29th May 2024 – Leading hybrid IT, cybersecurity and digital infrastructure services provider BMIT Technologies plc today reported its consolidated accounts for the financial year 2023. The company reported another strong financial performance and substantial investments in digital infrastructure.

BMIT’s results show a year-on-year increase of 11% in revenues, to €28.7 million, and earnings before tax, depreciation and amortisation (EBITDA) of €10 million. Profit before tax amounted to €7.7 million.

Speaking to shareholders at its annual general meeting, Chairman of the Board, Nikhil Patil described 2023 as a ‘game changing’ year for BMIT.

He spoke about the substantial investments being made and plans for future investments, describing the company as “a one-of-a-kind investment asset class in Malta for equity investors that provides growth and dividends at the same time”.

“I firmly believe that we are on the right path propelled by twin engines of growth - our hybrid IT and managed services vertical, as well as our digital infrastructure vertical. This will allow us to embrace new opportunities to continue creating long-term value for you, our shareholders,” Mr Patil said.

BMIT Technologies’ Chief Executive Officer, Christian Sammut, expressed satisfaction with the company’s progress despite market challenges and financial pressures.

“Technology is changing at a rapid pace and to remain at the forefront we need to adapt, change and renew our products and services if we want to be in a position to meet our clients’ needs. I am pleased to say that our plans are starting to bear fruit,” Ing Sammut said. Ing. Sammut also addressed the challenges of market size, technological changes, and pressure on margins, stating that the company is implementing a strategy for long-term growth. He highlighted last year’s €46.6 million acquisition of GO plc’s passive mobile infrastructure as a key initiative. Additionally, the company is investing in expanding its service offering and exploring new market opportunities in its main business areas.

He emphasised that through strategic investments, process improvements, and a focus on operational efficiencies, BMIT have “demonstrated our ability to adapt and thrive in a rapidly changing market”.

“Our transformation journey is not just about expanding services or upgrading systems; it is about shaping an identity that ensures competitiveness in a dynamic market. By investing in our digital infrastructure and adapting to new technologies, we are positioning ourselves to meet the evolving needs of our clients and secure our future in a competitive landscape.”

Looking ahead, Mr Sammut said: “We are building on what we achieved in 2023 and will continue to invest in our digital infrastructure and our portfolio to attract new opportunities and clients. I am convinced that through further strategic investments and product diversification we will ensure growth for years to come.”

The financial results for 2023 were approved by the board of directors and confirmed at this year’s Annual General Meeting, held on 29th May 2024. The board has also approved a net dividend of €5m, or 2c46 per share, with a scrip option.

The final dividend for the year ended 31st December 2023 will be paid on the 20th June 2024.

We'd like to take this opportunity to thank all of you who attended The Cybersecurity Imperative conference. Throughout the event we received a good number of insightful questions and we're pleased to be able to provide you with the detailed answers below!

Insp. Clive Brimmer

Q. A recently the court sentence found that a customer that fell for a fraud attack had the company impersonated responsable as well. Please elaborate.
A. While I cannot answer without the details and specifics of the case in point, in cases of online fraud, courts sometimes find both the deceived customer and the impersonated company responsible.

Q. How to start a career in your unit?
A. To join the Online Fraud Office, candidates must be sworn police officers and apply for vacancies as they arise. The Malta Police issue calls for applications based on need. While having a special interest, relevant education, and experience are advantageous, they are not mandatory. Individuals without these qualifications can still apply and will be considered through an interview process.

Q. Hi, I would love to hear more details about investigating ransomware attacks
A. These cases are considered cyber-dependent crime and such investigations are conducted by the Cyber-Crime Unit at the Police General Headquarters. My focus is on financial crime and cyber-enabled crime, where technology is used to deceive victims, resulting in financial losses to individuals or organisations. In the cases I handle, victims are deceived and subsequently, they voluntarily transfer funds to the perpetrators.

Q. What are the top 3 typologies related to business that are reported specifically in Malta and what is your practical advice from experience to mitigate them?
A. 1. BEC (Business Email Compromise)
2. Invoice Fraud
3. Investment Fraud

Practical advice: 1. Continuous education and awareness; 2. Strengthen internal controls; 3. Collaboration with authorities

Q. How many cyber crimes were solved/tracked ?
A. This question needs to be more specific for various reasons. The most powerful tool to combat online fraud is the prevention and the security measures. Currently there are yet undecided court cases which are available in the public domain and in the media. However, one needs to consider the issue of technical complexity, foreign jurisdictions, anonymity and lack of evidence, unreported cases, and legal and regulatory gaps. It is worth noting that global trends indicate a rise in cybercrime incidents, with many law enforcement agencies improving their capabilities to address these challenges​.

