Data is the lifeblood of every organisation. Yet so many business fail to take the necessary steps to protect corporate or client data. According to Consoltech, up to 94% of companies that suffer a severe data loss never recover.

What is worrying is that while nearly every surveyed IT decision maker said they have backup strategies in place, 26% admitted having difficulty or were unable to restore all data/documents! In cases where ransomware was the culprit, companies that paid the ransom only got 65% of the data back – and only 57% successfully recovered their data using a backup (Cloudwards).

Compliance, governance and backup strategies have been around for many years yet the statistics year after year show that there are still businesses that are taking unnecessary and dangerous risks.

It is in this context that BMIT is excited to announce its upcoming event in collaboration with Veeam, one of the world’s leading backup and recovery firms.

The theme of the event is "Navigating Security: Best Practices & Strategies" with a strong focus on data, governance and backup.

The event will take place on the 18th of April, 2023 at The Brewhouse and the keynote speaker from Veeam, Eli Bitton, will share their expertise on the latest backup and disaster recovery strategies. In addition, the event will include a session where we go beyond theory and focus on a real-life user case.

Whether you're a small business owner, IT professional, or security expert, this event is a must-attend. You'll have the opportunity to network and learn from industry experts and gain valuable insights into the latest security trends and best practices.

Don't miss this exciting event!

Register now to reserve your spot.

We look forward to seeing you there!

It should come as no surprise that eight in 10 hacking-related breaches are due to weak/stolen passwords.

Let’s be frank, changing passwords and following stringent password policies is a hassle; that’s why so many people set one ‘strong’ password and then use it across multiple accounts. Even then, if your password is shorter than 9 characters  and uses caps, special symbols and numbers –  it is still susceptible to a brute force attack!

While strong passwords are important, there is another, very effective way to secure your accounts and systems - multi-factor authentication (MFA).

So, what is MFA, and why is it so important? In a nutshell, MFA is a security measure that requires users to provide two or more forms of authentication to access an account or application. This typically includes something the user knows, such as a password or PIN, and something they have, such as a security token, code or fingerprint.

MFA provides an extra layer of security beyond traditional password-based authentication, making it more difficult for attackers to gain unauthorized access.

There are three primary types of MFA:

  1. Knowledge-based authentication (KBA): This type of authentication requires users to provide something they know, such as a password, PIN, or answers to security questions. KBA is the most used form of authentication but is also the least secure, as passwords can be easily stolen or guessed.
  2. Possession-based authentication: This type of authentication requires users to provide something they have, such as a security token, smart card, or mobile device. Possession-based authentication is more secure than KBA, as attackers would need physical access to the user's device to gain access.
  3. Biometric (or inherence) authentication: This type of authentication requires users to provide something they are, such as a fingerprint, facial recognition, or iris scan. Biometric authentication is the most secure form of authentication, as biometric data is unique to each individual and cannot be easily replicated.

How does MFA work?

MFA works by requiring users to provide two or more factors of authentication before granting access to an account or application. The authentication factors can be any combination of the three types of authentication mentioned above (knowledge-based, possession-based, and biometric).

When a user attempts to access an account or application, they will be prompted to provide their authentication factors. For example, they may be asked to enter their password (knowledge-based factor) and then provide a code sent to their mobile device (possession-based factor), which in turn is protected by a biometric feature (fingerprint).

Once the user provides the required authentication factors, the system will verify their identity and grant access if the authentication factors are correct. If any of the factors are incorrect or if the system detects suspicious activity, access will be denied, and the user will be prompted to provide additional verification.

What is the most secure authentication?

In general, multi-factor authentication (MFA) is one of the most secure authentication methods available, however ‘secure’ is often subjective and at times only suitable if it meets a specific risk profile. In some cases, passwordless authentication (for example, biometric + hardware token) or risk-based authentication (for example, access is based on device, location or behaviour) can be a more suitable option.

Why should your business use MFA?

Multi-factor authentication has been around for decades but that does not mean everyone is using it. According to the Cyber Readiness Institute, 55% of small and medium-sized businesses are not ‘very aware’ of MFA and its security benefits, and 54% do not use it for their business. For a proven technology that can stop attacks outright this is surprising.

