Blog

A security policy is a formal set of rules that defines how your organisation protects its information assets and systems. It outlines the necessary actions to prevent unauthorised access, use, disclosure, modification, or destruction of data and infrastructure. If your business handles sensitive data - such as customer information, financial records, intellectual property, or confidential […]

Q: What is cloud security? A: Cloud security is a combination of technologies, policies, processes, and user education designed to protect data, applications, and systems operating in a cloud environment. Just as you wouldn’t leave your wallet or purse unattended in a busy public space, you should not leave your digital assets unattended. Effective cloud […]

Cybersecurity challenges are a reality everywhere. They are immediate, and they are affecting organisations of every size and type. Whether you are running a public authority, managing a growing business, or supporting national infrastructure, the threat landscape is shifting. Attacks are becoming more frequent, more sophisticated, and more disruptive. This is a shared reality. Whether […]

Phishing attacks show no sign of abating and continue to be one of the most pervasive and damaging. Despite new technologies, training and awareness programmes, phishing persists, targeting the most vulnerable element in any security infrastructure: human judgment.  In the Email Security Risk Report 2024 by Egress, nine in 10 organisations said they were the victims of […]

Multi-Factor Authentication (MFA) is a powerful security tool that significantly reduces the risk of unauthorised access and protects an organisation’s digital assets and sensitive information. According to Microsoft, more than 99.9% of all compromised accounts do not have MFA enabled. Adoption figures vary according to company size, with larger organisations more likely to have implemented […]

A lot has changed since the first Cybersecurity Awareness Month initiative began in 2004. The pervasive adoption of technology has been matched by an exponential increase in the number of cyber threats and attacks. Every day we come across new and sophisticated threats. The theme “Secure Our World”, highlights the pressing need for organisations to […]

Microsoft Copilot for Security is an AI-driven tool integrated with Microsoft 365, aimed at enhancing the capabilities of security professionals. Leveraging advanced machine learning models and the vast data resources of the Microsoft Graph, Copilot assists in detecting, investigating, and responding to threats more efficiently and effectively. Key Features Automated Threat Detection and Response Copilot […]

As cyber threats become more sophisticated and frequent, the Digital Operational Resilience Act (DORA) represents a critical step forward in fortifying the financial sector against digital disruptions. Understanding DORA and Its Implications DORA, which will be enforced as of January 2025, aims to enhance the digital operational resilience of financial entities within the EU. It […]

BMIT Ltd recently received SOC 2 Type 1 attestation. Dione Vella, Chief Digital and Compliance Officer explains why this is an important achievement for the company. He was talking to David Kelleher.  What does achieving SOC 2 Type 1 attestation mean for BMIT?  The SOC 2 (Service Organisation Control 2) or ISAE 3000 report is […]

Traditional security models based on perimeter defence and implicit trust are no longer effective. The notion that what is inside the organisation’s network is trusted and everything outside as untrusted is no longer supported. Instead, organisations are adopting a more proactive and holistic security strategy that does not trust any user, device, or application, regardless […]