Q. How come with all the AML enforced on Banks they are not able to recover funds from their accounts or at least arrest the scammer who has access to their acc?
A. It is common for scammers to operate from abroad, placing them in foreign jurisdictions and complicating enforcement efforts. However, in Malta, we are encountering a high number of money mules who, either knowingly or not, transfer, accept, and withdraw funds obtained from victims. This method is typically used by scammers to bypass bank security measures and obscure the money trail.

Q. Are there any increases in crypto related scams?
A. Yes, there has been a noticeable increase in crypto-related scams, both globally and in Malta.

Q. In case of a security breach, we are instructed to contact the Cybercrime office. Should we update our procedures to contact the Online Fraud office?
A. There is no need as such, as the Cyber Crime unit would inform this office accordingly and it does depend on the case in question. If in this instance there is financial loss, for sure this office would be communicated. Thus, if the victim should feel the need to speak with the Online Fraud Office, we would be happy to assist.

Q. To Malta police: From the amount of cases which are received and investigated, how much of the amounts lost are retrieved? Maybe a percentage?
A. Unfortunately the percentage of retrieved funds is low compared with the total of funds being lost. However, this fact is attributed to two main issues:

1. Difficulty in tracing funds - Online fraudsters employ intricate techniques to hide stolen funds, complicating efforts by authorities and banks to trace and reclaim them. Money is passed and quickly transferred through multiple accounts in different jurisdictions.

2. Jurisdictional challenges - Cross-border online fraud complicates recovery due to jurisdictional hurdles, legal disparities, and lack of international cooperation among law enforcement agencies.

Christian Bajada

Q. Would DORA apply if a company does not have any virtual cards or physical cards and transfers are on an EMI application which only allows internal transfers?
A. As far as I know, DORA also applies for Electronic Money Institutions. The regulation allows for Proportionality in Art.4, so even if you are a licensed Electronic Money Institution, based on the volume and type of operation you may not be required to carry out the full implementation. Proportionality is ultimately to be decided by the Regulator (competent authority), so do make sure to clarify this with them.

Q. A compliance approach may not be best as it can leave gaps. If we take a security approach, we may miss certain parts of compliance. How do we balance this?
A. The parts we don’t like still need to be done but at least let us let the compliance standard teach us something, starting from (i) thinking about the problem that this compliance requirement is intended to solve. (ii) thinking about the risk of the problem affecting our business, and (iii) choosing the most effective and efficient way to deal with it. Even PCI-DSS which is one of the most prescriptive standards, still allows for a variety of ways that you can tackle these requirements. If the risk is low and such risk is the consensus of the organisation, then we may indeed adopt an approach that is less painful while still complying to the standard while getting something out of it.

For instance, for one small organisation I worked for in the past the compliance standard specified that encryption keys needed to be rotated without specifying the frequency. Most simply adhere to NIST SP 800-57’s part on ‘recommendation for key management’ religiously (being a cryptoperiod of two years max). I first looked into the ‘why’ of this requirement and found that it’s to limit exposure in case a key were to be divulged to an attacker. In my case these DEK (data encryption keys) were being decrypted via an HSM in a well-isolated environment whose access was split between two key personnel. It simply made no sense to have a key rotation process every two years considering that the data volume was also low and the custodians were still going to be the same guys. The key rotation exercise of re-encrypting everything, taking extra backups in case the process goes wrong etc was going to create a higher risk of leaving data around than having the DEK stolen.

In this case we discussed and documented the risk, including notes about the strength of encryption algorithm itself. That provided justification to extend the cryptoperiod to at least 5 years, and put a special policy provision to carry out the key rotation when a key personnel such as the DB Admin were to leave the company. All in all the discussion (essentially a risk assessment exercise), also allowed us to learn something more about the strength of the encryption that was used, and reliance we had on these key personnel. This was well documented, reasoned with references, and accepted by the auditor.

