INVL Technology

Investor Presentation • Apr 18, 2023

FOCUS

Cybersecurity operations build-out, incident detection and handling, establishment and support of Computer Security Incident Response Teams (CSIRTs) and Security Operation Centres (SOCs), and cyber capacity enhancement for organisations, sectors, and nations.

CUSTOMERS

Governments, public, and private sector organisations.

OUR PORTFOLIO: SERVICES

• IT security audit
• SWIFT assessment
• Penetration testing
• Social engineering
• Cloud Security

Audits and assessments Cybersecurity capacity building Technology solutions

• Development of frameworks for Critical Information Infrastructure (CII) protection
• National cybersecurity capacity maturity assessment

• National cybersecurity strategy and legislative framework development

• Privileged Access Management (PAM)

• Data Loss Prevention (DLP)
• Security Information Event Management (SIEM)
• Vulnerability Management

• Operational Technology (OT) security

• Cybersecurity essentials

• Analysis using I2 Analyst Notebook
• Intelligence analysis
• Digital forensics course
• Incident response practice
• Building an effective cybersecurity team

Training courses Managed Security CyberSOC

CISO advisory

Security management framework

CSIRT/SOC

OUR PORTFOLIO: PRODUCTS

Natrix is a centralised cybersecurity monitoring and threat hunting platform. The solution has been created by NRD Cyber Security R&D team to enable coordinated threat monitoring.

Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliances. It is set-up in organisation's internal network and analyses traffic data just before it is sent across the internet.

This product has already been deployed in:

Other EU countries

Bank of Egypt

Bangladesh Critical Information Infrastructure

CyberSet - a set of technologies and operational procedures, allowing the integration and automation of typical SOC functions for the security service providers (MSSPs) that manage them.

NRD Cyber Security has been actively developing this product for a couple of years and recently a prototype has been introduced. In 2022 the product will be deployed while establishing a National CIRT in Malawi.

4 I n r d c s . l t

NRD CYBER SECURITY FINANCIAL REVIEW

• 1. MAIN ITEMS OF THE INCOME STATEMENT AND BALANCE SHEET
• 2. KEY FINANCIAL DATA (REVENUE AND EBITDA)
• 3. REVENUE BY COUNTRY
• 4. REVENUE BY SECTOR AND OPERATIONAL COVERAGE

MAIN ITEMS FROM THE INCOME STATEMENT (€000)*

	NRD Cyber Security
	2021	2022
Revenue	5 365	6 079
Gross profit	2 347	2 979
EBITDA	784	653
EBIT	615	564
Net Profit (Loss)	603	526

MAIN BALANCE SHEET ITEMS (€000)*

	NRD Cyber Security
	2021-12-31	2022-12-31
Tangible assets	124	401
Intangible assets	1 23
Other non-current assets	160	199
Current assets	2 966	3 226
of which cash	1 745	1 332
Total assets	3 251	3 849
Equity	1 480 1 509
Non-current liabilities	37	606
of which financial debt	12	196
Current liabilities	1 734 1 734
of which financial debt	48 54
Total liabilities and equity	3 251	3 849

*The unaudited consolidated results of the NRD Cyber Security group are presented. The results of NRD CS and NRD Bangladesh are included in the results of the NRD Cyber Security group. Standalone financial statements of companies for 2022 and 2021 are audited. The result of 2021 is not consolidated as the control of the subsidiary company NRD Bangladesh has been acquired at the end of 2021. The balance sheet for the year 2021 is consolidated.

KEY FINANCIAL DATA

€000	2018	2019	2020	2021	2022
Revenue	3 876	2 836	3 229	5 365	6 079
EBITDA	559	341	434	784	653

7 I n r d c s . l t *IFRS 16 was implemented in 2019 with an impact on the size of EBITDA, thus the EBITDA indicators for 2018 and 2019-2022 are not directly comparable

2021 2022

€000	2021	2022	Change
Lithuania	4 479 (83%)	4 749 (78%)	270
Other countries	886 (17%)	1 330 (22%)	444
Total	5 365	6 079	714

REVENUE BY SECTOR AND OPERATIONAL COVERAGE

Compared to previous year, the share of revenue generated by NRD Cyber Security group from the private and public sectors increased while the share of revenue from the financial and academic sectors slightly declined.