Here are three reasons why MFA is crucial for your company's security:

Passwords are not enough

I mentioned this above, but it merits repeating again: Passwords are not enough to protect your company's data. Passwords can be easily stolen, guessed, or cracked by cybercriminals. MFA gives you a much needed extra layer of protection.

Protect against phishing attacks

Phishing is a very common tactic used by cybercriminals to steal login credentials and gain access to company data. MFA can help protect your company against these attacks by requiring a second form of authentication, even if the user's password has been compromised. For example, if an employee falls for a phishing email and enters their password on a fake login page, MFA will prevent the hacker from accessing the account without the additional authentication factor.

Compliance requirements

Many industries have compliance requirements that mandate the use of MFA. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires multi-factor authentication for any system that stores or processes payment card data. Additionally, MFA is becoming more common in other industries as a best practice to protect sensitive data from cyber threats.

It is NOT difficult to implement

Implementing MFA in your company can seem daunting, but it doesn't have to be. Many applications and services offer built-in MFA features, making it easy to enable for your employees. Most email services offer MFA as a security option and it’s free! Additionally, there are third-party MFA providers that can help you implement and manage MFA across your company's systems.

So, if you haven't already, it's time to start implementing MFA across your company's systems.

Choose a trusted partner

If you want to improve security and protect the weakest link in your business, BMIT can provide various solutions and services to boost your security posture. Talk to one of our technology advisors today to learn more about MFA and your overall security needs!

Microsoft 365 Business Standard gives every business the standard productivity tool set to collaborate online with access to both web and offline applications for mobile, and desktop from anywhere. The suite of cloud services includes OneDrive, SharePoint, Teams, and Exchange Online. Exchange Online provides your business with an email and calendar service and the basic security features that come with it (malware detection). However, the Business Standard plan misses out on two key areas in modern workplace: security, and enterprise management.

Threats targeting your users to gain access to business data or to disrupt your business are increasing year after year. That is why security should not be shrugged off by a business - no matter the size - specifically SMBs. Having an anti-virus solution does not make the cut in today’s modern cyberthreat landscape; you need more intelligent solutions to defend your business.

Ask yourself: Does your business have the necessary safeguards to protect your users and data?

User and device management is another key area for businesses need to have control – protecting data by setting policies and conditions for who and how data can be used / accessed.

Ask yourself: does your business have control on business / user devices where business data is accessed?

Don’t worry if you don’t! Microsoft 365 Business Premium is built to give every SMB all the tools and features to be more productive and secure with a cost-effective plan.

But why can’t I just add Enterprise Mobility & Security (EMS E3) to my Business Standard plan to get these features?

You can but you will be paying approximately the same price of Business Premium if not more when nearly all EMS features are included, and you will be missing out on other benefits included with Business Premium, such as:

How can BMIT help SMBs?

Microsoft 365 Business Premium is the best choice for Small, Medium Businesses (SMB) up to 300 users, to reap the productivity, management, and security benefits under one plan. BMIT can help you understand your business goals and requirements. We will then guide, enable and support you in your drive to improve your IT posture. Reach out to us.

Hybrid cloud is becoming increasingly popular as a solution for organisations looking to leverage the benefits of both public and private cloud. With the growth of data comes the challenge of managing it effectively and ensuring its security. In a hybrid cloud environment, the combination of on-premises data and multiple cloud services requires a cohesive approach to data governance and security.

These were the three main themes discussed during a very well attended half-day conference organised by BMIT and EY Malta: ‘Moving to the Cloud – Why trust and security matter’.

Gordon Bezzina, CTO of BMIT, was the first keynote speaker. He offered a comprehensive overview of cloud technology advancements and highlighted the three primary reasons for organizations to adopt cloud technology: cost-effectiveness, agility, and enhanced customer experience. Bezzina emphasized that there is no universal approach, and each organization can achieve its unique needs by embracing various elements of cloud technology to maximize benefits.

The following speaker, Daniel Cuschieri, a Senior Manager of Technology Consulting at EY Malta, took the stage and presented on the topic of cloud computing. He started by explaining the basics of cloud in the IT industry, including various types of cloud computing services and how they have transformed traditional IT. Daniel then delved into the three phases of an organization's cloud migration journey, which includes strategy, adoption, and optimization and economics. For each phase, he highlighted the importance of a cloud governance framework, which offers comprehensive guidance for organizations throughout their cloud journey and spans across the entire cloud lifecycle.