Cannot say that all experiences had a ‘happy’ ending like this one (and that all auditors are reasonable). But at least we strive to reduce security theatre as much as possible. Doing things just because they are mandated by a compliance standard without addressing an underlying risk becomes very demotivating to whoever is tasked with implementing it.

Q. We have talked about security procedures, policies and explored related case scenarios. Can we discuss security threats trends expected for the upcoming years ?
A. From an organised crime perspective, supply chain attacks are a very lucrative target for organised bad actors. I don’t think that the XZ Utils package will be the last time we hear about such attack methods and who knows how many compromised packages are running on our systems.

In the phishing world, Voice AI will undoubtedly become the tool of choice where many will be receiving robocalls with voices of persons they recognise.

Complexity in itself is also a threat. Products are increasingly becoming secure, more accessible and more featureful, but more complex. Cloud systems in particular are accessible to anyone and lead one to think that they are inherently secure since your emails, your files and your web application is running on a big-name cloud service provider. Due to the complexity involved engineers may set things up insecurely resulting in common situations such as open S3 buckets. We are also seeing cases where very useful features such as connecting OAuth applications are being exploited by actors such as Midnight Blizzard. These attacks are proven to be successful due to secure defaults which were once adequate but are no longer aligning to new attack vectors fast enough.

Finally, the Quantum computing threat to cryptography is something to keep on the radar, however I personally don’t think that SMEs and the public should be overly concerned as yet.

Q. How secure is using AI like ChatGTP, Gemini, Copilot ? Are we unknowingly giving away our data ?
A. The old adage that if “You are getting something for free, you are the product” also applies here. Short answer; definitely, yes. ChatGPT does collect data and up to a few months ago it was on by default to help improve the model. Meta uses public Instagram pictures to train their models. Some are trying to take different approaches such as Microsoft’s Copilot for business where the data of an organisation lives compartmentalised to that account. My opinion is that as AI progresses towards being more human-like in the way of ‘thinking’ and reasoning, guard rails are going to become more and more difficult to implement effectively. Therefore, just like it’s difficult for us to keep secrets when placed in certain situations, AI will still be cajoled into divulging sensitive information it learns along the way.

Dr. Ian Gauci

Q. How can small companies address all the legislation and directives, without investing thousands of euro? Does it need a specific employee to address each role?
A. Ideally one reviews the operative ambit and seeks advice of either specialised lawyers or people to guide the respective outfit to adopt the most appropriate compliance models.

Q. What about the NIS2 legislation which is coming soon but has not yet been transcripted in Malta? How to get a large company with multiple suppliers prepared?
A. The departure line is NIS1 which is already in place, NIS2 will increase its capture with new sectors as well as more regulatory capture. It will be transposed October 2024 and like in the previous reply would advise them to either assess themselves the potential capture and start preparing for the compliance or else seek some counsel. For the case at hand I would also recommend building up an inventory of all the contractual relationships with pertinent providers or suppliers, review of these and gap analyses with new obligations which might stem from NIS2 and plan a smooth transition to get all in line by the required date.

Brian Wagner

Q. How are RTO, RPO, MTPD different? How should these be measured?
A. RTO = Recovery Time Objective: the amount of time it takes for an application to become fully operational again

Measuring RTO can be accomplished in a few ways: amount of time a ticket spends in status (assuming there is a ticketing system in place), or a more exact measurement would be the timestamp delta in the monitoring logs (assuming there is monitoring in place). If considering the logs method (preferred), best to wait for a threshold of repeated status before declaring a change; you will want to wait for the “200 OK” (for example) 3 times in a row before declaring the system to be back online.

RPO = Recovery Point Objective: the amount of data that can be afforded to be lose in terms of time elapsed during a system outage

Almost exclusively related to data, this one should be measured by the latest timestamp found in the relevant data stores; sort by “modified_at” in descending order, limit 1. How long ago was that? There is your actual recovery point.

MTPD = Maximum Tolerable Period of Disruption: the maximum amount of time of an outage that is considered acceptable

This one is not really meant to be measured like the other two. It is a business level target metric set by the relevant stakeholders. The MTPD is often driven by business factors and closely related to SLAs that have been agreed upon by your customers. Even then, MTPD can be larger than your SLA commitment, but how long until customers really start making a fuss? Measuring MTPD is the same as RTO. Whether or not MTPD has been breached is a calculation of RTO > MTPD?

