with you.