In the final presentation, Dr. Dimitrios Patsos, a security expert from Microsoft, delved into the crucial connection between trust, innovation, and security in the multi-cloud and hybrid environments. He highlighted the reality of cybercrime being a thriving industry and emphasized that cybersecurity was slowly becoming a top priority for many boards. The threat landscape, he noted, was shifting as hackers were increasingly targeting users' identities rather than traditional perimeters. Dr. Patsos then went on to stress the significance of innovation in security as a means of building trust. He provided an overview of the various security architectures employed by Microsoft to ensure maximum protection. He emphasized the need for organizations to stay ahead of the curve and embrace innovation in security to safeguard their businesses.

Panel Discussion

Businesses should see compliance as an enabler, rather than a hindrance, because it can help them improve their operations, increase efficiency, and reduce risks. And more importantly, protect their clients and their data.

This was one of many interesting points raised during a panel discussion with three expert panellists – BMIT’s Sean Cohen, EY’s Michael Azzopardi and Microsoft’s Christos Giannakis-Bompolis.

With the cloud becoming more complex, regulatory frameworks guarantee consistency and managed expectations. They also protect customers.

That said, the panellists agreed there was always room for improvement.

Giannakis-Bompolis pointed out that security is a shared responsibility and both vendor and customers had a role to play. A change in mindset was required and customers should not rely on the vendor for their security needs. Azzopardi focused on the data and how companies view data. He said there was a need for structured data governance with clear classification and ownership of the data as well as the integration of controls as needed to protect the data. According to Cohen, awareness on compliance and regulations had to improve and, in turn, gain a better understanding of the data.

Asked to define the next 24 months, one of the biggest developments would be the impact data had on business and cloud adoption, particularly in the context of Internet of Things (IoT) and the growing use of artificial intelligence (AI) in business and industry. Data is key and will be an accelerator for cloud option. “Data is going to drive organisations to the cloud and use the capabilities of AI,” Azzopardi said. From a security perspective, AI will be the next big thing in security solutions. “AI is here and is a huge opportunity. AI will be a driver as organisations use intelligence as a defence,” Giannakis-Bompolis added. Cohen said the Cloud will become a big player as the IoT and data processing become critical. “I believe we will see IoT handling critical data at source, for example in relation to hospital equipment, but analysis of the data will be processed later in cloud.”

Moving to the cloud is not suitable for all, but those who do require a trustworthy provider who meets three requirements: reliability, scalability, and compliance. The provider must be committed to offering the best service while also having the ability to scale and assist customers in achieving compliance. It is crucial for businesses to align their cloud strategy with their business objectives, technology stack, and data architecture. To do this effectively, seeking guidance from experts is essential.

The choice of provider should be guided by a vendor’s local partners. According to Microsoft, a local partner, like BMIT Technologies, can provide skilled professionals with knowledge of the local market, and assist customers in comprehending the range of available products to meet their cloud and security needs.

The cost of cybercrime is predicted to hit $8 trillion, that’s correct, trillion, in 2023, growing to $10.5 trillion by 2025, according to the 2022 Official Cybercrime Report from Cybersecurity Ventures.

To put that into perspective, it is the combined Gross Domestic Product (GDP) of Japan and the United Kingdom combined. If cybercrime were a country, it would be third in terms of GDP after the US and China.

It is a lucrative business, and the currency is one: data. The total volume of data in the world tops 150 zettabytes (150 followed by 21 zeroes) and that data needs to be protected.

Cybercriminals do not discriminate their victims. Every individual and every organisation is fair game. The human element is the most common threat vector.

Why? Humans are the least prepared, least knowledgeable and the weakest link. According to Verizon’s 2022 data breach report, 82% of breaches were caused by users.

Cybersecurity measures alone are not enough to counter cybercriminals’ sophisticated methods. Today, more and more organisations are including security training for employees. It’s effective and shuts the door on most attacks that require some form of human intervention.

Let’s take a look at 10 most common and prevalent cyber attacks that business and their staff should be aware of:

Phishing attacks: This is one of the most common types of cyberattacks, where hackers use social engineering to trick people into revealing sensitive information. For example, an email claiming to be from your bank, requesting your login credentials. In the third quarter of 2022, 3 million phishing attacks were reported (Anti-Phishing Working Group).