Q. You mentioned a 5 minute (or less) RTO, but what about the associated costs, especially with SMEs?
A. Costs will vary from stack to stack. Cloud-born server less stacks are much easier to implement sub 5-minute RTOs, however, even server’d stacks can achieve with the right investment in automation. There is, of course, the added cost of additional infrastructure, but this is a workload-by-workload consideration; not all applications need to be < 5 minute RTO. In fact, a good practice is tiering applications by criticality (business critical, mission critical, operational, administrative—in that order). Only a subset of applications will be business critical, and I would argue that the cost of the additional infrastructure (if required) is more than justifiable. In that case, it comes down to the discipline of an automation-first approach where anything being built—even once—should be built in a way which is repeatable. With the added capacity and the automation for reconstitution, recovery should be entirely automatic in the first place. All that is left to do is test it, then test it again, and again! I said during my presentation: “you won’t fear leg day when every day is leg day”.

Prof. André Xuereb

Q. So quantum encryption requires physical point to point link? Ie it is not an OTN function.
A. Yes. Quantum key distribution is something that happens at the physical (i.e., hardware / optical) level and therefore requires the use of a physical connection. One cannot emulate this in software, although in PRISM we are deploying such links over the existing telecoms network.

Leading cloud, infrastructure, and cybersecurity provider BMIT Technologies has reported record-breaking revenues for 2023.

In announcing its financial results for the fiscal year ended 31st December 2023, the company said that revenues had increased by almost €2.9 million to €28.7 million, up by 11% over the previous year.

Notably, revenue from cloud and managed IT services experienced significant growth, with cloud revenue up by 38% year-on-year and managed services by 22%, and an increase in annual commitments from customers.

During 2023, BMIT Technologies also completed the acquisition of GO plc’s nationwide passive mobile infrastructure, with an investment of €46.6 million. This acquisition allowed the company to create a new tower operations business segment, which segment is expected to enhance revenue streams and strengthen the overall EBITDA margin in the coming years.

Whilst the initial financial impact of the new Towers Operations business was reflected in the reported figures, the performance of this operation is expected to improve the overall company’s profitability in the following years, strengthening BMIT’s resilience across its business segments.

BMIT said the financial results also reflected prudent cost management strategies, with cost of sales and administrative expenses increasing to €20.7 million, primarily attributed to investments in infrastructure, systems, processes, and personnel. Despite these investments, the company maintained a stable EBITDA of slightly over €10 million. Profit before tax amounted to €7.7 million, a decrease of 8% over 2022, primarily a result of acquisition costs related to the tower operations investment and an evolving technology portfolio.

The acquisition of the nationwide passive mobile infrastructure had a substantial impact on the Group's assets and liabilities. Non-current assets surged to €64.7 million, compared to €16.6 million in 2022. Total liabilities increased to €69.9 million, primarily due to borrowings to finance such acquisition.

BMIT announced that the board of directors is recommending a dividend payment of €0.02456 per share after tax, resulting in a total net dividend payment of €5 million.

Shareholders will have the option to receive the dividend either in cash or new ordinary shares.

Reflecting on the financial performance of the company, Christian Sammut, BMIT Technologies plc CEO stated: “We are pleased with the solid growth trajectory demonstrated by the company, underpinned by our strategic investments in critical infrastructure and commitment to delivering innovative solutions to our customers. While we registered record-breaking revenue in 2023, we are taking the necessary steps to minimise the impact of a changing market on our margins. That said, we remain focused on driving sustainable growth, enhancing operational efficiency, and delivering value to shareholders.”

“Our vision is clear – to be a leading digital infrastructure and managed IT services provider operating mission critical infrastructure and offering hybrid IT and cybersecurity solutions to an enhanced customer base. With a strategic mindset and organisational adaptability, we are well-prepared to turn challenges into opportunities for continued progress”, concluded Ing. Sammut.

About BMIT Technologies

BMIT Technologies is a technology company providing digital infrastructure, including tower operations and datacentre services, hybrid cloud solutions, implementation, and managed services. The company specialises in designing, building, modernising, and managing the systems that clients rely on for growth, security, and success.

With two data centres in Malta and a presence in Italy and Germany, BMIT Technologies offers a comprehensive suite of services. Additionally, the company manages its own public cloud infrastructure and operates a highly resilient and secure private network spanning four countries. The company's tower operations arm focuses on passive digital infrastructure, providing essential support for telecommunications networks.

