Gofore

We offer expert knowledge in digitalization.

PATENT AND REGISTRATION OFFICE

Red Teaming strengthens cyber defence from a new perspective

The Finnish Patent and Registration Office gained concrete new insights into its overall security posture through a Red Teaming service simulating a real-life cyberattack. The results strengthened the organisation’s understanding of its current state and provided clear tools for managing information security.

Objective

Ensuring critical services remain resilient amid cyber threats

The Finnish Patent and Registration Office (PRH) promotes entrepreneurship, innovation and collaborative activity in Finland and internationally. It is critical for businesses and society as a whole that the registers managed by PRH operate reliably and without disruption. This means the agency’s information security must remain at a high level.

As part of its systematic information security efforts, PRH had previously tested its defence capabilities through targeted penetration testing exercises. This time, the goal was to gain an even more comprehensive and realistic understanding of the organisation’s overall security, its ability to detect and respond to threats, and any potential areas for improvement.

“We wanted to strengthen our information security by ensuring that our operations genuinely meet the required standard and that no hidden vulnerabilities remain in our systems or processes,” says Sakari Karstu, Chief Technology Officer at PRH, who is responsible for the security of the agency’s production systems.

“Red Teaming exercise gave us confidence in our work and strengthened our understanding of where we currently stand. It also helped us identify where future information security development efforts should be directed.”

Sakari Karstu, Chief Technology Officer at PRH

Solution

A simulated attack reveals the reality of information security

Gofore’s Red Teaming service addressed PRH’s needs. This type of comprehensive attack simulation differs significantly from traditional penetration testing. While penetration testing focuses on a predefined individual system, Red Teaming examines the entire organisation from the perspective of an external attacker.

“The objective is to simulate real-life cyberattacks and test whether the target organisation detects the attacks and how effectively it can defend itself against them. Red Teaming is particularly well suited to organisations like PRH that already have a strong information security management system in place,” says Minna Lehmustalo, Cybersecurity Service Owner at Gofore.

After agreeing the rules of engagement and defining the intelligence questions together with PRH, Gofore carried out the attack simulation using widely known attack methods and vulnerabilities. Ethical hackers searched for weaknesses in the organisation’s systems, networks, physical premises and employee practices.

Gofore compiled its findings into a final report, where the observations were analysed, categorised and prioritised. Based on these findings, targeted development recommendations were also created for the needs of different stakeholder groups.

“The exercise proceeded as expected and caused no disruption to our work. We were able to test and observe the aspects we wanted to examine. It was important to us that the report respected employees’ privacy and focused on developing operating models rather than individuals,” Karstu comments.

Outcome

Confidence in the present and clarity for the future

Through the Red Teaming service, PRH gained valuable insight into its real ability to withstand cybercriminal attacks, as well as the security of its systems and processes.

“Gofore’s Red Teaming exercise gave us confidence in our work and strengthened our understanding of where we currently stand. It also helped us identify where future information security development efforts should be directed,” says Sakari Karstu.

The report produced from the attack simulation findings will continue to serve as a data-driven management tool, addressing both the practical needs of technical teams and the business impact concerns of senior management.

Project highlights

Objective

The services provided by the Finnish Patent and Registration Office are critical to Finnish society, which means the agency’s information security must remain at a high level. PRH wanted to use an attack simulation to gain a thorough understanding of the organisation’s overall security, its ability to detect and respond to threats, and potential areas for improvement.

Solution

The need was addressed through Gofore’s Red Teaming service. Gofore’s experts and PRH first jointly defined the intelligence questions to be answered through a comprehensive exercise simulating real-life cyberattacks. The findings were compiled into a final report that also provided development recommendations tailored to different stakeholder groups.

Outcome

Through long-term collaboration, THL’s project delivery has become more efficient, and the role of change management in development has strengthened. Over the years, the partnership has evolved into a mutually beneficial collaboration for both experts and end users.

Expertise

Skills and competencies used in the project

  • Cybersecurity
  • Red Teaming
  • Attack simulation
  • Information security reporting

Contact us

Iris Alanen

Digital Society

iris.alanen@gofore.com

040 163 6485

Other success stories

a man and a woman walking in an office

THL

A long-term partnership supports the success of THL’s projects and change management

Kela

Easier access to health data with the OmaKanta App

Fimlab

Designing healthcare information system

Back to top