The recent hacking of several government agencies has highlighted once more the country’s vulnerability to cyber attacks amid intensifying tensions with China over conflicting claims in the West Philippine Sea.
According to United States cybersecurity firm Resecurity, there was a 325 percent jump in hacking and other digital intrusions targeting the Philippines in the first quarter of 2024, with neighboring China as main suspect.
Of particular concern to the country’s national security are the series of cyber attacks on the Philippine Coast Guard Facebook page in February and March, and the Department of Science and Technology (DOST) in April which compromised 2-terabyte worth of data, including research plans, designs, and schematics. The DOST was among the three government agencies that had a ransomware attack, along with the Philippine National Police and the Philippine Health Insurance Corp.
There were also attempts to break into the mailboxes of the Department of Information and Communications Technology, the website of National Coast Watch, and the personal website of President Marcos which, according to DICT spokesperson Renato Paraiso, were traced to hackers using the services of Chinese state-owned telecom company Unicom.
Fraudulent schemes
While government agencies are the usual targets of cyberattacks given the significant amount of sensitive information they handle, the PNP has noted that cyber criminals have also trained their sights on private corporations and the personal accounts of individuals using fraudulent schemes. According to the PNP, swindling, with 15,000 reported cases, remains the top online scam, followed by illegal access with 4,000 cases; identity theft, 2,000 cases, and credit card fraud, almost 2,000 cases.
Corporations and organizations in the Philippines usually spend some P55 million to resolve a single data breach and pay off ransom to regain access to their site, according to estimates by the cybersecurity firm Fortinet.
Cybersecurity firm Surfshark meanwhile reported that a staggering 124 million accounts in the Philippines had fallen victim to data breaches from 2004, making it the second most affected nation in Southeast Asia, surpassed only by Indonesia with 144 million breached accounts.
While the Philippines is currently working on a five-year cybersecurity strategy to beef up its cyber defense—with the military announcing last year that it would create a cyber command—industry analysts doubt that such plans would come to fruition. They point out that there is a huge shortage of skilled “cyber warriors” in the Philippines, hardly enough to fill up the need for tens of thousands of digital security professionals.
Massive labor export
The lack of expertise to fight off cyber attacks may be traced to the country’s lack of resources and lack of appreciation for cyber skills, which have resulted in a massive labor export or brain drain of cybersecurity experts lured by higher salaries offered abroad. After all, how can a monthly salary of between P40,000 and P90,000 compete with more lucrative offers, better working conditions, professional growth, and even a relocation package from overseas companies?
It doesn’t help that globally, the shortage of cybersecurity professionals has reached a record four million vacancies last year, with the gap growing fastest in developing countries, according to cybersecurity nonprofit ISC2.
Aside from skimpy salaries, the domestic shortage in the Philippines may also be linked to inadequate training opportunities, the lack of incentives to boost government recruitment on a national level, and the dearth of private universities and colleges that offer specific courses on cybersecurity.
Cyber warriors
The increase in cybersecurity threats has finally nudged the government to take steps to boost its recruitment of cyber defense experts and improve their training. In January, it launched a new set of cybersecurity standards that schools and training centers can use for their curriculum.For its part, companies can identify and nurture promising information technology students by partnering with schools and offering scholarships, on-the-job training, internship, and mentoring programs.
The data breaches have also alarmed lawmakers into pushing for a bigger budget for the DICT, with the agency providing access to realigned funds to effectively combat cyberattacks and trace perpetrators. Cybersecurity as a government priority should be reflected in how the budget is apportioned, several senators rightly pointed out.
While the shortage of talent is a huge challenge facing companies and government offices, the lack of cybersecurity experts could do the most damage. Without cyber warriors as gatekeepers, companies, individuals, and even the entire government machinery risk being exposed to data breaches, revenue loss, damage to one’s reputation, and compromised national security.