Supply Chain Attacks: Supply chain attacks involve targeting a company’s suppliers or partners to gain access to a company’s network or systems. Attackers may use a variety of techniques, such as malware or phishing, to gain access to a supplier’s network and then use that access to gain access to a company’s network.

Ransomware: This type of attack involves hackers gaining control of your system or data and demanding payment for its release. A recent example of this is the ransomware attack on the Costa Rican government to the tune of $30 million. No payment was made and 50% of the encrypted data was leaked to the public.

DDoS attacks: Distributed Denial of Service (DDoS) attacks involve overwhelming a website or server with traffic, making it inaccessible to users. Cloudflare reported that there was a 67% rise in ransom DDoS attacks in 2022.

Insider threats: These are threats posed by employees, contractors, or other insiders who have access to sensitive information. For example, an employee who steals customer data or changes master passwords, effectively shutting access to a network and its systems.

Code Injection Attacks: Code injection attacks involve adding malicious code to a legitimate program or website. Attackers may use code injection to steal data, cause damage to systems, or gain access to networks. An example of a code injection attack is a hacker adding malicious code to a website’s database.

Man-in-the-middle attacks: These attacks involve intercepting communication between two parties to steal information or alter messages. For example, a hacker could intercept a user’s login credentials while they’re logging into a website.

Social engineering attacks: These attacks involve using psychological manipulation to trick people into revealing sensitive information. For example, a hacker could pose as a technical support representative and convince a user to give them access to their computer.

IoT attacks: Internet of Things (IoT) devices, such as smart home devices, are vulnerable to attacks if they are not properly secured. An example of this is the Mirai botnet, which hijacked thousands of IoT devices to launch DDoS attacks.

Malware: Malware is malicious software that can infect your computer, smartphone, or other devices. It can steal information, delete files, or even take control of your device. Mydoom arguably had the most serious impact in history causing $38 billion worth of damages in 2004.

This is the reality we are living in. Organisations that adopt a ‘it won’t happen to us’ attitude are simply postponing the inevitable. Security is a cost but it is also an investment that is far less costly than dealing with a breach, loss of data and money.

How can you protect your business?

  1. Educate your employees: Train your employees on how to identify and respond to potential cyberattacks, such as phishing emails.
  2. Keep software up to date: Make sure all software and hardware are up to date with the latest security patches.
  3. Use strong passwords: Require employees to use strong, unique passwords and enable two-factor authentication where possible.
  4. Backup your data: Regularly back up your data to a secure, offsite location.
  5. Implement access controls: Restrict access to sensitive information to only those who need it.
  6. Monitor your systems: Regularly monitor your systems for unusual activity or potential security breaches.

Creating a strong security posture in your business is an investment that requires time and guidance. At BMIT, we can help your business take that important first step: assessing your cybersecurity readiness and the providing advice and a complete strategy on how to address any weaknesses and vulnerabilities in your enterprise IT setup.

Cyberthreats are constantly evolving. Assess, secure, and fortify your business today with BMIT.

SmartCity Malta: 2 March 2023 – BMIT Technologies, a leading Hybrid infrastructure and Cloud managed services provider, is proud to announce that it has become an Amazon Web Services (AWS) Partner. This new partnership will allow BMIT to offer expertise and services on top of the AWS cloud offering  to its clients, while also expanding its multi-cloud infrastructure offerings.

As an AWS Partner, BMIT can now provide clients with another Tier-1 cloud provider option and expertise when moving to the Cloud. Customers will now have access to the full suite of AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), and Amazon Relational Database Service (RDS), among others. With the power of AWS, clients can enjoy a fast, secure, and reliable cloud computing solutions.

In addition to offering AWS products and services, BMIT will also be expanding its multi-cloud infrastructure offerings. With expertise in AWS and Microsoft Azure, and other cloud technologies, BMIT can now help clients choose the best cloud solutions for their unique business needs. Whether it’s a single cloud provider or a hybrid/multi-cloud approach, BMIT can deliver and optimise a customised solution that maximises business operational resiliency and efficiency and optimise costs.

