Philippines tightening cyber defenses as attacks surge

Felix Kim

The Philippine government and private sector are implementing a series of cybersecurity initiatives such as enhanced resilience and training programs to tackle surging cybercrime.

The Philippine Department of Information and Communications Technology’s (DICT’s) National Cybersecurity Plan 2022 includes a new platform of information security governance and risk management, a DICT news release stated. The plan’s main objectives are: ensuring continuous operation of critical “infostructure” and public and military networks; implementing cyber resilience measures to respond to threats before, during and after attacks; effective coordination with law enforcement agencies; and a cybersecurity-educated society.

In late November 2021, more than 20,000 Philippine customers were notified that their personal details had been compromised in a ransomware attack on S&R Membership Shopping, a warehouse club based in the city of Paranaque. It was the latest in thousands of cyberattacks targeting businesses nationwide, authorities said.

The attack exposed customers’ personal details, including birthdate, gender and contact information, but not their banking information, according to Manila’s National Privacy Commission. The government agency added that steps had been taken to recover data and prevent future breaches.

A pattern of similar cyberattacks has exposed the customer databases of small- and medium-size businesses in the Philippines since mid-2020, with firms sustaining losses of U.S. $500,000 to U.S. $1 million, according to a report by technology company Cisco Systems.

Through September, the Philippine National Computer Emergency Response Team had reported handling 755 cyberattacks in 2021.

Globally, ransomware attacks spiked 151% in the first six months of 2021 compared with the same period in 2020, according to Canada’s Communications Security Establishment, Reuters reported in early December. Hackers in Iran, the People’s Republic of China and Russia pose a significant threat.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” the Canadian spy agency warned, according to Reuters.

In the Philippines, the Cybercrime Investigation and Coordination Center, a unit of DICT, is collaborating with the private sector to investigate and suppress cybercrime. The Philippine Institute of Cyber Security Professionals (PICSPro) is among the organizations to step forward. Founded in 2020 to advocate “for a more secure Philippine cyberspace” and to be at the forefront of the nation’s digital transition, PICSPro is addressing the shortage of cybersecurity professionals by initiating training programs and fostering job creation, the Manila-based technology magazine Adobo reported.

The best approach is to make cybersecurity more accessible and to hone professionals’ abilities so they can compete internationally, Angel Redoble, chairman of the 20-chapter PICSPro, told the magazine. Within its “framework of engagement,” PICSPro seeks to strengthen the nation’s cybersecurity through collaboration with government and private firms, including creating laws and policies in harmony with global standards, matched with “security protocols, standards and software accreditation schemes.”

Felix Kim is a FORUM contributor reporting from Seoul, South Korea.

IMAGE CREDIT: ISTOCK