Issue link: https://maltatoday.uberflip.com/i/1533584
maltatoday | SUNDAY • 23 MARCH 2025 6 COMMERCIAL Hands-on experience at the forefront of MITA-NCC's Cyber Breakfast H ANDS-ON experience was at the forefront of the first Cyber Breakfast event of 2025, hosted by MITA-NCC. The event brought together cybersecurit y professionals for interactive sessions and real-world scenarios aimed at enhancing understand- ing of risk management and strengthening cybersecurit y practices. Real-life scenarios Professionals collaborat- ed to tackle challenges such as supply chain compromis- es and ransomware attacks, gaining insights into the lat- est cybersecurity threats and the critical role of regulatory compliance. During the event, attendees had the opportuni- ty to prioritize cybersecurity controls and test their deci- sions through a table-top exer- cise that simulated real-world threat scenarios. The event also aimed to deepen participants' under- standing of risk management by highlighting the importance of a risk-based approach to cy- bersecurity. To achieve this, attendees were divided into small groups and presented with two key scenarios. Their task was to assess each situa- tion, identify vulnerabilities, and develop effective strate- gies to mitigate the associated risks. Navigating the cybersecurity landscape Presenting at the event, Nicholas Aquilina, IT Risk and Control Manager at APS Bank, began by highlighting that 21% of enterprise breaches over the past 12 months were attribut- ed to external attacks targeting employees' home or remote work environments. Aquilina said that the top reported threats according to Forrester's 2024 were: • Narrative attacks – Nar- rative attacks are fuelled by three key manipula- tion types: misinforma- tion, disinformation, and malinformation. • Deep fakes – Deepfakes are images, videos, or au- dio which are edited or generated using artificial intelligence tools, and which may depict real or non-existent people. • AI responses –– AI re- sponses refer to content or interactions generated by artificial intelligence systems, such as chatbots or automated customer service platforms. • AI software supply chain – The AI software supply chain involves the series of processes and vendors that provide the software, models, and datasets used to train artificial in- telligence systems. • Nation-state espionage – Nation-state actors might look to steal military in- telligence, intellectual property, and other types of sensitive information held by government or- ganizations, contractors, and other businesses. Moreover, Aquilina highted that a strong security strategy consisted of multiple layers: "An in-depth defence that en- sures if one control fails, other controls remain in place. A ze- ro-trust policy, which assumes no entity should be trusted by default and threat intelligence which provides real-time in- sights." Aquilina also mentioned that NIST CSF 2.0 improves com- munication between execu- tives and managers, aligning strategy with daily risk man- agement, while placing great- er emphasis on governance to strengthen cybersecurity across the organisation. Regulatory compliance Aquilina also highlighted the importance of following regu- lation and managing risks ef- fectively when it comes to cy- bersecurity. This means using well-established guidelines, like ISO 27001, NIST, and PCI DSS, and ensuring that the business follows necessary le- gal and industry regulations such as GDPR, DORA, and NIS2. The approach also focuses on identifying risks and prioritiz- ing actions based on the most serious threats. It involves on- going checks to make sure the business stays compliant as regulations come into force. Additionally, it keeps clear records that can easily be re- viewed during audits. Furthermore, there should always be security risk man- agement set up to support the goals of the business and be part of the everyday opera- tions. The main goal is to strength- en the company's ability to keep running smoothly, even in the face of challenges. For security to be truly effec- tive, it needs to be built into daily practices, not added as an afterthought. This helps the company stay prepared for potential risks and continue to grow and succeed in the long run. This article is co-funded by the European Union. Above: MITA Cyber Breakfast, Below 1st: Nicholas Aquilina, IT Risk and Control Manager at APS Bank, Below 2nd: Professionals collaborated to tackle challenges such as supply chain compromises and ransomware attacks, gaining insights into the latest cybersecurity threats and the critical role of regulatory compliance. (All photos by Ian Noel Pace)