The government has launched the first ever dedicated cyber security scheme, with Parliamentary Secretary for Financial Services, Digital Economy and Innovation Silvio Schembri saying that “cyber security must be incorporated into the country’s ecosystem” as it looks to continue future-proofing its economy.
Malta’s first ever Cyber Security Summit took place on Thursday, with the launch of the B Secure Scheme from Parliamentary Secretary for Financial Services, Digital Economy and Innovation Silvio Schembri, and presentations and keynote addresses from experts such as Chamber of Commerce President David Xuereb, MITA’s Ephrem Borg, and the CIO of the ROKiT Williams F1 team Graeme Hackland.
More than 400 delegates from a raft of companies in the private sector attended the summit, with Schembri noting that this shows that there is an appetite for knowledge, which in turn gives the courage to continue to evolve.
Schembri announced the launch of the B Secure Scheme, a government investment of €250,000 specifically to instil a cyber security mentality in the private industry.
A recent survey carried out found that 40% of all local businesses have suffered a cyber attack. 83% of large organisations fell victim to at least one cyber security incident, and 46% of firms were most affected enterprises, with fraudulent emails, scam calls, and the unknowing installation of malware or malicious software being the main sources of these attacks.
He said that the strategy aims to allow the private sector to flourish, to instil a prevention is better than cure mindset, and to encourage more collaborations with other countries, as has been done in an MOU with Singapore already.
“In view of our efforts to attract new companies, new investment and the exploration of new economic niches to diversify and futureproof our economy, cybersecurity must be fully incorporated into our ecosystem”, Schembri said.
The B Secure Scheme, which aims to assist the private sector in cybersecurity enhancement and awareness, is the first government scheme solely focused on cyber security and is dedicated to ensuring the stability of the private sector, invest in cyber capabilities, and improve cyber readiness.
“It is that to attain a comprehensive Cyber Security posture, a onetime exercise is not sufficient”, Schembri said before adding that “what is important is for the entity to recognise the value attained through such an exercise, so that this Scheme is used as a pediment on which they can embark on further security tasks to strengthen their posture.”
The scheme is based on three pillars; training courses for executive and industry professionals; testing of the network and wireless infrastructures and web application solutions; and testing of external hosts against known vulnerabilities.
At the core of the implementation process is training, people trained and the hours of risk assessments. Services will start being delivered as from January 2020, and will see 330 hours of training, 123 hours of risk assessments, and a target of 220 people trained.
An elected scheme board will handle applications, the eligibility and selection criteria will be defined, while training will be on a first come first served basis. Applications for risk assessments will be evaluated by the scheme board based on a specific criteria centred on the exposure to cyber threats.
The scheme is open to any entity in Malta – including self employed persons and partnerships – and registration opens today and closes on 24 November this year.
‘No business is too small to not be at risk of a cyber attack’ – Chamber of Commerce President
Chamber of Commerce President David Xuereb said that while technology has allowed us to do business in a faster, more reliable, and widespread way, there are also risks to it. Illicit use of data can change the world, he said referring to the Cambridge Analytica political controversy as a high-level example.
“No business is too small to not be at risk of a cyber attack”, Xuereb said while noting that smaller firms are more vulnerable due to their lack of preparedness, which is in itself a source of concern.
“Many believe that they are not at risk even though the figures show otherwise”, he said before noting that it is not an overstatement to say that cyber security is one of the defining issues of our time, describing it as a continuous threat that requires attention.
The Chamber, he said, is taking cyber security very seriously and considers it to be a priority; a risk that needs the most attention so as to safeguard not only revenues, but also livelihoods and the positive economic development of the country.
The Head of the Information Security and Governance Department at MITA Ephrem Borg meanwhile spoke of the awareness and outreach on cyber security that the entity had done with students and now in the public sector.
A recent MITA survey, he explained, shows that only 35% of SMEs provide cyber security training to their employees, while 80% would like to be able to provide such training and 75% see great value in expanding their IT infrastructure.
He noted that MITA has one of the highest skills levels in Malta when it comes to this sector; a level which means that their employees can look eye to eye with professionals around the globe.
He also spoke of the new technologies – artificial intelligence, machine learning, big data – that the authority was using to analyse cyber trends across the global landscape, which will ultimately make it easier to identify certain threats.
Panel discussions on role of regulators, data sharing bring together local and international experts
Two panel discussions followed, with the perspective of regulators and data sharing being the subjects at hand.