Backed by a robust and trusted organisation, best-in-class infrastructure, and a talented team of experts across various technology platforms, BMIT Technologies delivers unparalleled technology solutions to businesses.

For more information, please contact:

Jack Mizzi
Chief Marketing Officer
BMIT Technologies plc
David Kelleher
Strategic Marketing Specialist
BMIT Technologies plc

BMIT Ltd recently received SOC 2 Type 1 attestation. Dione Vella, Chief Digital and Compliance Officer explains why this is an important achievement for the company. He was talking to David Kelleher

What does achieving SOC 2 Type 1 attestation mean for BMIT? 

The SOC 2 (Service Organisation Control 2) or ISAE 3000 report is a widely recognised attestation that organisations work towards to show they securely manage and protect their infrastructures. The Type 1 designation specifically attests that BMIT has implemented the necessary controls to meet the highly stringent criteria of the SOC 2 framework. The company has undergone rigorous third-party scrutiny to validate the implementation of controls to mitigate the risks associated with information security and availability risks. 

How does SOC 2 Type 1 compliance benefit clients and partners? 

In addition to our existing ISO27001 and PCI DSS, it provides further assurance to our clients and partners that we take the security of their infrastructure seriously. This attestation builds trust and strengthens our relationships with stakeholders.  

Moreover and also very important to mention, having such attestation in place means that, BMIT is already geared up to help customers planning to expand their business to other markets where regulatory requirements demand for such assurance   

What specific steps did the company take to achieve SOC 2 Type 1 attestation? 

It is a comprehensive process. Building on top of our existing ISMS, we conducted a thorough assessment of our information security policies and practices, identified further areas for improvement, and implemented identified controls. The attestation process then included an independent audit by a qualified third-party assessor to validate that the controls were implemented correctly and in line with the criteria required by SOC 2. 

How does SOC 2 fit into BMIT’s broader cybersecurity strategy? 

As already mentioned, SOC 2 is one of several compliance programmes that make up our overall cybersecurity and data management strategy. It serves as a baseline for our commitment to security and data protection. Going forward, we will continue to enhance and evolve our security measures to meet the changing landscape of cybersecurity threats, ensuring that our clients and partners can trust us with their sensitive information. 

BMIT already has the ISO 27001 certification. Why SOC2? 

SOC 2 Type 1 attestation and ISO 27001 certification are both frameworks related to information security, but they differ in scope and focus. SOC 2 Type 1 attestation assesses the design and implementation of security controls at a specific point in time, providing assurance that BMIT’s systems meet predefined criteria. 

On the other hand, ISO 27001 is a broader international standard that outlines a comprehensive Information Security Management System (ISMS). Achieving ISO 27001 certification involves implementing a systematic approach to managing sensitive information, emphasising risk management, continual improvement, and a holistic security framework. 

While SOC 2 Type 1 offers a snapshot of controls, ISO 27001 requires a more ongoing, strategic commitment to information security, making it suitable for organisations seeking a comprehensive and internationally recognized approach to safeguarding their information assets. 

From our experience, many customers look at both ISO and SOC2 as important standards that every service provider they work with must have. For some entities, particularly those working in the US region, SOC2 carries more weight. It is not a question of which is better but whether either one fulfils the customer’s criteria.  

I strongly believe that both give us a competitive edge and truly strengthen our position in the market. 

What's next for the company in terms of information security and compliance? 

There’s never a dull moment. Over the past couple of years, the European Union has put harmonisation as a key priority among the 27 member states. NIS 2, for example, comes into force in 2024, followed by DORA in 2025. While there is still work to be done, ISO and SOC2 form the basis of a lot of what may be required of us as a service provider. 

What is important, however, irrespective of what standard or regulation we are looking at, is that we maintain a continuous improvement approach. This involves regular assessments and updates to our security measures and controls, adopting best practices, and investing as needed in tools and resources. 

10th May 2023 – Leading cloud, infrastructure and tech advisory services provider BMIT Technologies plc today reported its consolidated accounts for the financial year 2022. Despite a challenging environment, BMIT Technologies demonstrated resilience and achieved strong financial results. 

BMIT’s results show a year-on-year increase of almost 2% in revenues, to €25.8 million, and earnings before tax, depreciation and amortisation (EBITDA) of €10.7 million. 

