Managing Cybersecurity Concerns: First Step in Charting Philippines Digital Future

Cyber threats are amorphous; they come in all shapes and sizes targeting governments, civilians and private corporations globally.

In Southeast Asia, cybersecurity remains a key consideration in the midst of digital transformation efforts where the increase in usage of internet facilities and low cyber resilience have increased vulnerabilities to cyber attacks. The region’s booming economy and the implementation of an ambitious digital transformation plan has made it a very attractive target for hackers. An ATKearney report confirms the fear in forecasting that the top 1,000 ASEAN companies are bound to lose $750 billion to cybersecurity concerns. Cyber threats are also predicted to derail their digital innovation agenda; the central pillar for ASEAN’s success in the digital economy.

In light of recent initiatives in Philippines, such as ‘The Fourth Industrial Revolution’ and; Smart Cities’, the sheer quantities of IoT (Internet of Things) devices has created an enormous attack surface for potential hackersOn a scale of A-to-E representing cybersecurity, with ‘A’ highest in terms of cybersecurity maturity, the Assistant Secretary (Allan Cabanlong) of the Department of Information and Communication Technology (DICT) conceded that “Philippines is for now mostly in class D”.

This means that while Philippines GDP growth rate is impressive at 6.7% – the highest in Southeast Asia – accompanied by digital transformations in the Corporate industries, cybersecurity is needed now in the country more than ever.

The consequences of cyber attacks

According to the ‘Frost & Sullivan’ research, among the 16% of Filipino industries that have reported, cybersecurity threats have incurred approximately US$3.5 billion of economic loss, while the other 34% of industries are unaware of the cybersecurity threats and its impact, having not performed proper forensics or data breach assessment.

While financial losses from cyber attacks are the most visible, they have an additional indirect burden on companies’ budget by incurring opportunity cost for corporations due to the loss of reputation and trust over the attacks. Even amongst those who had experienced cyber attacks, majority have yet to set up a security operation system or cyber threat deterrence in any form. The lack of measures against cyber attacks carries the psychological risk of industries willing to stall digital transformation efforts to avoid cyber threats. The study also revealed that the economic losses faced by large organisations in Philippines due to cyber attacks, is more than 200 times the average economic loss, making cybersecurity a ‘Filipino issue’.

Apart from financial impact, Government portals and infrastructures hacked by perpetrators with a political agenda has caused disruptions to public services. In 2016, during the election period, more than 60 government agencies have been targeted, leading to the leak of 55 million voters’ confidential information in Philippines, undermining Filipinos’ trust in the government. In the same year, in the midst of an international territorial conflict, hackers disrupted services of important government websites and defaced official Philippine government portal with a political message that threatened volatile international relationships.

Governments lead in facing cyber threat head front

In taking a major step to address cybersecurity vulnerabilities, DICT launched National Cybersecurity Plan 2022 in 2016. The plan introduced measures such as the National Computer Emergency Response Program and the CISO Program to coordinate all government agencies to respond effectively in the event of a cyber attack.

Furthermore, DICT is looking at partnerships and collaborations with more tech-advanced global corporations to enhance its cybersecurity. Recently, DICT embarked on a joint venture in awarding a P508.9 million contract to the Israel-based Verint System Ltd to undertake its cybersecurity management system project. The partnership will facilitate effective monitoring of the dark web, in addition to fending off any possible cyber attacks.

Closer collaboration between government agencies and private organisations can also be seen when the Philippines National Privacy Commission – in its role as the ‘privacy watchdog’­­ — pressured Jollibee in 2018 to suspend the operations of its delivery website and submit a plan on keeping the website’s database secure, following the discovery of vulnerabilities in its cybersecurity system. Other measures such as the Data Protection Scheme and Cyber Security outreach project, have been put in place for the government to monitor the cybersecurity status of private corporations

Moreover, big enterprises in Philippines such as Globe Telecom, have taken the lead in addressing cyber attacks by partnering with global information security firm Trustwave – a state-of-the-art cyber-security center – to protect clients’ data as well as its own in an increasingly hostile digital environment.

The future of cybersecurity

Mr. June Paolo, Chief Cyber Terrorism Response section, from the Philippines National Police discussed the importance of recruiting and training cybersecurity experts in the PNP and corporations during the Asia IoT Business Platform Conference, 2018. He believed that strengthening the current pool of cybersecurity professionals could go a long way in “making Philippines safer” and the “environment less hostile”. This belief is synonymous with DICT that will also be conducting the ‘Capacity Building and Capability Development’ Program under the National Cyber Security plan, to cultivate existing talents and enhance the IT skills of the cybersecurity experts.

In addition to cultivating cybersecurity professionals, leveraging on AI and automation could significantly improve the capabilities and capacity of companies’ security operations. An AI-centric cyber security concept will be more intelligent and be equipped with predictive and analytical abilities, making way for pre-emptive problem solving. AI will be able to detect cyber attacks and remove persistent threats faster than any human could, making it an increasingly vital element of any organizations’ cybersecurity strategy. Developments in AI also forecast its potential to not only raise detections but also reason over how various data signals should be interpreted with recommended actions, allowing massive quantities of data to be analysed in a short frame of time. According to Frost & Sullivan research, close to 80% of corporations in the Philippines are looking to adopt AI in order to boost their cyber security.

Time to address the quiet threat

As more devices and control systems are connected online, more vulnerabilities will appear, increasing the potential for disruption to critical assets, significant economic losses and erosion of public and consumer trust. A comprehensive proactive cybersecurity strategy involving a government-private partnership will likely ensure a better control of digital facilities in enhancing cybersecurity. To better face cyber threats head front, cybersecurity ought to be tightened in tandem to digital advancements. 

Allan S. Cabanlong, Assistant Secretary for Cybersecurity and Enabling Technologies, Department of Information and Communications Technology (DICT) will be sharing on “Cybersecurity as the Cornerstone of a National Digital Plan: The Intersection of Cybersecurity and Geopolitical Risk” at the 30th Asia IoT Business Platform in Manila, Philippines on the 24 & 25 July, 2019.

If you would like to find out more about cybersecurity collaboration opportunities in the Philippines, do drop me a note at [email protected]

Yue Yeng Fong

16 June 2019

Leave a Reply