Issue link: https://maltatoday.uberflip.com/i/1494460
5 INTERVIEW 9.3.2023 PAUL COCKS NEW data on cyberattack trends pub- lished by Security magazine in January of this year cites a 38% increase in glob- al attacks in 2022, compared to 2021. Europe, alongside North and South America, saw the largest increases in cyberattacks in 2022 at 26%. e re- port is available at https://www.securi- tymagazine.com/articles/98810-glob- al-cyberattacks-increased-38-in-2022 is escalation of cyberattacks is at- tributed to more agile hackers and ran- somware gangs who have been focus- ing on exploiting collaboration tools used by remote workers and schools and educational institutions that shift- ed to e-learning during the pandemic, as well as a significant increase in at- tacks on healthcare organizations. "As we continue to witness this rise in cyber risks, our role in ensuring GO and our customers remain safe from cyber-attacks continues to become more vital. is explains the various processes we have in place to prevent, detect and mitigate attacks that can lead to data breaches and to ensure our infrastructure and services are resilient against this increase in cyber-attacks," says Kenneth Ciangura. Ciangura explains how an informa- tion security management system helps to systematically manage sensi- tive information such as personal in- formation, intellectual property, and financial data, to ensure its confidenti- ality, integrity and availability. "is ISO standard provides a set of requirements and controls that we are using to develop our Information Se- curity Management System (ISMS), tailored to GO's specific needs and risks. By conforming to this standard, GO can demonstrate to stakeholders, customers, and partners that we have implemented best practices for infor- mation security management and en- joy our services with peace of mind that their data is protected." "e ISO 27001:2013 standard covers a wide range of information security topics, including risk assessments, se- curity policies, access control, cryptog- raphy, incident management, business continuity, security awareness training for employees and compliance with all applicable legal and regulatory re- quirements. It also emphasizes the im- portance of continuous improvement and ongoing monitoring and review of the ISMS to ensure it remains current and effective." e ISO certification covers all GO teams handling confidential customer information as well as various physical locations, including GO's head office and three data centre locations that host GO's server infrastructure and customer co-location facilities. "is was a multi-year project involv- ing people from all our teams which allowed us to ensure that our infor- mation security programme is aligned with our business goals and with our company purpose, which is to drive a digital Malta where no one is left be- hind," adds Ciangura. "We led various discussions with internal stakeholders to understand which teams, systems and data need- ed to be covered in the scope of the security programme, to understand all our contractual, legal and regula- tory obligations and to remodel our security policies to take all of this into account." "We also revamped our risk manage- ment processes to ensure that we could implement enhanced information and cyber security controls against emerg- ing threats and risks that GO could have been facing. We also enhanced our security awareness programme to ensure that all our people are receiving such training to allow them to work se- curely from day one," he added. Ciangura described this certification as an incredibly important milestone for GO. "However, we also see it as the begin- ning of a journey, since we now have to continue improving on our security programme, keeping it up to date to take into account the changing operat- ing environment and the increasingly complex threats and attacks that we shall continue facing," he said. But what does this ISO Certification mean for an organisation like GO and how does it make GO a better organi- sation? "ISO 27001:2013 is a valuable tool for organizations such as GO which need to establish and maintain effective in- formation security practices and main- tain the trust of their stakeholders. It is not a simple rubber stamp or a one- time exercise, but an opportunity to keep strengthening and improving our processes, to keep training our teams on matters that affect information se- curity, to increase resiliency and avail- ability of services and to reduce risks and protect ours and our customers' assets." Ultimately, any investment needs to also benefit the organization's custom- ers. "e ultimate benefit for all custom- ers of GO is the value in the assurance that GO is putting information securi- ty at the top of its agenda. We want our customers to trust us, to feel safe using our services and to rely on GO for their information and cyber security needs. Our purpose and values drive all our decisions. We pride ourselves on giving the best customer experience possible, and ensuring that our customers can enjoy our services safely and securely, with total peace of mind is central to this experience. " "is is already being provided through GO SecureNet and other products that are tailor-made for busi- ness customers, but our aim is to con- tinue enhancing the inbuilt security of our products and services to reflect customer requirements and expecta- tions," concluded Ciangura. What ISO 27001 certification means for an organisation like GO GO has been certified against ISO 27001:2013, an international standard that out-lines a framework for establishing, implementing, maintaining and continually improving an information security management system. "By conforming to this standard, GO can now demonstrate to stakeholders, customers, and partners that we have implemented best practices for information security management," explains KENNETH CIANGURA who leads GO's Information Security team