In a telling 2022 report, Kroll, an independent provider of risk and financial advisory solutions, claimed that 75% of organizations in the Philippines have experienced some form of notable "cyber incident," which is much higher than the APAC average of 59%.
Cyberattacks are attempts to steal, illegally expose or destroy another's assets through unauthorized access to its computer systems. Such malfeasance can be conducted by individuals, groups or organizations alike.
Among the most significant concerns among organizations in the Philippines were data loss (70%), intellectual property (60%), business interruption due to cyberattacks (also 60%) and regulatory fines (29%).
Status of Cyberattacks in the Philippines
The Philippines ranked second among countries with the most cyberattack incidents worldwide in 2022, largely due to the increased use of social media or digital platforms during the coronavirus pandemic, cybersecurity company Kaspersky said.
"We have seen how adversity, such as the pandemic, hastened the digital transformation among local businesses and customers alike. In the same vein, cybercriminals saw it as an opportunity to take advantage of the cybersecurity weaknesses of those jumping on the digital wave," Chris Connell, Kaspersky managing director for Asia Pacific, added.
Kaspersky Security Network showed the 2022 global ranking, which was topped by Mongolia at 51.1%, followed by the Philippines at 49.8% — up two spots from the year before. The ranking was based on the number of web-based cyber threats detected and blocked by Kaspersky products.
For the first half of 2022 alone, Kaspersky products found almost 14 million threats from users in the Philippines. Though mobile malware attacks dropped from 2019 to 2021 by 69%, there were indications that Trojans were injected into third-party ad modules on top of new Trojan discoveries.
According to Department of Information and Communications Technology (DICT) Assistant Secretary Jeffrey Ian Dy, almost half of the recorded "high level cyberattacks" were systems and networks of government agencies and emergency response teams.
Actions Against Cyberattacks
The DICT Acting Secretary, Emmanuel Rey R. Caintic, previously announced that there is still a lot of work to do to strengthen the country's defenses against cyber threats and attacks. "Rome wasn't built in a day," he lamented in one such virtual interview.
Of the five levels of maturity in cybersecurity, Caintic believed that the Philippines is still at level 1 in terms of awareness, communication and cybersecurity expertise. DICT aims to reach maturity level 5, or the "resilient enterprise" level, in the next several years.
Last year, the DICT announced a budget of up to P600 million intended for cybersecurity, which was bigger than the previous budget of P300 million. Among the government's proposed plans was to upgrade the Security Operations Center (SOC), which was acquired in 2019.
Meanwhile, President Ferdinand R. Marcos Jr. recently welcomed the signing of the memorandum of understanding (MoU) between the National Grid Corporation of the Philippines (NGCP) and the National Intelligence Coordinating Agency (NICA), emphasizing its importance in fending off cyberattacks on energy infrastructure.
The signing demonstrated the country’s continuing effort to protect itself against any cyberattack, Marcos said during the event held at Malacañang Palace. "Since NGCP is a critical part of our security of our ability to continue to function as a society, then this is an important day because now we have made more robust the defenses against any possible attacks on our power systems," he stated.
NICA's task is to integrate collected intelligence information from various government instrumentalities, analyze and assess the data, and recommend actions to safeguard NGCP's transmission assets. At the same time, the NGCP can share information on energy-related security issues and provide technical advice to the NICA.