"Our performance in 2022 is a result of the strategy we have embarked upon over these last couple of years," said Christian Sammut, CEO of BMIT Technologies plc. "We navigated a challenging economic environment and made many changes in how we operate and enhanced our portfolio to achieve healthy growth and results." 

BMIT Technologies has been on a journey of transformation, meeting the ever-changing IT demands of businesses and diversifying its product portfolio. The journey began in 2022, and the company is now seeing the results of its efforts. 

"Our diversification of portfolio, new services in cybersecurity and modern work, and tech advisory are the foundations of future growth," Sammut added. "We will continue to build on the company's core infrastructure services and expertise to ensure we remain at the forefront of our industry." 

BMIT Technologies has invested heavily in developing new tech resilience solutions. They have also increased the number of cybersecurity services we offer as these are in high demand due to the increase in cyber threats. The company's modern work and tech advisory services are also in demand as businesses seek to adapt to the changing work environment. 

"We are committed to supporting our clients in their digital transformation journey, and we are pleased to see the positive results of our efforts," said Sammut. "Our team is focused on driving growth and delivering value to our shareholders." 

The financial results for 2022 were approved by the board of directors and confirmed at this year’s Annual General Meeting, held on 10th May 2023. The board has also approved a dividend of €5m, or 2c46 per share. 

The final dividend for the year ended 31st December 2022 will be paid on the 12th May 2023. 

About BMIT Technologies plc 

BMIT Technologies plc is a multi-million euro technology company providing infrastructure, hybrid cloud solutions, and advisory, implementation, and management services. The company helps design, build, modernise and manage the systems that clients rely on for growth, security, and success. By applying their extensive expertise, experience, and excellence they enhance customer experience, provide true value and increase efficiency. Backed by a robust and trusted organisation, best-in-class infrastructure and a talented team of experts across various technology platforms, BMIT Technologies offers an unparalleled technology experience to any business.  

In today’s digital landscape, your business relies on technology for your operations and growth. This reliance on technology means that your business is a target for cybercriminals. Investing in cybersecurity is your insurance against becoming a victim of a costly breach or worse. 

According to Kaspersky and B2B International, the average cost of a SMB breach, depending on the type and scale, is $140,000. That financial cost can be a huge blow for a business, especially if they do not have cybersecurity insurance. 

The financial impact of a security breach is not the only reason why you should invest in cybersecurity. 

Here another 7 reasons. 

  1. Cyberattacks are on the rise 

Cybercriminals do not discriminate. Every business and organisation is a fair target. SMBs are easier targets because malicious actors know the measures in place are not sufficient to cover every attack vector. It’s not ‘if’ but ‘when’ a business will become a target. 

  1. Cost and reputation 

These go hand in hand. Security breaches and data loss are costly and hit your profitability. The business’s reputation will suffer as well, sometimes irreparably. For example, companies like Facebook, Adidas and Ticketmaster all suffered significant brand damage after breaches. 

  1. Customer trust 

Your customers and stakeholders expect you to take data privacy seriously and protect their sensitive information. When you invest in cybersecurity, you demonstrate to them that you prioritise their privacy and take steps to protect their data. This commitment can help build trust and enhance your business’s image and goodwill. Customers will also be more willing to do business with you. 

  1. Data protection 

Data is the lifeblood of your business. Cybercriminals are using sophisticated and persistent attacks to steal sensitive data, disrupt operation, and extort money from business. Protecting data from unauthorised access, theft, alteration, or destruction, should be your #1 priority. 

  1. Compliance 

Investing in cybersecurity is often a compliance requirement in certain industries, with hefty fines imposed for breaches and legal consequences. Always remember that it takes only one breach or attack to force a company out of business. 

  1. Business continuity 

A successful attack can disrupt your business’s operations, causing significant downtime and financial losses. By investing in cybersecurity measures, such as backup and disaster recovery systems, you can be back up in running in a matter of hours rather than days or weeks, if at all. With the right measures, you ensure business continuity in the event of an attack, faster recovery times, and a much reduced impact on operations. 

  1. Internal benefits 

Investing in cybersecurity has other benefits that may not be immediately obvious to the business. When you invest in new technologies, you have an opportunity to review business processes, company policies and improve how you do business in general. You also get to implement technologies that may boost customer interaction and satisfaction. 