The first panel, titled ‘Cyber Security through the eyes of the Regulators’, was made up of Ronan McCurtin, the Regional Vice President of Northern Europe for Acronis; Jason Farrugia, Chief Technology Officer of the Malta Gaming Authority; Sandra Saliba, a senior analyst at the Malta Financial Services Authority, Antoine Sciberras, the Chief of Spectrum Management and Technology at the Malta Communications Authority; and Trevor Sammut, the Chief Regulatory Officer of the Malta Digital Innovation Authority. Martin Camilleri moderated the panel.
The discussion looked at the need for resource sharing and training, with Saliba noting that the weakest link in the chain is normally the people themselves, dealing with ransomware technology in a proactive, not reactive manner, the need to scrutinise the host of any cloud system, and the EU law changes that may be needed to integrate 5G into the EU’s communication policy.
The second panel, titled ‘Problem shared is a Problem Halved’, was made up of MITA’s Security Operation Centre Project Manager Reuben Gauci, the US’s Rome Embassy Assistant Legal Attache Peter Lafranchise, and the Head of International Cyber Security of the UK Foreign and Commonwealth Office Katherine Fox and was moderated by Jonathan Cassar.
The main theme was the importance of sharing information both at a domestic and a national level, with discussions on the legal complexities of sharing data between countries and the benefits of sharing this information for security reasons.
In a fascinating keynote presentation, the CIO of the ROKiT Williams Formula One team Graeme Hackland provided an insight to how data is used within the sport of Formula One, and pointed towards potential areas where such data can be advanced further.
He said that the team gives a strong basis to partnerships across the IT and cyber spheres, so as to divert as much of the team’s budget to the racing car itself. He said that it is important to treat human being as the first line of defence, rather than a threat, even if mistakes can happen.
Hackland explained that, perhaps contrary to popular belief, the biggest challenge is not with regards to the racing data pertaining to Formula One, as that is only relevant for a limited period of time due to the ever-changing nature of the sport.
However, there are elements – such as on building materials, thermal properties, and electrification – which are much more valuable as they are adapted to be used in the commercial market.
Giving examples, he explained that the same factory which makes the Williams’ Formula One car’s front wing and floor also utilises the technology used in the driver’s cockpit survival cell to create two baby pods out of carbon fibre every day, which are then used to transfer babies by ambulance or air ambulance. Their batteries, developed for the Formula One car, were used in the inaugural Formula E season and the technology has since been used in folding electric bicycles.
Hackland explained how there is a push to implement new technologies such as artificial intelligence and machine learning into the strategy decisions during a race. He said that it takes around a minute for a human to analyse all the data that Formula One teams use to make a strategy decision, and in anything less than that – mistakes can happen. This was seen this season when the Mercedes team had to take a decision in the space of six seconds and ended up making a mistake which cost them a race win.
A machine will eventually be able to compute all the variables and data which are taken into consideration for a Formula One strategy – such as tyre degradation, tyre temperature, pace of other cars, and track position – in the space of one second. First, such technology would augment humans in their decision taking procedure, but Hackland said that he would like to see machines eventually making these decisions themselves – although it remains to be seen how the engineers, and drivers themselves, would take it.
He noted – like many other speakers – the dangers of ransomware, saying that one particular Formula One team had lost a whole day of pre-season testing because of such an attack, and noting that the team itself had been hit by such attacks themselves. One had even encrypted 50,000 files before the team found it – and Hackland described that incident as the team being “lucky” to have found the issue and solved it so soon.
In his presentation meanwhile, Acronis Regional VP for the Northern Region Ronan McCurtin spoke about how cyber security and the protection of data has now become a human right, noting that history can be changed because of data – here referring to the effect of Cambridge Analytica and their use of data in the elections in Trinidad and Tobago, the United States, and the Brexit referendum.
He noted that ransomware – when a program is locked or data is stolen and the user has to pay a ransom fee to get it back – has become very common; there is a ransomware attack every 14 seconds, and Acronis has stopped over half a million such attacks in the last 12 months.
28% of all organisations will have a data breach in the next couple years, he said, noting that five aspects must be kept in mind for data protection – these being safety, accessibility, privacy, authenticity, and security. All of these are critical but they can work against each other at times, McCurtin said before noting that a balance must therefore be reached.
Acronis’ Technology Evanglist Markus Bauer also addressed the summit, with his speech centring on various aspects related to data recovery, but also what he called the new version of cyber attacks – data manipulation, citing an example where two digits of a bank account number on a company invoice were changed.
Closing off the summit, Microsoft’s Cybersecurity Architect who is leading the Worldwide Cybersecurity Champion George Balafoutis spoke about the current threats being faced by companies all across the globe.
He spoke about the most commonly observed security mistakes that are made in modern, fast-paced organisations while also stating what should be done to protect against them and what to do if things do, ultimately, go wrong.
Photos: Alenka Falzon