In 2022, the geography of operations of NRD Cyber Security spread to the Bahamas, the United States of America, Kosovo, Trinidad and Tobago, Malta, Uganda.

*The number represents where the projects have been implemented. Since 31 December 2021 NRD Cyber Security group consists of UAB NRD CS and NRD Bangladesh Ltd.

9 I n r d c s . l t

KEY NRD CYBERSECURITY PROJECTS IN 2022

• 1. CSIRT ESTABLISHMENT
• 2. NATIONAL CYBERSECURITY CAPACITY BUILDING
• 3. CYBERSECURITY ASSESSMENTS
• 4. TECHNOLOGY SOLUTIONS

MAP OF NRD CYBER SECURITY KEY PROJECTS IN 2022

THE LITHUANIAN MARKET

NRD Cyber Security has increasingly strengthened its market leadership position throughout 2022 by implementing CyberSOC - External Security Operations Centre services in Lithuania.

INTERNATIONAL MARKETS

During 2022, NRD Cyber Security continued its activities in international projects and fulfilled its contractual obligations. The projects completed in 2022 are presented below:

• Malawi: As part of a contract with the International Telecommunication Union (ITU), NRD Cyber Security experts helped to establish a functioning national Malawi CERT.
• The Bahamas: In 2022, another contract was signed with the ITU to establish a Bahamas National CIRT. As part of the first phase of the project, a CIRT design document was developed and approved in 2022, which will guide the implementation of technical solutions, the establishment of processes and procedures, and the development of the policies and procedures necessary for the provision of services.
• Botswana: As part of the project, NRD Cyber Security carried out a comprehensive security assessment and improvement of the security posture of the infrastructure and organisational measures of the Central Bank of Botswana.
• Egypt: As part of the follow-up project and following the successful completion of the contractual obligations of the first phase in 2021, cooperation with the Central Bank of Egypt continued in 2022 with the conclusion of contracts for the roll-out of five own-brand Natrix licences in Egyptian local banks.

• Republic of Serbia: NRD Cyber Security provided expert support for the preparation of an assessment report on the state of cybersecurity management and the protection of the critical national infrastructure in the country.

• Bosnia and Herzegovina: NRD Cyber Security provided expert support for the preparation of an assessment report on the state of cybersecurity governance and the protection of the critical national infrastructure in the country.

• Republic of Kosovo: NRD Cyber Security experts provided consultancy services for the establishment of the Kosovo Energy Sector CERT under the Good Governance in Cybersecurity in the Western Balkans.
• Republic of Rwanda: A cybersecurity maturity assessment using the State Cybersecurity Maturity Assessment Model. As part of the project, the NRD Cyber Security Expert Group produced a report that assesses the maturity level of a country's cyber security capabilities, identifies potential risks as well as practical actions to increase the maturity of its cyber security capabilities, and identifies priorities for investment and future capacity building, taking into account the country's specific needs.
• EU: A Cybersecurity Crisis Maturity Assessment Model. In order to effectively prepare for and respond to major cyber incidents or crises, a maturity model has been developed to assess the level of maturity of the EU institutions, bodies, and agencies involved at operational level in the management of cyber crises across the EU. The main objective of this project was to develop a comprehensive maturity model, detailing maturity levels, milestones, minimum values, and assessment methods.

INTERNATIONAL TRAINING

CSIRT/SOC establishement and modernisation

The training programme is based on the ITU Centres of Excellence programme.

The aim of the training is to provide theoretical and practical knowledge to build cybersecurity teams. Cyber Security Teams include both Cyber Incident Response Teams (CSIRTs/CERTs/CIRTs) and Security Operations Centres (SOCs). This training combines practice and theory to understand how to build an effective team.

Effective analysis with i2 Analyst's Notebook

Effective analysis with i2 Analyst's Notebook: 2 training sessions for 20 financial crime investigators from EU Member States.

NRD CYBER SECURITY

INFO@NRDCS.LT