“Becoming an AWS Partner is an important milestone for our company,” said Christian Sammut, CEO of BMIT Technologies. “This partnership allows us to provide our clients with another advanced cloud technology in the market, while also expanding our multi-cloud offerings. We’re excited to help our clients achieve their business goals by leveraging the power of AWS and other cloud technologies as well as our years of expertise and experience in this field.”

With its new partnership with AWS, the company is now better positioned than ever to help clients accelerate and achieve their business goals by leveraging another advanced cloud technology in the market, a dedicated tech advisory service and excellent support and guidance.

Businesses face increasing challenges in keeping up with changing market demands as technology evolves at an unprecedented rate. To remain competitive and relevant, businesses must embrace innovation, adaptability, and scalability, all of which the hybrid IT model provides.

To provide a flexible and efficient computing environment, hybrid IT combines the strengths of on-premises infrastructure, public cloud services, and private cloud environments. It enables businesses to take the benefits of both cloud and on-premises resources while avoiding the disadvantages of each.

Here are some of the key benefits of hybrid IT

Increased Flexibility and Agility

Hybrid IT provides businesses with unparalleled flexibility and agility, allowing them to quickly adapt to changing market conditions. Businesses can use a hybrid IT model to dynamically allocate resources based on demand, ensuring that they have enough computing power to meet customer demands.

Improved Security and Compliance

Hybrid IT improves security and compliance by allowing businesses to deploy sensitive data and applications on-premises while leveraging the cloud's scalability and cost-effectiveness. This means that businesses can ensure the security of their critical data while also reaping the benefits of the cloud.

Better Cost Optimization

Hybrid IT enables businesses to reduce costs by using on-premises infrastructure for legacy applications and non-critical workloads and cloud services for more resource-intensive applications. Businesses can avoid the high costs of maintaining and upgrading their own infrastructure while still meeting their computing requirements.

Greater Control and Customization

Hybrid IT gives businesses more control over their computing environment and allows them to tailor it to their specific requirements. This means that businesses can tailor their computing resources to their specific needs, ensuring that they have the resources they need to meet their business objectives.

High-Availability

Hybrid IT enables organisations to ensure that their applications and IT systems are always available to users, even in the event of infrastructure failures, by leveraging the strengths of both public and private clouds. For example, an organisation can use the public cloud for backup and disaster recovery and the private cloud or on-premises infrastructure for mission-critical applications. Organisations can also use hybrid IT to distribute workloads across different infrastructures to ensure even higher availability to users.

At BMIT, we offer hybrid cloud solutions that can help businesses achieve their computing goals with ease. Our hybrid cloud services offer a wide range of benefits, including:

To summarise, hybrid IT provides several advantages for businesses seeking to remain competitive in today's fast-paced market. Businesses can achieve unparalleled flexibility, agility, and cost-effectiveness by combining the strengths of on-premises infrastructure and cloud services. BMIT provides hybrid cloud solutions to help you easily achieve your computing goals. To learn more, contact us today.

BMIT Technologies is a Microsoft Solutions Designated Partner in Infrastructure (Azure) and Modern Workplace. One of only two Maltese companies to have both designations.

SmartCity, Malta: 27 February 2023 – BMIT Technologies, a leading provider of infrastructure, Cloud, and managed services, is pleased to announce that it has achieved two important Microsoft Solutions Designations - Infrastructure (Azure) and Modern Workplace.

BMIT is one of only two Maltese companies that hold both designations, demonstrating our deep technical expertise and ability to provide innovative solutions that meet our clients' needs in today's fast-paced and rapidly changing business environment.

Achieving these designations is a testament to our team's dedication and hard work in delivering high-quality services to our clients and our long-standing commitment to providing our clients with expertise on the latest technology solutions and services.

For BMIT to attain these designations, the company had to validate its skills, capabilities, and experience driving customer success in specific Microsoft solution areas through technical certification, customer deployments and successful usage of services.

The Infrastructure (Azure) designation recognizes and continues to show our expertise in delivering Hybrid IT and Multi-Cloud solutions utilising Microsoft Azure services. Our team of certified professionals has extensive experience in designing, implementing, and managing Azure-based solutions that help our clients to optimise costs, improve operational efficiency and resiliency, and enhance security.

