Fortifying our cybersecurity posture

When we say defense these days, we do not just refer to the physical space—the land, sea, and air in our territory.

Digital Defense Report 2023, released by Microsoft last month, found that a Chinese state-sponsored actor, Raspberry Typhoon, has been showing sustained interest in the South China Sea amid growing tensions in the area. The group has been targeting government agencies in charge of trade, intelligence, and finance, as well as military and corporate entities associated with critical infrastructure such as information and communication systems, power grids, and transportation networks. It has been conducting its attacks focused on countries surrounding the South China Sea.

But Raspberry Typhoon is just one of the numerous threats confronting us. Across the world, we often hear reports of hacks, data breaches, and cybercrime. In recent weeks, four government agencies—Philippine Health Insurance Corp., the Philippine Statistics Authority, the Senate, and the House of Representatives—have been attacked. These attacks undermine confidence in institutions and erode public trust by exposing sensitive and personal information managed by these institutions.

The truth is bad actors abound and are just waiting for the perfect opportunity to strike. They attack anyone who is conveniently vulnerable, and who has high stakes in their information systems.

Dutch cybersecurity firm SurfShark revealed in its Global Data Breach study that as of October 2023, the Philippines ranked 17th out of 250 countries in data breaches. Since 2004, at least 124 million accounts have been breached in the Philippines, accounting for 0.7 percent of the total global number.

Cybersecurity is a crucial parallel track of the administration’s digital transformation agenda. President Marcos has time and again said we should pursue a digitally-driven economic growth and conduct the affairs of government electronically. While efforts are being made toward this end, through the earnest collaboration of the public and private sectors, much is left to be desired when it comes to building and fortifying our cyber defense posture, not only for government and military agencies but also for private corporations and other institutions.

Government initiatives include the creation of a cyber command by the military in response to the increasing number of cyberattacks and attempts to hack their systems. The cyber command is aimed at developing the military’s cyber warfare capability. There also needs to be integration among different units assigned to manage the military’s information systems. Meanwhile, the Department of Information and Communications Technology (DICT) is appealing to the House to reinstate its proposed P300 million in confidential funds. Such funds, while controversial and superfluous in other agencies, are crucial to the DICT’s cybersecurity mandate. Secretary Ivan Uy said the reduction signals to cybercriminals that the Philippines will not have the capacity and resources to protect its cyberspace.

Another crucial solution is the hiring of cybersecurity experts when there is a dearth of professionals with more than two million unfilled cybersecurity posts in Asia alone. Cybersecurity hinges on the skill and expertise of the people who will execute these defensive measures. And then, adherence to the government’s Cloud First policy ensures a consistent structure for applying safety protocols on data access, storage, processing, and transmission in the cloud.

The Philippines also stands to gain from like-minded partners in the field of cybersecurity. For example, it was one of the topics discussed between Netherlands Foreign Minister Hanke Bruins Slot and our own Foreign Secretary Enrique Manalo during the former’s visit last week. United States Ambassador MaryKay Carlson stated that cybersecurity is central to US-PH relations, and in early October, Japan hosted the 16th Asean-Japan Cybersecurity Policy Meeting which aimed to enhance collaboration on cybersecurity among the Asean countries and Japan. We can always learn from the best practices of other countries and assess how these can be adopted in the Philippine context. I have on many occasions and statements called for greater investments in cybersecurity. Our efforts at digital transformation will only be as good as the breaches and attacks that we could block. Without a sound cybersecurity posture, all the digital technologies that we use will be risky and may become a gateway for devastating cyberattacks against our economic and national defense systems.

Dindo Manhit is founder and CEO of the Stratbase Group.

Read more...