Cybersecurity is a vital investment for any business that wants to survive and thrive in the digital age. By investing in cybersecurity, you can protect your business’s data, systems, networks, devices, programs, and reputation from cyber threats.  

Businesses of all sizes and sectors should adopt a proactive and comprehensive approach to cybersecurity and implement the best practices and solutions that suit their needs and goals. 

Dear Customers,

Following our last communication on the subject, at BMIT Technologies plc, we continue to monitor the situation and we are continuously taking actions in line with our business continuity plans, company health and safety policy and any recommendations issued by the Malta Public Health authorities.

In view of the easement of restrictions related to COVID-19 in Malta, and in line with recommendations from the Malta Public Health authorities, BMIT Technologies plc is now officially removing all restrictions introduced in relation to COVID-19.

We greatly appreciate your understanding and cooperation throughout this current situation. Please visit our COVID-19 page for the latest information.

On October 4, 2021, the social media giant Facebook, along with its services Instagram and WhatsApp, experienced a major outage that lasted several hours, sending both social media enthusiasts and, more importantly, businesses relying on social media into a state of panic. “Was it a malicious hacker attack? Is Facebook down for good?”

The truth turned out to be much less dramatic than the speculations. These few precious hours, which cost thousands of businesses millions of dollars, were lost because of a minor human error and the fragility of the Internet as a whole. Because, despite the fact we see it as powerful and unbreakable, the Internet is truly very, very delicate.

To understand what happened, we would like to simplify a bit and try to compare the Internet to something that you might find much easier to understand – the Maltese road system.

The Internet of Malta

The Internet could be compared to Malta’s towns. Every Internet service provider and every major enterprise, such as Facebook, is like a separate town. They have their own internal network of roads that they know well and they have bypasses and smaller roads that connect them to their neighbours. Luckily, we all have Google Maps, or even physical maps and our own human memory, that help us navigate and for example, easily find the best way to get from L-Imtarfa to Marsaxlokk.

However, imagine that there is no Google Maps and you can’t even get a physical map at a shop. There are no road signs that show directions. And imagine that for every trip, every driver starts fresh and remembers nothing about their previous routes. How would such drivers be able to find their way? If they tried doing it by pure chance, they would be stuck forever in endless loops and never get to their destination.

To make connections between towns and villages possible, imagine that every local council communicated with their direct neighbours daily (or even more often) and told them of any new roads built, any construction on existing roads, basically showing them the best ways to get through the town. Each road in the town would have a certain value assigned to it, which would represent how wide the road is, what is the quality of the tarmac, and how jammed it is in the rush hour. And all this information would be freely available at any time to any driver directly from the originating local council.

With such a system, someone making their way from L-Imtarfa to Marsaxlokk would go to the Mtarfa local council and pick up the current information about the best route to Marsaxlokk. This route would be based on information received from Rabat, which in turn Rabat received from Iż-Żebbuġ and other direct connections, etc.

The Village That Disappeared

Now, imagine if the Marsaxlokk local council made a mistake and on October 4, 2021, during a routine update of the routes, they sent out information to their neighbours that due to road construction, to get to Marsaxlokk, you have to turn around at the Triq Iż-Żejtun roundabout, and that the best route is through Triq Iż-Żejtun (not via Qajjenza). This would effectively send every single car going to Marsaxlokk from Żejtun back on its way to Żejtun in an endless loop.

This wrong information would then be propagated from Żejtun to Żabbar, from Żabbar to Raħal Ġdid, making its way almost instantaneously through all of Malta. And from this moment on, Marsaxlokk would effectively disappear. Cars coming from Marsaxlokk to other towns would of course find their way out (cause other towns made no mistakes in their routing) but no incoming traffic would be possible because every car would be directed to Triq Iż-Żejtun and then turned around at the roundabout.

This would, of course, be noticed immediately by the Marsaxlokk local council. However, imagine that John, the person who had the key to the Marsaxlokk local council, went out to eat dinner in Birgu and left Marsaxlokk with the key. And nobody else in Marsaxlokk would have the key to the local council building. John would be unable to return to Marsaxlokk to correct his mistake until some kind of an emergency “hack” was made – either someone would pick the lock or John would walk back to Marsaxlokk instead of driving a car.