The Modern Workplace designation acknowledges our ability to provide cutting-edge workplace solutions that improve collaboration, productivity, and security. Our team has a deep understanding and experience of Microsoft 365, including Exchange, Teams, SharePoint, OneDrive, as well as identity and access management services that can help our clients optimise their workplace solutions to achieve their business objectives in a secure manner.

These designations allow us to identify BMIT as a Microsoft partner that has both the commitment to training and accreditation and has delivered solutions that lead to customer success.

“Our team is thrilled to have achieved these important designations from Microsoft,” said Nick Tonna, Chief Customer Officer at BMIT Technologies. “These designations validate our expertise in delivering innovative technology solutions that help our clients achieve their goals. We look forward to continuing to provide high-quality services and solutions to our clients, backed by our deep knowledge and experience in Microsoft technologies.”

For more information about our Infrastructure (Azure) and Modern Workplace solutions, visit our website.

Data storage and management are vital considerations in your business. Statistics show that by 2025, the total global data creation will be about 180 zettabytes. This figure increased significantly due to Covid-19 when the demand increased as more people worked and learned from home. Fortunately, cloud storage has become a life-saver regarding data storage and access in many businesses. At BMIT, we have solutions to challenges that come with high data volume. In this article, we shall look at four reasons you should consider these services in your company.

The Two Possible Solutions

Cloud Storage

Cloud storage is storing files and data, such as videos, photos, documents, and other media, on third-party digital or cloud servers.

Pros

Cons

Types of Cloud Storage Services

Data Center

You can create your centre to store data instead of relying on a cloud storage service provider. Nonetheless, this method can cost you substantial money and time.

Pros

Cons

Types of Data Centres

How Can BMIT Help Your Business?

Many business people don't understand where to begin when looking for virtual data storage service providers. BMIT leverages Microsoft Azure and VMware combined with top-notch expertise and professionalism to offer the best cloud file storage environment. You can then enjoy the best on-premise and cloud-based data storage from BMIT. Feel free to contact us today for the best cloud storage assistance.

The speed of regulatory change in the financial services sector is accelerating. These changes have had a huge impact on the financial services industry with several EU and local regulatory requirements for example from the MFSA coming into effect. In our discussions with our varied customer base compliance with regulations is becoming an ever-increasing area of concern. The MFSA for example have this year published that they will focus on more enforcement as a priority. There are also new regulations on the horizon in the form of the Digital Operational Resilience Act (DORA) which will enforce sweeping changes to the way that financial institutions in Malta will need to approach the way they look at cyber security.

Recent regulatory developments relating to technology risk impose various requirements for IT and cybersecurity risk management. These requirements raised relate to various areas of IT including:

As the use of IT in the financial industry accelerates alongside the increased regulation of IT use, it becomes increasingly difficult to apply outdated compliance methods to these systems. A great example of this is the adoption of cloud environments like Microsoft 365, Azure and AWS. How do you keep your data safe in the cloud? How do you stop data loss? How do you control the use of Shadow IT? These are all questions that the regulatory frameworks set out by the MFSA and other bodies aim to secure. Remember, whilst complying with regulations is a benefit in itself the effect of data loss can have a huge impact on your organisations reputation and reputation loss can be incredibly difficult to recover from.

What are the challenges with complex regulations, standards and guidelines? Looking at compliance requirements individually can make it difficult to implement solutions to cover all your regulatory requirements and quite often will result in conflicts of interest between relevant stakeholders. This can result in increased cost and complexity across the organisation. Compliance requirements need to be looked at holistically. Implementing too much change too aggressively will disrupt business activities.

We actively work with our customers to provide a timeline focused on Business Analysis leading on to the gradual adoption of your organisations IT compliance requirements. A plan for adoption also shows governing bodies that you are taking your cybersecurity and risk management seriously. IT security is an ever-evolving sphere of threats and new technologies. It is important to remember that your organisations security stance needs to reflect this; driving continuous improvement and yearly reviews is critical to keep on top of this ever-evolving landscape.

How can BMIT help?

Every client we work with requires different solutions. So, we tackle each need with our expertise in technology, business strategy and innovation.

We propose and develop intelligent, secure infrastructure solutions, help build your internal capabilities and identify opportunities to enhance your business potential through the application of innovative technologies. This ensures a greater level of business management and progression.

Want to learn more about the finance landscape regulatory tech requirements in Malta? Contact us and one of our experts will reach out and guide you accordingly.