ICT expert explains how the Philippines can improve cybersecurity
The Philippines is well on its way to enhanced digitalization with the adoption of the newest technologies such as artificial intelligence (AI). However, as the country takes on the current innovations, it also opens itself to the latest online schemes.
Hence, it must improve cybersecurity alongside advancement.
While putting up a defense against cyber threats may seem like an uphill battle, there are ways to overcome them as there are specialists who are willing to provide solutions.
Article continues after this advertisementICT expert Abhishek Srivastava believes that the Philippines may become a digital powerhouse. With over 10 years of experience at the global consulting firm Arthur D. Little, he shared the country’s potential steps towards improved cybersecurity.
1. How are institutions leveraging emerging technologies like AI and machine learning to combat cyber threats?
I’ve been in the industry for the last 22 years now. In terms of what has changed over the last few years, it’s the sophistication of the attacks.
Malware, from the traditional Trojan and spyware, has transformed into fairly sophisticated ransomware targeting private and public institutions.
Article continues after this advertisementREAD: How the Philippines beats digital threats
The end-to-end has become so sophisticated that even the payment is through encrypted channels. Also, malware has evolved from tricking you into providing your sensitive information to using deepfakes to do so.
The more applicable application in the Philippines is the man-in-the-middle attacks.
(A man-in-the-middle attack involves a threat actor intercepting the medium two parties use for communication to steal information and access accounts.)
This is especially true as more Filipinos work from home. Somebody can take control of an information exchange between two individuals.
Last but not least, the Philippines must improve cybersecurity against denial-of-service attacks.
(Denial-of-service or DoS attacks involve shutting down a specific server or service by overwhelming it with illegitimate requests to trigger a crash.)
READ: The Philippines is ramping up cybersecurity
Modern cyber threats are similar to those in the past, but they have increased scale and participation from large state actors.
Cryptocurrency and blockchain technology has also made it harder to identify cybercriminals. For example, these innovations allow the use of smart contracts, which confirm transactions without human intervention.
2. What are the main challenges institutions are facing in strengthening their cybersecurity defenses?
What we feel are the most applicable to the Philippines are three main aspects. First, it must address the scale of readiness from an overall ecosystem perspective.
It tackles how well-defined the policies and centralized threat intelligence are. For example, the US and Singapore have centralized agencies for threat perception and collating intelligence from all sources.
Second, as a country with a significant share of GDP from digital services, the organizational awareness of people when it comes to cybersecurity is not that high.
You need a system of people who can identify, report, and monitor threats.
READ: DICT unveils Tower Watch PH to ensure steady ICT upgrade in PH
Third, exceeding budget constraints are essential in improving cybersecurity. The large majority of the Philippine economy may not have the budget for security allocation.
The Philippines must also accept that it must improve cybersecurity not as an “IT issue” but as a business issue. After all, modern businesses rely on technology to operate.
3. What steps can be taken to foster a stronger cybersecurity culture in the country?
I’m quite optimistic about the Philippines’ capability to improve cybersecurity.
I’ve seen in other countries how local talents have really picked up and grown. What it needs is a strong incentive structure and a commitment from key institutions to collaborate.
For example, many Indonesian firms have focused on this. The first step is not to level up homegrown talent from “Step 0” to becoming absolute security experts.
The first step is to get into learning and becoming certified engineers of existing technologies. You have local staff certified who can customize technologies for specific applications.
Then, you eventually develop the capability to level up your own solutions. It’s an incremental, step-by-step process, and I’m quite optimistic that this will happen in the Philippines.
Similarly, the country has invested in the shipping industry and then you grew talent. As a result, nearly 35% of shipping industry staff are Filipinos.
I believe the Philippines can develop the homegrown talent needed to compete in cybersecurity with a strong commitment from regulators to provide a “top-down solution.”