Strengthening PH cybersecurity
The COVID-19 pandemic has significantly accelerated the pace of digitalization in all aspects of our lives. More Filipinos are using electronic money. The Bangko Sentral reports over 20 percent of payments were digital in 2020. More consumers are buying online. NielsenIQ says 67 percent of Filipinos who made online purchases will continue to do so after the lockdown. Schools have shifted to distance learning, with 24 million students enrolling this year. Patients are embracing telehealth. One telemedicine provider reported a 170-percent increase in teleconsultations last year.
But rapid digitalization has also increased cybersecurity threats. Kaspersky estimates that 37 percent of Filipino online users have experienced cyberattacks. There are also increased attacks on critical infrastructure. Given the “franchise-ification” of malware and the emergence of malware-as-a-service, cyber risks are higher than ever and are expected to continue to rise.
There is little doubt that cybersecurity and the Philippines’ economy, national security, health, education, and other key sectors are intimately related. In order to take advantage of the opportunities of digital transformation, the Philippines needs to strengthen programs and adopt initiatives to address the increasing risks in the digital ecosystem. Listed below are some areas to start with.
Define and adopt minimum information security and data privacy standards. Cybersecurity can be daunting to those who are just getting started. It is thus important to have a baseline and set an achievable target, which will allow us to work toward improving security capabilities, reducing cybersecurity risks, and knowing our own information security posture. Once we know our starting point, then we can enforce compliance.
Create a safe ecosystem for best practice and capability sharing. We must build a culture of information sharing. One organization’s incident can provide a potential lesson to many others. Like-minded organizations with similar types of risk can work together. Regular cybersecurity drills and preparedness programs will also help.
Improve data and metrics. We need to gather more data on cyber incidents. A form of cybersecurity scorecard would be a good first step. This entails strengthening the Computer Emergency Response Team (CERT) ecosystem and the creation of sectoral CERTs. The more organizations report, the better the data we have. The better data we have, the better decisions we can make on cybersecurity.
Greater awareness of both local and global threat landscapes. Many organizations think they’re too small to be a target of cyberattacks. In reality, everyone faces the same cybersecurity threats. We must learn from global cybersecurity trends and the best practices of democratic societies that protect privacy and personal security. However, reports from abroad should not create the false impression that threats are far from home. Greater awareness of the threat landscape is necessary to make sound decisions.
Enhance internal capabilities and develop a cybersecurity talent pool. We need to address the lack of qualified cybersecurity talent. On the demand side, ensure that key public and private organizations have clear quantified needs for information security talent. This can encourage more Filipinos to invest in a career in cybersecurity. Create opportunities for cyber talents, such as cybergames, internships, and bootcamps. On the supply side, introduce cybersecurity courses and promote vocational training programs aligned with globally recognized cybersecurity professional standards and certifications.
Digitalization in the country is benefiting many. However, the cyberthreat landscape is real and constantly evolving. The next administration must sustain, if not accelerate, the gains of digital transformation while ensuring that cybersecurity issues do not hamper our progress.
——————
William Yu is a technology professional, professor, and researcher who is a passionate advocate of shaping internet and technology policy. He is part of Secure Connections, a cybersecurity project of The Asia Foundation-Philippines. Secure Connections will provide more analysis in an upcoming report on “Cybersecurity in the Philippines” to be released in January 2022. The views expressed in this article do not necessarily reflect the views of The Asia Foundation.
