As technology becomes increasingly embedded into a company’s daily operations, it is crucial for businesses, irrespective of their size, to implement cybersecurity strategies.
While technical personnel may readily recognise the need for reinforced cybersecurity measures, key operational figures such as Chief Financial Officers (CFOs), Chief Operations Officers (COOs), and business owners may find it more challenging to fully grasp the urgency and complexity of these issues.
This was the predominant theme behind the latest CYBER Breakfast organised by the MITA-NCC, which forms part of a series of events intended for the National Cybersecurity Community to tackle emerging cybersecurity topics.
Throughout the event, professionals ranging from IT specialists to CFOs from various industries emphasised the importance of cultivating a culture of awareness and open communication that reaches every level of the organisation, “from the bottom to the top.”
The panel, moderated by Malcolm Portelli Chief Information Security Officer (CISO) at Andaria Financial Services, discussed the cyber perspective from a business point of view. The discussion was held between Abigail Abela Cavallaro, Head of Finance and Procurement at Servizz.Gov, Videoslots CFO Clive Spiteri, and BOV COO Ernest Agius.
Ernest Agius opened the discussions by recounting the 2019 cyberattack which targeted BOV, emphasising how crucial it is to be prepared for such incidents. Drawing from his firsthand experience of the cybersecurity breach, Mr Agius described the costly ordeal as an eye-opener and shared the feeling of being overwhelmed during the attack. “It felt intrusive and personal,” he said.
On his part, Videoslots CFO Clive Spiteri acknowledged that communication between IT and Finance is key, particularly for startups, which may not have the same resources as larger companies like BOV. He noted that the IT team’s efforts must be maximised in such environments, where the focus is often on growth.
“If you’re working with a startup, you need to begin the work well in advance, engage with the finance team, and discuss what can realistically be achieved,” he addressed the crowd.
Furthermore, he expressed his belief that the person responsible for implementing cybersecurity strategies should internally “sell the need” for the importance of investing in cybersecurity tools. Even if it comes at a cost, “it is avoiding possible future hassle and mitigating risk that could materialise.”
In addition to communication, the panellists emphasised that raising awareness is the next essential step for both parties to collaborate effectively. Servizz.Gov’s Abigail Abela Cavallaro stressed that IT teams should not limit their engagement to executives but foster a culture of awareness across the entire organisation. “While full understanding may not always be possible, security checks should align with the goals of the entity,” she said.
Addressing IT employees in attendance, the panellists remarked that they should not be afraid of reaching out. By presenting data on potential cyberattacks the company could have faced, IT teams can help executives better understand what it might potentially face.
Jumping in on this point, Mr Spiteri remarked: “And, in addition, explain how much money has been saved through cybersecurity measures and how much more could be saved.”
On the external side of cybersecurity, COO Ernest Agius noted that communication should also be extended between institutions on the islands, suggesting that sharing information on cyberattacks would help keep companies more vigilant.
Similar points were echoed by the attendees during the discussions which took place during the breakout sessions, where real scenarios were discussed.
The groups also pointed out that investing in cybersecurity practices can be compared to investing in insurance: While spending money might seem like a waste, it ultimately proves its value when needed.
Additionally, industry managers reflected on the balance between investment and risk. For instance, they noted that the cost of recovering lost data or stolen intellectual property might be higher than the monetary investment required for cybersecurity.
One group suggested that when pitching products or strategies to operations executives, IT teams could provide case studies to strengthen their arguments.
Others highlighted that cyberattacks can also cause reputational damage, with some managers questioning whether falling victim to an attack might harm business, as clients could turn to alternative companies to feel more secure.
Visit ncc-mita.gov.mt for more information and join the community today.
This article is co-founded by the European Union.
The Malta Financial Services Authority (MFSA) has identified a number of misleading financial marketing practices in its 2023 report. The ...
Project will not encroach on virgin or agricultural land and will only involve an extention of the existing runway
The decrease in imports was mainly driven by machinery and transport equipment, which totalled €178.6 million