Malta’s post-COVID development as a fintech and gaming hub has put it firmly in cybercriminals’ crosshairs. “No matter how good you get at protecting your business, vulnerabilities are a fact of life,” warns Joseph Azzopardi, Lead Infrastructure Architect at ICT Solutions. The IT managed services firm has seen a 9900% increase in weekly cyberattack attempts on its own clients from 0.03 per cent to 3 per cent over five years, a telling statistic that shows ‘security by obscurity’ is over, Mr Azzopardi says.

Damaging businesses is big business, producing a large payday for the persistent hacker. While accessing company data or redirecting company accounts might be labour-intensive, pursuing commercial enterprises can result in the crown jewels (currently averaging almost €0.25 million) – far more lucrative than defrauding private individuals, who, by comparison, are low-hanging fruit providing minimal returns.

“Phishing remains the weapon of choice as humans are still the weakest link,” Mr Azzopardi explains. Even the most diligent companies still have a 4% click rate despite regularly training staff on vigilance. AI is making cybercrime accessible, arming everyone from casually disgruntled individuals to would-be professional hackers with the tools and opportunity to be dangerous. Geopolitical tensions are also contributing to cybercrime rates, making governments and institutions prime targets for taking a stand on issues. Attacks can even originate from within companies, giving rise to the “zero trust model, which assumes nobody – internally or externally – can be trusted, enforcing strict verification across users and devices,” Mr Azzopardi continues.

The issue is fuelled by top management’s inertia regarding the security imperative. Rather than being viewed as strategically non-negotiable, “cybersecurity is often treated as an extra insurance policy, luxury, or additional IT expense. Meanwhile, smaller businesses generally don’t register the urgency,” he shares. “Tooling expense remains a significant barrier for this sector, which is largely unaware of security’s role as a business growth enabler and is therefore slow to act.”

However, the old adage ‘a stitch in time saves nine’ really applies here. Inaction is more costly than precaution, making cybersecurity a financial planning necessity. So, what is the answer? ICT Solutions’ Managed Detection Response (MDR) relieves customers of the burden of maintaining their own robust Security Operations Centre (SOC). Compliant with relevant ISO security standards, the product integrates Microsoft Sentinel and additional cloud technologies to provide malicious activity detection and rapid incident response, underpinned by the all-important human layer of intelligence.

MDR was an “organic response to customers’ mounting struggles with incumbent technologies and requests for assistance with threat monitoring”. Interestingly, many customers only expressed this need after already experiencing a security breach, Mr Azzopardi shares. The decision to provide an SOC service was not made lightly and required wide-ranging deliberations about in-house versus outsourced construction. “Investing in our own people instead of handing the responsibility to a larger company was a big decision point,” he admits. “Given the critical nature of the service and all it entails, relying on an army of third-party analysts to promptly relay alerts was seen as unwise – particularly from a customer relationship standpoint.”

A behind-the-scenes look at the project reveals a five-year journey of design, enhancement, and iterations. Conquering inevitable technical and architectural challenges included: managing a multi-tenant infrastructure, operating real-time monitoring, isolating customer data, filtering out the noise of regular human activity, and establishing SLAs for response time, definition and measurement of alert tiers, human error plan Bs, and nighttime chain of notification and escalation protocols. Nevertheless, disaster recovery unavoidably involves trial and error to iron out issues, Mr Azzopardi explains.

The effort has paid off, resulting in one of the company’s greatest value generators. With MDR becoming “so significant to customers and key to ICT Solutions’ business,” plans are underway to take operations to the next level to achieve real scalability. This phase, Mr Azzopardi explains, will be shaped by three core developmental pillars: people, processes, and technology.

The first pillar centres on “expanding the existing people structure”. Proposals include dedicated specialised teams with designated leaders, specific areas of focus, clear responsibilities, and increased accountability. The second pillar revolves around process refinement, differentiating new work from existing procedures and guiding teams on daily and weekly operations. Major parameters include new industry threat assessments, optimal data collection, accurate interpretation, and potential correlation with ICT Solutions’ customer base. The third pillar involves enhanced technological functionality for tenant-wide deployment. “Ideally, increased automation will sift through an estimated 70% of alerts received, reducing departmental pressure.” The possibility of the company building its own intellectual property is also under consideration, sparking discussions about coding, programming, and the rationale of exploring this avenue.

Notably, while this extensive mission could be outsourced, ICT Solutions has deliberately chosen internal execution. “We’re growing and we see our customers being with us on this journey. Customers often start with one service and later add others like security assessment, firewall management, and IT administration features. So, all future actions must align with our existing values while maintaining client trust. Doing our job effectively requires access to client systems and data elements, including coordination with third-party vendors responsible for other interconnected technologies within customer environments, such as cloud infrastructures, user identities, and devices.”

Given the magnitude of building a round-the-clock SOC, businesses may wonder if they can handle this in-house. Mr Azzopardi offers key advice for those who may be tempted. Proper alert review is crucial. Overstretched IT personnel simply sandwiching in monitoring between multiple other tasks spells trouble. Timeliness is everything. “It’s about the person ‘in the chair’. If nobody is seeing incidents or taking action on time, you have a problem. Real security means spotting and investigating a breach now, not months later,” he affirms.

Knowledge is paramount here: understanding false positives, benign threats, and AI’s role in assisting detection. Mr Azzopardi’s colleague, Finian Massa, explains “AI can only ever deliver probabilities, not absolute confirmations of a definite hack. Human oversight is still essential for assessing real threats.” Critical process gaps can also be overlooked in firms’ security plans. Mr Massa cites the Notre Dame disaster as a cautionary tale about the limitations of automated systems and insufficient training on in-house processes. “Millions were spent on the most advanced fire detection system, but one human mistake led to catastrophe.” In other words, purchasing cybersecurity tools is the easy part; “the real task lies in correct deployment and momentum.”

Companies wanting to go it alone are therefore urged to consider all implications. The biggest lesson is not to underestimate the complexity and cost associated with establishing and operating an SOC. “Our Managed Detection Response took us years to develop and hone; you cannot build a solution in a matter of months,” Mr Azzopardi emphasises. “Companies must be clear about what they can manage themselves, including training, attrition, and maintenance overheads. The reality is that firms often lack the resources for continuous operations, usually having an IT capacity of just two people. A fully operational SOC requires a dedicated four-to-five-person team of trained specialists and a 24/7 schedule. This is mainly financially viable in 800-1,000 head organisations,” he highlights.

Security is not static, ICT's lead infrastructure architect says in conclusion. As businesses grow and change direction, so do their vulnerabilities; cybersecurity strategies must therefore evolve to keep up with emerging threats. “This is an industry where lightning does strike twice (and more)! If your system is weak somewhere, it’s not a question of if but when you’ll get hit,” Mr Azzopardi reinforces. “It’s not just about preventing attacks; it’s also about resilience when they occur. By implementing best-of-breed technologies that crucially work together (not in silos), ICT Solutions creates a security baseline that starts with visibility. Because you can’t protect what you don’t know…”