Hands-on experience at the forefront of MITA-NCC’s Cyber Breakfast

Hands-on experience was at the forefront of the first Cyber Breakfast event of 2025, hosted by MITA-NCC. The event brought together cybersecurity professionals for interactive sessions and real-world scenarios aimed at enhancing understanding of risk management and strengthening cybersecurity practices.

Real-life scenarios

Professionals collaborated to tackle challenges such as supply chain compromises and ransomware attacks, gaining insights into the latest cybersecurity threats and the critical role of regulatory compliance. During the event, attendees had the opportunity to prioritize cybersecurity controls and test their decisions through a table-top exercise that simulated real-world threat scenarios.

The event also aimed to deepen participants’ understanding of risk management by highlighting the importance of a risk-based approach to cybersecurity. To achieve this, attendees were divided into small groups and presented with two key scenarios. Their task was to assess each situation, identify vulnerabilities, and develop effective strategies to mitigate the associated risks.

Navigating the cybersecurity landscape

Presenting at the event, Nicholas Aquilina, IT Risk and Control Manager at APS Bank, began by highlighting that 21% of enterprise breaches over the past 12 months were attributed to external attacks targeting employees’ home or remote work environments.

Aquilina said that the top reported threats according to Forrester’s 2024 were:

• Narrative attacks – Narrative attacks are fuelled by three key manipulation types: misinformation, disinformation, and malinformation.
• Deep fakes – Deepfakes are images, videos, or audio which are edited or generated using artificial intelligence tools, and which may depict real or non-existent people.
• AI responses –– AI responses refer to content or interactions generated by artificial intelligence systems, such as chatbots or automated customer service platforms.
• AI software supply chain – The AI software supply chain involves the series of processes and vendors that provide the software, models, and datasets used to train artificial intelligence systems.
• Nation-state espionage – Nation-state actors might look to steal military intelligence, intellectual property, and other types of sensitive information held by government organizations, contractors, and other businesses.

Moreover, Aquilina highted that a strong security strategy consisted of multiple layers: “An in-depth defence that ensures if one control fails, other controls remain in place. A zero-trust policy, which assumes no entity should be trusted by default and threat intelligence which provides real-time insights.”

Aquilina also mentioned that NIST CSF 2.0 improves communication between executives and managers, aligning strategy with daily risk management, while placing greater emphasis on governance to strengthen cybersecurity across the organisation.

Regulatory compliance

Aquilina also highlighted the importance of following regulation and managing risks effectively when it comes to cybersecurity. This means using well-established guidelines, like ISO 27001, NIST, and PCI DSS, and ensuring that the business follows necessary legal and industry regulations such as GDPR, DORA, and NIS2.

The approach also focuses on identifying risks and prioritizing actions based on the most serious threats. It involves ongoing checks to make sure the business stays compliant as regulations come into force. Additionally, it keeps clear records that can easily be reviewed during audits.

Furthermore, there should always be security risk management set up to support the goals of the business and be part of the everyday operations.

The main goal is to strengthen the company’s ability to keep running smoothly, even in the face of challenges.

For security to be truly effective, it needs to be built into daily practices, not added as an afterthought. This helps the company stay prepared for potential risks and continue to grow and succeed in the long run.

This article is co-funded by the European Union.