This year's Cyber Root event rounded up a varied set for distinguished speakers. One of the few, if not the only, cybersecurity conferences in Malta organized by the Malta Information Technology Agency (MITA), this year's event delivered some insightful and thought-provoking speeches. Read on for some key takeaways.
1. One email, one click
Why should one email and one click bring down an entire system? Jonathan Cassar, Chief Information Security Officer at MITA aptly described the entire aim of cyber security in organisations with this one sentence. Despite phishing being one do the most common cybersecurity related crimes, employees' wavering hands over their laptops should not bring about the business' downfall. Investment in cyber resilience is paramount to ensuring business' survival in the cyber domain.
2. Collaboration: Presenting a united front
Collaboration underpinned most of the panels and speeches delivered during the event. Whether different entities in the private sector collaborate through information sharing or whether the collaboration cross over to the public sector, working together is key in the fight against cyber crime. A common factor underlying cyber crime targeting both public and private sector is the current political instability which causes disruptions in supply chains and uncertainty on the reach of third parties in supply chains. So, why shouldn't entities work together to fight a common enemy in the cyber world?
3. Creating a culture of security
Chelsea Jarvie described a culture of security as being the heart of any cyber resilient business. But one of achieving this is to see individuals in a business as the strongest and not the weakest link. Even though cyber criminals attempt to 'hack the human', through manipulative and psychological tactics, we need people to speak up in phishing cases. Employees need to be trained in an effective manner, to spot attempts at phishing, and understand the reason why attachments should not be open, or links should not be clicked on in suspicious emails. In most cases, cyber incidents are caused by people rather than by the technology being used: unpatched systems, underutilized tools or ignored alerts. But rather than categorizing humans as the weakest link, we should see humans as the toughest barrier against cyber attacks if they are trained right. Hacker-turned-consultant Greg van der Graast, distinguished between achieving security and doing security. Investing in security tools is commendable and indeed important to ensure that one click does not bring down an entire system, but true security can only be achieved if we also invest in the people behind the business.
4. How should businesses manage a cyber-security incident?
Lisa Forte took the audience through a typical cyber incident, to get the cogs in our brains working. The key takeaways? Aside from having in place comprehensive incident response plans, carrying out training and simulations, some more practical aspects came to light:
Teamwork
Challenging others' decisions in a crisis is surprisingly an effective way of getting through an incident and delivering sound decisions. Whether this involves different teams in a business sharing info, contributing resources or challenging decisions, the practical actions can allow a business to handle a cyber incident correctly.
Public communication
Although prevention is better than cure, prevention can never be 100%. Part of handling an incident involved informing the public and clients about the security incident. Rather than doing damage control if news of the incident gets out, it is perhaps easier to control the narrative if you communicate the news first.
Cyber insurance
Easily overlooked, insurance policies may very well be a lifesaver for businesses. Typically covering forensics support, public relations and communications, these policies tend to contain a catch: insurance providers may typically want to be notified first. So read your cyber insurance policies well!
Do we need to be cybersecurity experts to implement such practical actions? Perhaps not. Rather, we can be individuals working together towards a common goal: cyber resilience.
.jpeg)
Dr. Susanna Grech Deguara & Dr. Danielle Mercieca in attendance at Cyber Root
.jpeg)
