The Cybersecurity Imperative – Reframing ‘Secure Enough’

It was a packed room at BMIT’s The Cybersecurity Imperative 2025 event, which brought together security professionals, business leaders, and technologists for a morning of practical insights and honest reflection. Now in its third year, this edition tackled a question that seems straightforward but remains challenging: what does ‘secure enough’ really mean?

The keynote from Dr Gege Gatt, CEO of London-based EBO.ai, set the stage by exploring how leadership needs to evolve to make better use of AI and emerging technologies. He stressed that genuine competitive advantage isn't about reacting to disruption but proactively preparing for it. Gege illustrated clearly how the most successful companies reshape their approach to leadership, build adaptability into their culture, and embed AI into their core strategies.

Back to basics

Patrick Camilleri, CEO of 56Bit, followed by reinforcing that despite significant advancements in cybersecurity tools and techniques, organisations still regularly stumble over fundamental practices. He pointed out common mistakes like poorly configured cloud environments, weak identity controls, and insufficient monitoring. Rather than chasing the latest, most sophisticated technologies, Patrick emphasised the importance of consistently addressing these basics as the foundation of genuine resilience.

Nicolas Yiallouros from Microsoft provided perspective on the rapidly growing threat landscape, particularly around identity-based attacks. He explained why relying only on multifactor authentication is no longer enough and introduced how Microsoft Entra helps organisations build a robust Zero Trust approach. Nicolas also highlighted how AI is changing identity protection and administration.

Accountablity & Ownership

In another critical session, Cyrille Aubergier, a Senior GRC specialist at BMIT, detailed a deepfake-driven social engineering attack that cost a company $25 million. His analysis revealed worrying gaps in accountability across IT, HR, finance, and security teams, highlighting structural weaknesses in roles and responsibilities. Rather than offering easy fixes, Cyrille made a strong case for rethinking internal accountability and risk ownership to better face today's cyber threats.

Sean Cohen’s presentation offered a stark illustration of how basic security measures can sometimes create an illusion of safety. Using a simulated attack chain beginning from a seemingly harmless software download, he showed just how swiftly ransomware can compromise an entire organisation. Real-world cases, such as the Colonial Pipeline incident and Costa Rica’s government breach, reinforced his point that vulnerabilities often exist in overlooked areas or in decisions made without proper scrutiny.

The human element

Ekaterina Mayorova, a technologist specialising in cyberpsychology, introduced an important human-focused dimension to the discussions. She delved into how cognitive biases, manipulation tactics, and the nature of online interactions significantly increase user vulnerabilities. Her session highlighted the necessity of understanding human behaviour and psychology as essential parts of effective cybersecurity strategies.

Christian Bajada, Head of Information Security at BMIT, then brought attention to everyday operational issues that allow basic security gaps to persist. He cited practical examples like inconsistent verification of remote workers, slow adoption of modern authentication methods like passkeys, and the overreliance on MFA. Christian argued that organisations frequently become stuck in awareness without taking meaningful steps forward, using current threats like Silver Terrier and adversary-in-the-middle attacks to illustrate his point. He urged organisations to move beyond discussions and start implementing proactive measures.

Can you ever be 'secure enough'?

The fireside chat moderated by BMIT’s CMO, Jack Mizzi, provided valuable real-world insights from Kenneth Ciangura (GO), David Vassallo (Cybersift), and Matthew Sciberras (Invicti). They discussed how organisations define and achieve ‘secure enough’ when threats evolve faster than security policies. The panel agreed that being ‘secure enough’ isn't static but constantly shifting, influenced heavily by organisational culture, context, and capabilities.

Finally, Vanessa Psaila, Head of Sales at BMIT, concluded the event by summarising key takeaways and announcing the launch of three new solutions designed to help businesses approach cybersecurity with a clear, structured plan to build resilience.