Issue link: https://maltatoday.uberflip.com/i/1395902
13 example, you look at the address of the website (URL) from where it is sent, you will realise it's fake. MI- TA analyses phishing campaigns that could be going on globally to better understand the attacks: what is happening, who is being targeted, from which IP are these attacks originating, the subject name, etc. We would then be bet- ter placed to protect our systems. As you mentioned, security can be reactive or pro-active, and we always try to take a pro-active ap- proach. Through incoming infor- mation we analyse the character- istics of the attack and compile a profile, (within the cybersecurity community this is referred to as Indicators of Compromise) such as the IP it is coming from, email details and content, type of mal- ware, etc. With the utilisation of various tools we then check for such Indicators to detect any possible breaches. Indicators are also utilised to proactively pro- tect our infrastructure. There are sometimes instances where we have to react to attacks, ensuring that the phishing email is not al- lowed to spread and we contact users to take reactive measures, such as changing passwords. We also immediately inform our in- ternational partners of whatever intelligence we gather about the attacks. MITA is custodian of vital personal data. How does the agency go about updating or introducing digital security policies? How important is security when a new policy, service or technology is discussed? David Galea: One of MITA's primary respon- sibilities is ensuring that the secu- rity vision communicated through its information security policies remains comprehensive and cur- rent. Security risk assessments carried out on MITA-managed solutions and services are also used to provide input to strength- en existing policy positions as a result of any shortcomings identi- fied through such assessments. Furthermore, the Agency is committed to assess adherence to controls mandated by its infor- mation security policies through a programme of ongoing compli- ance checks. Identified non- con- formances are followed up until rectification and analysed in detail to determine whether the provi- sions of the information security policies need to be improved or communicated better to interest- ed parties. Does MITA offer its services and know-how to others? How important is it that common systems and standards are used across the board? Ryan Bugeja: MITA offers consultancy servic- es to ministries and Government entities through detailed research highlighting the risks associated with a particular solution, system or setup. The outcome of a consultancy exercise may include both techni- cal as well as procedural controls that are recommended to be ap- plied as to mitigate the identified shortcomings. We identify threats and security shortcomings and offer viable secure solutions com- mensurate to the current threat landscape and attack vectors. We also carry out information security assessments which in- volve penetration testing and ex- ercises mimicking attacks to iden- tify shortcomings in the solution or in the procedures deployed to counter the attacks. These exer- cises help us better understand deficiencies in systems and based on which eventually we apply ap- propriate controls to improve the security posture of the concerned system. An important role of the team is that of ensuring consistency across systems. Our team achieves this consistency by adhering to es- tablished industry standards – this helps us ensure that the best pos- sible level of information securi- ty is provided. Such will ensure the confidentiality, integrity and availability of information. The National Cyber Security Coordination Centre is in direct contact with entities outside MITA and with businesses and consumers. For someone who does not work in security or tech, how easy is it to understand the risks of digital crime? Are Maltese businesses recognising these risks and protecting themselves adequately? Joanne Deguara: Anyone can fall victim to cy- ber-attacks, especially now- adays that attackers are tar- geting the human points of weaknesses. MITA strives to remain pro-active as that is one way of limiting the num- ber of victims. In this respect MITA is leading the national cyber security awareness and education campaign, Cyber Se- curity Malta launched in 2018, which constantly delivers cyber hygiene messages through dif- ferent platforms to get people up to date on cyber security. Amongst the various activities organised, to mention is the National Cyber Security Sum- mit, Webinars and the B Secure scheme which offered private entities specialised courses and risk assessments. The feedback received was very positive con- sidering that often many SMEs do not have the capital to invest in cybersecurity. The campaigns run by Cyber Security Malta are not targeted at businesses alone but also at other groups. During the last months, we had a campaign targeting the elderly, another one targeting youths and another one targeting football followers. Whilst catering for specific groups, through our social media platforms and website, television and radio we ensure the delivery of messages to the general public. So, our advice is to follow us on cybersecurity.gov.mt and socials to keep yourself continuously updated. maltatoday | SUNDAY • 25 JULY 2021 COMMERCIAL