Having a large social media-savvy population with lack of data protection mechanisms makes the Philippines extremely vulnerable to cyber-attacks and incidents. Moreover, the COVID-19 has aided in increasing reliance on digital channels. This has also attracted bad actors as online scams have increased.

Cybercrime is now a major concern for companies of all sizes, from brand new start-ups to established international corporations, and data has become a vital resource that “black hat” hackers (BHHs) use to gain something, primarily financial benefit. Consequently, these attacks on numerous companies worldwide have resulted in losses totaling millions of dollars and are expected to cost trillions in the future.

In a report released by OpenGov Asia, for example, it says that a UK-based cybersecurity firm found that Philippine organizations have spent an average of $820,000 (approximately P40 million) to recover from these attacks – costs that cover the ransom paid, and the costs incurred by the downtime.

Moreover, based on Cisco’s Security Outcomes Study, companies in the Philippines need to refresh the technologies and solutions in their cybersecurity infrastructure as more than a third of the cybersecurity technologies they use are considered outdated, a new study by Cisco showed. Findings showed 35 percent of cybersecurity technologies used by Philippine companies were considered outdated by security and privacy professionals working at these organizations. Cisco further said that 52 percent of the respondents from the Philippines also consider their cybersecurity infrastructure as complex.

These incidents and shortcomings, however, have pushed businesses in the Philippines and all over the world to be more vigilant, reevaluate their viewpoints on the importance of ethical hacking, and reconsider their cybersecurity strategies. With trends showing that cybercrime and cyber-related incidents are on the rise, trained professionals are the need of the hour. Sadly, there aren’t enough cybersecurity professionals to meet the demand, with 2.046 million vacancies unfilled in Asia alone.

The National Cybersecurity Strategy Framework

According to the National Cybersecurity Strategy Framework, the Department of Information and Communications Technology (DICT), through its attached agency — the Cybercrime Investigation and Coordination Centre (CICC), will be responsible to institutionalize the adoption and integration of Information Security Governance and Risk Management approaches.

These globally recognized standards shall provide the government a systematic and methodical practice of ensuring the protection of our mission critical and non-critical infostructure. The government shall build up its capability and capacity for quick response and recovery through the establishment of the National Computer Emergency Response Team (NCERT). The CICC, on its part, has the vision to be manned by professional and dedicated personnel, fully equipped with knowledge, skills, and tools for a cyber-safe Philippines by 2025.

The DICT is mandated to “ensure the rights of individuals to privacy and confidentiality of their personal information; ensure the security of critical ICT infrastructures including information assets of the government, individuals and businesses; and provide oversight over agencies governing and regulating the ICT sector and ensure consumer protection and welfare, data privacy and security, foster competition and the growth of the ICT sector.”

One of the priority areas that the Department is the formulation of the National Cybersecurity Plan 2022 to address the urgency to protect the nation’s Critical Infostructures, Government Networks both Public and Military, Small Medium Enterprises to Large Businesses, Corporations and its supply chains and every Filipino using the internet. The primary goals of this Plan are as follows:

• assuring the continuous operation of our nation’s critical infostructures, public and military networks;
• implementing cyber resiliency measures to enhance our ability to respond to threats before, during and after attacks;
• effective coordination with law enforcement agencies; and
• a cybersecurity educated society.

Learn more about it here.