Section

PH cybersecurity: An increasingly complex threat landscape

By Manila Times - 2 months ago

SCAMS through digital payment platforms, deepfake technology, phishing and ransomware are among the top threats that today's cybersecurity experts need to deal with practically every day.

Cybercriminals have increasingly exploited digital payment platforms by hacking social media accounts to impersonate users and solicit money from their contacts. Deepfake technology is also a rapidly growing threat, as cybercriminals use AI-generated deepfakes to create convincing fake videos or audio clips, often used in fake job interviews, fraudulent investment schemes and romance scams. The rise of deepfake scams is particularly alarming, as they can easily deceive even tech-savvy individuals. Phishing and ransomware attacks continue to be prevalent, targeting both individuals and organizations.

In its 2024 Security Report, cybersecurity firm CheckPoint said several key areas demand immediate attention to safeguard our increasingly interconnected world.

"Ransomware continues to dominate the threat landscape with cybercriminals refining their tactics. Double extortion — where attackers both encrypt and steal data, threatening public exposure — is becoming more common," said Clement Lee, security architect for APAC at CheckPoint Software Technologies. "Supply chain attacks have also become a significant concern; not to mention phishing and social engineering attacks remain prevalent, but they're now more sophisticated, thanks to AI. ... The rapid shift to cloud services has brought new security challenges."

Keeper Security cites similar threats.

"Ransomware remains a major concern, with attackers encrypting data and demanding ransoms. Organizations should defend against this by maintaining regular, encrypted backups and deploying robust endpoint protection," said Darren Guccione, chief executive and co-founder of Keeper Security. "Phishing attacks continue to be a pervasive threat, with increasingly sophisticated scams targeting sensitive information. Additionally, the rise of AI-powered attacks highlights the need for organizations to invest in sophisticated detection systems capable of countering these evolving threats."

In a 2021 study from the Asean Digital Integration Index, the Philippines ranked only fifth in data protection within the regional group.

On the other hand, a report released by Surfshark, the cybersecurity firm, ranked the Philippines 30th among 163 countries with the most breached online accounts in 2023. This was actually an improvement from the ranking in 2022, which placed the country at 26th.

Cybersecurity experts are grappling with an increasingly complex threat landscape, with several critical challenges demanding immediate attention. As in all industries and areas of development, the government's role in cybersecurity is crucial. As cyberthreats become more sophisticated, the government must take action on several fronts to protect its citizens and national interests.

Following the signing of Executive Order 58 by President Marcos Jr., the Philippine government is actively implementing the National Cybersecurity Plan 2023 to 2028. The plan is to "focus on protecting the nation's critical infrastructure, enhancing cyber resilience and promoting a culture of cybersecurity awareness across various sectors," according to the Cybersecurity Bureau under the Department of Information and Communications Technology (DICT). "The government, through the DICT, is working closely with law enforcement agencies and other sectors to conduct cybersecurity training and awareness programs. This collaboration ensures that cybersecurity policies are uniformly applied across government agencies, local government units and the private sector."

"To effectively combat cybercrime, the government must invest in building its cybersecurity capabilities," said Checkpoint's Lee. "This includes training law enforcement, developing a skilled workforce and setting up rapid response teams. In the Philippines, more funding for cybersecurity research and incentives for professionals would help strengthen these efforts."

The shortage of skilled cybersecurity professionals poses significant challenges for the Philippines, said the DICT. The rapidly evolving nature of cyberthreats requires continuous updates to defense mechanisms, which demand substantial resources.

"To address these challenges, the DICT is advocating for a unified approach across sectors, focusing on strengthening the capacity of cybersecurity professionals and enhancing existing infrastructure," the DICT Cybersecurity Bureau said. "A key part of this effort is the DICT's National Security Operations Center, which is actively working to bolster its capabilities. This center plays a crucial role in detecting, analyzing and responding to cybersecurity threats across government agencies."

According to cybersecurity experts, governments need to create and enforce strong cybersecurity laws and policies, emphasizing that these should be adaptable to new challenges, such as those posed by artificial intelligence and the internet of things or IoT. In the Philippines, this means updating existing laws and establishing dedicated agencies to oversee cybersecurity efforts, ensuring they align with global standards.

To effectively combat cybercrime, the government must invest in building its cybersecurity capabilities, experts added, including training law enforcement, developing a skilled workforce, and setting up rapid response teams. In the Philippines, more funding for cybersecurity research and incentives for professionals would help strengthen these efforts.

"Cyberthreats don't stop at border. So, regional and international cooperation is vital," Lee said. "The Philippines should actively participate in Asean cybersecurity initiatives and work with global organizations to ensure its policies are in line with international standards. Sharing best practices and participating in joint exercises can improve overall regional security."

The Cybercrime Prevention Act offers a basic structure for addressing cyberthreats but may not fully cover modern cyberattacks' sophisticated and evolving nature.

"The DICT is actively working on a cybersecurity bill, aimed at bridging these gaps, proposing stricter penalties and more comprehensive measures to strengthen the nation's cybersecurity defenses," the DICT Cybersecurity Bureau said. "This response encapsulates the key cybersecurity threats facing the Philippines, the government's efforts to address them, and the ongoing challenges that need to be tackled through improved legal and technological measures."

"The Philippines' government is commendable in enacting several laws to counter cybersecurity threats," said Kelvin Lim, Senior Director, security engineering, APAC, Synopsys Software Integrity Group. "Due to the evolving nature of cyberthreats, these laws will need to be regularly reviewed and updated to address the new cyberthreats."

Disclaimer : Mymoneytimes implements extreme caution and care in collecting data before publication. Mymoneytimes does not liable for the adequacy, accuracy or completeness of any given information. Hence we are not liable for any kind of direct or indirect loss caused by the use of such information.