International think tank Stratbase Institute is urging the government to fortify the country’s cybersecurity posture by increasing investments in this tech sector.
“Bad actors are cunning and sophisticated, and when they see easy targets, they will attack,” said Stratbase Group CEO and Founder, Prof. Victor Andres “Dindo” Manhit.
“It’s clear that fortifying our cyber defenses should be a priority, particularly for critical infrastructure across both public and private sectors. This proactive approach to cybersecurity is a necessary step in safeguarding against the ever-evolving threat of cybercrime,” Manhit said.
Manhit explained that “Cybersecurity is a vital investment at all levels, as data breaches are increasingly common. Businesses must ensure uninterrupted operations and secure data, provide peace of mind and building trust with customers and stakeholders.”
He suggested that the government should engage with the private sector telcos and cybersecurity providers in developing a comprehensive and strategic approach to cybersecurity investments.
The International Trade Administration reported a 2020 survey that showed 43% of private companies in the Philippines had increased their allocation for cybersecurity solutions. Despite this, according to Manhit, more has to be done.
Moreover, just 27% of organizations in the Philippines have a “mature” level of readiness to confront modern cybersecurity risks, according to the Cybersecurity Readiness Index released in March 2023 by information technology firm Cisco.
Manhit said it is also important to highlight the role of Chief Information Security Officers (CISO), for each agency or organization, mandated to maintain the most robust and appropriate protection from hackers and instilling a cyber hygienic culture to all its network users.
However, there is a dearth of cybersecurity professionals with more than 2 million unfilled cybersecurity posts in Asia alone.
“It’s essential to enhance our existing talent pool and elevate the expertise of our IT professionals. We should also consider engaging the services of ethical hackers to bolster our cybersecurity frameworks,” Manhit said.
Spate of government attacks
In recent weeks, Philippine government agencies have been on the receiving end of breaches starting from the attack on the Philippine Health Insurance Co. (PhilHealth) in September. The Medusa ransomware group demanded $300,000 – roughly P17 million — and made PhilHealth data available on the dark web.
PhilHealth, which admitted it had failed to renew its virus protection software, was only able to fully restore its services this week. Estimates place the number of affected users to between 13 million and 30 million.
“Our government’s capacity to ward off such attacks is being tested, and we seem to be failing that test,” said Manhit.
On October 7, the Philippine Statistics Authority suffered a leak in its Community-Based Monitoring System, even as the agency insisted that the CBMS constituted only a limited portion of its database.
One week later, on October 15, a group that called themselves “3MUSKETEERZ” altered the website of the House of Representatives. The Senate likewise reported that its system had recently seen a spike in cyberattacks.
A digital economy
“Filipinos are known for being active social media users, but sadly it does not translate to a high level of awareness of cybersecurity risks, much less the capacity to protect themselves against these,” said Manhit.
“Our efforts at being a technology-powered economy and a digitally enabled nation will amount to nothing if our individuals and our organizations do not have the necessary tools to protect ourselves from attackers,” he added.
We also remain vulnerable to cyberattacks and other incidents because of our lack of data protection mechanisms and awareness, despite the passage of a law protecting data, he said.
“Efforts to minimize the impact of data breaches have been acknowledged, these efforts need to be intensified given the rising complexity and frequency of digital threats. There is an urgent need for increased investment and resources to effectively combat the escalating cyber threats,” said Manhit.