The Maltese industries most targeted by cybercriminals

Third of cyber attacks in past two years aimed at government administration infrastructure, public sector

Small businesses and professional service providers such as law and accounting firms are most vulnerable to cyber attacks, according to an analysis of Malta’s cybersecurity preparedness. 

The analysis of 300 Malta-based organisations was presented by UK-based consultancy firm Thomas Murray at a business breakfast at the Corinthia hotel in Attard on Wednesday morning, hosted by Times of Malta.

Thomas Murray's director Edward Starkie said Malta’s financial services, gaming and cryptocurrency industries make it a prime target for cyber criminals. The country’s high interconnectivity and dependence on foreign trade further increase the vulnerability of its supply chains to attacks. 

A third of cyber attacks against Malta over the past two years were aimed at government administration infrastructure and the public sector. The gaming sector faced 26 per cent of attacks, while the financial sector faced 16 per cent. 

The fact that Malta is a strategically located EU member means it is also in the crosshairs of state-sponsored hacktivist groups. Attacks by such organisations have increased since Russia's invasion of Ukraine. 

Distributed denial-of-service (DDos) attacks – attempts to overwhelm a target’s infrastructure with a flood of internet traffic – represent the bulk of attacks, with data breaches resulting from phishing attempts and ransomware coming in second and third, respectively.  

Issues that increase the vulnerability of organisations to cyber attacks include outdated services that require patching, compromised servers and stolen credentials. 

Malta-based organisations score below average on security

Starkie noted that, on average, Malta-based organisations that underwent Thomas Murray’s security analysis performed slightly below the global average. The lowest scores were distributed evenly across financial services, gaming, professional services, the public sector and trade. 

Small and medium organisations - the bulk of Malta’s business landscape - presented the lowest scores on average.

While the reasons for this were not clear, Starkie speculated that budgetary considerations could be a factor. 

Matthew Agius, CEO of anti-money laundering and compliance firm Diligex, echoed the findings of the analysis, quoting a 2023 Microsoft report that found that 70 percent of ransomware threats targeted SMEs. 

He noted that while such threats should be tackled, risk was part and parcel of running a business, meaning that a balance needed to be struck between being fearful and being careful. 

“We shouldn’t live in a world in which businesses take no risks. We need to assess, protect and collaborate. It shouldn’t be about my business versus yours – we need to share intelligence about threats,” he said.  

€30 million in enhancing government security

Emanuel Darmanin, CEO of digital security agency MITA, shared what he called a cautionary tale of a colleague who had received what seemed like an authentic email from a trusted supplier with a request to update banking details. 

“Had he not spotted a tiny discrepancy, this could have led to a serious loss. This shows that anyone can fall victim to these attacks,” he said, stressing that Malta was not too small to be a target. 

He noted that MITA had invested €30 million in enhancing government security with tools such as encryption, two-factor authentication and artificial intelligence. It had also assisted in the launch of the first master's degree in cybersecurity at the University of Malta. 

“Cyber security involves elements that can only be effectively shared through trust, open dialogue and the exchange of experiences. It must be embedded in our culture through the responsible use of technology, awareness and vigilance,” he said. 

'We assume we’re too smart to fall for phishing'

Lorleen Farrugia, an expert on child online safety, said that when she asked children what was the most dangerous thing that could happen to them online, most were concerned with getting hacked or infected with a virus, showing that even at a young age, they were already thinking about cybersecurity.  

“However, while many of the children were critical of their peers’ behaviour, such as befriending strangers, they viewed their own behaviour more favourably.

"This shows that many of us believe we are at less risk than others. We assume we’re too smart to fall for phishing and think our passwords are secure,” she said. 

She noted that the consequences of a cyber attack can be worse than a physical break-in, as with the latter, there was a limit on what could be stolen, but there are no such limits when it comes to the former.  

“The most powerful defence is our mindset. The first layer of protection is how we think – how we analyse, question and recognise manipulation tactics before we fall for them. We have to recognise that we are not invulnerable,” she said.

The event was held in collaboration with Thomas Murray, Diligex, MITA, the Cybersecurity National Coordination Centre and The Business Picture

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.