‘This is true one-touch implementation designed with SMEs in mind’ – Roderick Farrugia, CIO, Melita Limited

In an era where digital transformation is at the forefront of business operations, cybersecurity has emerged as a critical concern for organisations everywhere. One of the notable triggers to cybercrime’s explosion is the even wider ‘attack surface’ made available by the rise of remote working and increased number of devices per employee, a problem within companies of all shapes and sizes.

SMEs can make particularly attractive targets in the eyes of cybercriminals, given several potentially exploitable areas of vulnerability. These can include their supply chain access to larger corporations, insufficient compliance with regulation and the weak security of their third-party vendors. This situation is compounded by the often limited resources and expertise of SMEs (compared with larger corporations) to understand and implement robust security measures. To delve deeper into this issue, we asked Roderick Farrugia, Chief Information Officer of Melita Limited, about the current cybersecurity landscape, the specific primary threats faced by SMEs as well as Melita’s recommendations for addressing these potential threats.

With over 20 years of experience in telecommunications and enterprise software development, Mr Farrugia holds an interest in AI, machine learning, big data and statistics, secure software design and cryptography. Involved in an extensive gamut of technology-related disciplines since joining Melita in 2008, he has acquired a deep understanding of the cybersecurity challenges that businesses can encounter. During his seven years as Head of Software Development and Reporting, Mr Farrugia led data engineering teams in business process automation, system integrations, data migrations and BSS and self-care systems development projects. In 2023, he was appointed as Chief Information Officer, overseeing IT infrastructure, information security, business intelligence, data engineering, DevOps, software development, billing and CRM teams.

Before breaking down the five biggest threats to today’s SMEs, Mr Farrugia emphasises that “cybersecurity threats are evolving at an unprecedented pace, with attacks becoming more sophisticated and frequent in nature”. Phishing is one of the most virulent forms of threat, demonstrating cybercriminals’ persistence and cleverness in their use of social engineering tactics to “impersonate legitimate contacts” and “trick company employees into revealing sensitive information or downloading malicious software”.

Addressing ransomware (malicious software used to encrypt company data, with restored access only being possible via a ransom payment), Melita’s CIO is clear about its ability to “cripple a business, halting operations and potentially leading to significant financial losses”.

Third on the list, data breaches are another area of major concern. “Unauthorised access to sensitive data often leads to theft of personal information, intellectual property, or financial details” causing reputational and financial damage, the severity of which cannot be overstated.

Next are insider threats (risks posed by individuals within the organisation). Such threats “can be intentional or unintentional, making them particularly challenging to manage,” Mr Farrugia warns.

Fifth, DDoS (Distributed Denial of Service) attacks overwhelm systems with a flood of internet traffic, disrupting service. “Such attacks can bring business operations to a standstill, impacting customer trust and revenue.”

Addressing the cybersecurity measures that can be taken by SMEs to mitigate the impending risk of the above threats, Mr Farrugia emphasises a multi-faceted approach. Firstly, education and training are crucial, he asserts. “By strengthening company-wide awareness of safe internet practices, including recognising phishing attempts, risks can be significantly reduced”.

Implementing strong access controls is another key recommendation. “Using multi-factor authentication, as well as ensuring that employees only have access to data required by their roles, can also help protect against breaches.”

Maintaining up-to-date software (often the Achilles heel of smaller businesses) and patch management are also critical in helping to lower vulnerability levels.

Rigorous data backup processes are the fourth core component of a solid cybersecurity strategy. “Regularly backed up data can prevent loss in case of ransomware attacks or other breaches.”

Lastly, the implementation of “comprehensive monitoring and response systems to detect, alert and respond to potential security threats in real-time” are vital to maintaining security.

So how can Malta’s largest telecoms and internet services provider help the typical SME infrastructure with the – at times daunting – task of understanding and choosing relevant cybersecurity measures? Leading a team of experts responsible for building Melita’s robust cybersecurity solutions, Mr Farrugia explains how the below solutions are “really designed with SMEs in mind”. “Implementation has been reduced to the simplest form of getting a link and installing it”, making this “one touch implementation practical even for businesses with no dedicated IT or cybersecurity resources”. In the case of SMEs in regulated industries and/or others with more complex cyber security needs, Melita’s specialists work hand in hand with the client’s in-house or outsourced IT team or system integrator.

Melita’s available cybersecurity solutions can be summarised as follows:

Extended Detection & Response is ideal for customers new to cybersecurity and enables faster threat detection, simpler investigation and quicker response. These combine to help reduce the risk of significant operational damage from threats or attacks. XDR offers zero-touch deployment and collects data from customer endpoints without requiring third-party integrations. This easy-to-use, cloud-native platform leverages the latest tools and the speed of Google Cloud to provide efficient security management. Its straightforward pricing model, based on the number of devices protected, makes XDR a scalable and accessible solution for any-sized business.

Managed Detection & Response is built for customers looking to integrate all their IT-architecture assets into a single platform. Using a cloud-native platform that harnesses the speed of Google Cloud and the latest cybersecurity tools, MDR gathers data from customer endpoints, on-premises hardware and public cloud environments. This service features best-in-class automated response capabilities with options for customers to create their own rules, meticulously forwarded alert resolutions and readily available support from Melita. Offering customised options for different business needs and sizes, MDR’s pricing is flexible.

Both XDR and MDR are designed to enable businesses – regardless of their size or stage in the cybersecurity lifecycle – to deploy advanced security measures effectively and affordably.

Next, Melita’s enhanced Cloud Backup Solutions ensure that data is automatically backed up and securely stored off-site in a local, fully encrypted and EU/Malta DPR-compliant facility. Harnessing the power of Veeam Cloud Connect, integrated with Melita’s carrier-grade Smart Cloud infrastructure, this service provides flexible and cost-effective object storage to prevent data loss from ransomware, natural disasters, and accidental deletions. It also provides businesses with quick access to their safely managed critical data. Cloud Backup securely backs up Virtual Machines from environments including private clouds, Amazon Web Services or Microsoft Azure as well as data from physical servers and workstations. The service includes options specifically for businesses using Microsoft’s 365 suite.

Finally, DDoS Protection & Mitigation is an advanced service that protects against large-scale attacks by weeding out attack traffic and allowing legitimate traffic through. For this, Melita collaborates with Arelion, one of the largest global carriers renowned for its enterprise-grade cybersecurity services. Arelion’s approach includes multiple layers of defence, such as enhanced network routing, rate limiting and filtering, complemented by advanced detection and mitigation technologies at global scrubbing centres. Customer traffic is directed through Arelion’s global infrastructure to scrubbing centres where attack traffic is filtered out and cleansed traffic is subsequently routed back to the customer through a dedicated Melita Business internet connection. This carrier-agnostic service is informed by robust threat intelligence, ensuring that it remains effective against the most current DDoS tactics and strategies and helps businesses maintain continuous internet connectivity and sustain critical applications live and operational.

The digital age has been an undeniable liberator for commerce and a catalyst for exponential growth in ways previously impossible and unimaginable. It has also, however, presented a major obstacle for businesses, exposing them to dangers and threats previously not in existence. Mr Farrugia’s recommendations for addressing potential threats, plus insights into Melita’s bespoke solutions and proactive support, can help SMEs strengthen their cybersecurity in a manageable and effective way. Through a willingness to prioritise employee education and implement adequate, business-appropriate security measures, SMEs can safeguard their operations against the ever-evolving menace of cyber threats.