Achieving herd immunity in cybersecurity

Cyber threats and risks are now a part of our daily life on so many levels.

In the comfort of our homes, we buy products online using apps electronically linked to our bank account. This same account is used to load cash in our mobile wallet attached to our phone number, which is verified using an email address that we use to log in to our social media accounts. If one platform is hacked, all others can easily be affected.

Institutions like banks, hospitals, schools, and government offices that store and process our personal data and other sensitive information use computer systems that may fall victim to malware and data breaches. As more transactions shift online, cybercrimes for profit will become more commonplace.

Cyberattacks on critical infrastructure are now a form of warfare. Cyber threat actors, some of whom are state-sponsored, can wreak havoc on vital facilities such as power grids and telecommunications networks. The global arms race to build weapons of cyberwarfare has begun.

Like COVID-19, cyberattacks are now a reality that we have to contend with.

Just as “herd immunity” is the goal in managing the pandemic, so too is “immunization” against cyberattacks. The vaccine, in this case, is the application of minimum information security standards across various sectors and institutions, especially in critical infrastructure. Like any vaccine, it cannot eliminate all risks, but can prevent the spread of infection, so to speak, and make it more difficult for malicious actors to launch an attack by significantly reducing the threat landscape.

These are just some of the key insights in Secure Connections’ upcoming report, “Cybersecurity in the Philippines: Global Context and Local Challenges.”

The first comprehensive review of the country’s cybersecurity posture, the report is set against the context of a rapidly changing global order, its emerging risks, and the evolving challenges of accelerated digitalization. It puts forward the following recommendations for promoting cybersecurity:

Create greater awareness of the global and local cybersecurity context and threat landscape. Examining the experience of other countries can provide insights for the Philippines’ own position.

Generate and analyze local data on cybersecurity practices and incidents on a sectoral level. Data on cyber incidents from sectoral computer emergency response teams or CERTs can be very valuable in identifying various threats, formulating solutions, and putting preventive measures in place.

Adopt a policy on minimum information security standards to protect critical information infrastructure and public institutions. Set a baseline for a proper response to cyber threats and risks, especially for entities that own, operate, or maintain the ICT systems of critical infrastructure. This will also promote transparency and accountability when cyber incidents occur.

Develop a cybersecurity culture. Raise awareness on all fronts, support training and capacity building for cybersecurity talent, and instill cybersecurity as a way of life through educational institutions. This promotes a shared sense of responsibility, where people play their part.

Nurture an environment of cooperation and information sharing on cyber threats and best practices. Cyberattacks do not recognize borders or boundaries. Hence, local and international communities should exchange information that can help respond to, or prevent, cyber incidents. Remember—an incident for one can be a lesson for another.

These recommendations, if adopted, will help achieve a level of cybersecurity herd immunity, such that we can live with and enjoy the benefits of a digitalized world, despite the looming threats and risks.

——————

Angelo Gutierrez and Grace Mirandilla-Santos are part of Secure Connections, a cybersecurity initiative of The Asia Foundation-Philippines, and coauthors of the report “Cybersecurity in the Philippines: Global Context and Local Challenges,” which will be launched on March 15, 2022. The views expressed in this article do not necessarily reflect that of The Asia Foundation.

Read more...