Small Error, Big Price

This is exactly what, supposedly, happened to Facebook on October 4, 2021. During a routine update of BGP information (Border Gateway Protocol), which was then sent to all the neighbours of the Facebook internal network, someone made a mistake in the routing tables. As a result, no packets were able to reach the Facebook network from the outside. And the people with physical access to the network did not have the access rights to send a corrected update – the mistake effectively shut out those who would be able to correct it.

This small error is not that uncommon, situations like this have happened before and they keep reminding us that the Internet is, in reality, very fragile. One wrong number and you’re cut off. What we are hoping is that this helps you appreciate all the hard work that Internet service providers and enterprise network administrators are doing every day, under a lot of pressure, to make sure that you can maintain your e-business or spend leisure time online.

The Malta Chamber of Commerce, Enterprise and Industry has signed a Bronze Collaboration Agreement with BMIT Technologies plc. The agreement will pair BMIT Technologies with The Malta Chamber’s Digital Transformation Committee which will provide awareness to the business community in areas related to data economy, cyber security and digital skills amongst others.

“As a Chamber of Commerce, we fully promote the need for smart investment in digitalisation, innovation and research in support of the business community at large. Through this signing, The Malta Chamber is once again strengthening its resources by collaborating with national business champions such as BMIT Technologies to be more effective to the needs of the country more than ever before. We are eager to support our membership with the inevitable ‘techceleration’ in a robust and resilient manner” noted The Chamber President, Perit David Xuereb.

Ing. Christian Sammut, BMIT Technologies CEO, said “We are excited to be partnering with The Malta Chamber and support the digital transformation initiative being launched. . We look forward to contribute our expertise and resources through streering the Digital Transformation committee and play a leading rolein rendering Malta a better place to do business and in so doing generating better lives for its people. Our vision of harnessing technology to power businesses fits perfectly in this initiative”.

Through this signing, BMIT Technologies plc will be supporting the Digital Transformation Committee to raise awareness among companies of disruptive technologies. Moreover, this collaboration will allow our Digital Transformation committee to formulate policy positions for a sustainable economic future that is transforming our economy in a rapid manner.

The Memorandum of Understanding was signed by Perit David Xuereb and Ms Marisa Xuereb as President and Deputy President of The Malta Chamber, respectively, and Ing. Christian Sammut, CEO at BMIT Technologies plc.

11th March 2021 - While 2020 will go down as one of the most challenging years in recent memory, it has nonetheless proved to be another successful year for BMIT Technologies plc, the premier provider of secure and reliable technology solutions, as it reported strong results for the year.

These results are reflected in a company announcement that its board of directors is recommending annual dividends of €5.95 million for the financial year ending 2020, or almost €0.03 per share (€0.02922), 22% higher than the projected net dividend of €0.024 per share at the time of Initial Public Offering.

Earlier this week, BMIT Technologies also published its 2020 financial results, showing a year-on-year increase of 6.9% in revenues to €24 million, with the main drivers for this growth being a greater demand for cloud and managed connectivity services.  EBITDA rose by 5% to €10.5 million, whilst operating profit surged by over 8% to €7.9 million.

This year’s dividend to shareholders is our best one since our initial public offering in 2019, and exceeds the targets we set in our IPO”, said Nikhil Patil, Chairman of BMIT Technologies plc. “The Group’s positive performance ties in with the elevated levels of investment we are making in our strategic growth priorities and reflecting our confidence in our ability to create long-term value for our shareholders,” Mr Patil said.

“Our financial performance reflects the efforts we are making across our main service pillars, including our datacentre and cloud services. This will allow us to strengthen our offering further in the coming years as we continue to pursue a well-managed investment programme to help achieve sustainable business growth and long-term return to our shareholders,” added Ing Christian Sammut, BMIT Technologies’ CEO.

The final dividend for the year ended 31st December 2020 will be paid on the 28th May 2021 to all shareholders who are on the shareholders’ register of Monday 26th April 2021. The Annual General Meeting will be held remotely on Wednesday 26th May 2021.

Our purpose as BMIT Technologies is to power businesses to achieve their desired outcomes through harnessing technology. BMIT Technologies has a clear objective to deliver technological solutions in a straightforward manner, through a team of passionate people who understand technology yet are able to deliver it in a simplified way.  We are aware that every client we work with requires different solutions. So, at BMIT Technologies, we tackle each need with our expertise in technology, business strategy and innovation, by developing intelligent, secure infrastructure solutions and identifying opportunities to enhance business potential through the application of innovative technologies.