‘Govt, banks need to invest

PHILIPPINE banks and the government may need to make additional investments to guard against possible cyberattacks, according to experts.

In its latest Global Cybersecurity Outlook 2023, the World Economic Forum (WEF) warned that geopolitical instability could pave the way for a “catastrophic cyberattack” in two years.

BPI Chief Economist Emilio S. Neri Jr. told BusinessMirror that ensuring that “minimum standards” such as having updated cybersecurity software are crucial investments for the public and private sectors.

“What’s crucial is how well local banks invest in their cyber security. Some minimum standards need to be met to keep our financial system safe,” Neri told this newspaper.

On Tuesday, President Ferdinand R. Marcos Jr. said his administration has stepped up efforts to establish a cybersecurity system, a crucial part of his administration’s push to digitalize the bureaucracy.

The President spoke in an open forum at the World Economic Forum (WEF) in Davos, where he touted the government’s digitalization initiative and improvements in bureaucratic efficiency. “The security has become a huge issue… that’s what we are trying to design now, a cybersecurity system for this sensitive information,” Marcos said.

Digital payments

In Manila, Managing Director of eManagement for Business and Marketing Services Jonathan Ravelas said the public sector must also invest by creating a framework to fight cyberattacks given that it is “pushing digital payments.”

Ravelas said the general public also cannot be passive bystanders in the fight against cyberattacks and cybercrime. Filipinos in general must employ “digital hygiene” practices. “More so there is a need to build a very strong defense for both govt and the banking sector as well as the general public,” Ravelas told BusinessMirror on Thursday.

“For us users, we need to ensure that we follow a strict hygiene of our digital practices. Such as when making digital transactions, ensure we are using our mobile/home networks and not on free wifi, as we are vulnerable,” he added.

Meanwhile, Bankers Association of the Philippines (BAP) President Antonio C. Moncupa Jr. told BusinessMirror that the Bangko Sentral ng Pilipinas and local banks have been aware and rolled out programs to fight cybercrimes and cyberattacks.

BSP, Moncupa said, has put in place the necessary framework and has ensured compliance with these regulations to promote cybersecurity.

Local banks have also helped create programs seeking to increase public awareness, share information security updates, and formalize tie up with law enforcement to guard against cybercrimes and cyberattacks.

The BSP recently partnered with the BAP and the Bank Marketing Association of the Philippines (BMAP) to fight cybercrime through the “Check-Protect-Report” (CPR) information drive to foster cyber hygiene among Filipinos.

The “Check” is about being careful when sharing information as legitimate banks and financial institutions (FIs) will only ask for personal data when they are contacted by their clients. (Full story: https://businessmirror.com.ph/2023/01/03/bsp-taps-bankers-to-promote-cybersecurity/)

“The BSP and the banks have always been aware that cybercrimes and cyberattacks are continuing threats.  Recognizing this, information security has always been on the top agenda of the banking industry,” Moncupa told this newspaper.

“I think continuing investments appropriate to the assessment of current and future situations is recognized and are being done. Do we need to add? I think we need to see first the ‘fine prints’ or the details and assess if the current assessment has changed,” he added.

Lessons in cybersecurity

Unionbank Chief Economist Ruben Carlo O. Asuncion, meanwhile, told BusinessMirror that recent “intense attacks” could provide a “wealth of lessons in cybersecurity” that can be followed by the government and the banking industry.

Asuncion added that recent digitalization efforts of the government as well as of ordinary Filipinops make cybercrime and cyberattacks “attractive for bad elements.” This means the cyber security risks are real and are here now.

“Cybersecurity has been the top priority of the banking sector and the National Government [NG] through regulators have been proactive in helping make the virtual world safer and conducive for expansion,” Asuncion said.

Economic losses

The threat of cybercrime and cyber attacks are real, especially for the Philippines where, according to Ateneo Policy Center Senior Economist Ronald U. Mendoza, it already affects up to three-quarters of businesses in the country.

Mendoza said these incidents include malware, phishing, and outright cyberattacks. These incidents cost businesses significant “economic losses, stemming from business interruptions, data loss [and concurrent loss of trust by consumers and users], and regulatory fines.”

There is “growing evidence abroad,” according to Mendoza, that cyber attacks can be part of attempts to weaken a nation’s national security as well as traceable to criminal organizations or even other state actors.

“As the Philippines ramps up its digitalization and connectivity investments envisioned in the PDP [Philippine Development Plan] 2023-2028, it is clear that we must also think of the security of these systems to continue to build citizens’ trust, facilitate commerce, transport and other systems, as well as ensure our broader national security,” Mendoza said.

Guarding against cyber threats is now crucial as more Filipinos and businesses are dependent on online platforms and systems, after the Covid-19 lockdowns accelerated digitalization in the Philippines and globally. Consumers purchased various products via online malls and paid via cashless transactions as they sheltered in place.

“Reforms like the national ID system and other investments in e-governance will likely intensify the reliance on these systems, along with the attendant challenges of protecting privacy and ensuring operational resilience to cyber attacks,” Mendoza said.

Based on the PDP 2023-2028, the Marcos administration aims to adopt a legal framework to strengthen cybersecurity and policies that promote information security measures.

These seek to protect the country’s information infrastructure and the ICT systems of public institutions, transportation, and electronic commerce transactions.

Part of these efforts is to implement the Financial Consumer Protection Act to enable financial regulators to address consumer complaints on cybercrimes and enforce sanctions against erring entities.

The government also seeks to establish secure e-payment systems and ensure consumer and supplier protection online to earn the trust and confidence of Filipinos on digitalization.

The Philippines also seeks to promote cybersecurity culture to increase awareness of the global and local cybersecurity context, including the threat landscape among employees, industry partners, and customers.

Cyber attacks

The WEF report said over 93 percent of cybersecurity experts and 86 percent of business leaders believe “a far-reaching, catastrophic cyber event is likely in the next two years” and there is a critical skills gap that is threatening societies and key infrastructure.

The report highlighted the need to address the shortage of talent and skilled experts. Some 34 percent of cybersecurity experts said they lacked some skills in their team, with 14 percent saying they lacked critical skills.

The problem is more pronounced in key sectors like energy utilities, where nearly 25 percent of cybersecurity experts said they lacked the necessary critical skills to protect their organizations’ operations.

Geopolitics is reshaping the legal, regulatory and technological environment. “As global instability increases cyber risk, this report calls for a renewed focus on cooperation. All stakeholders from public and private sectors who are responsible for our common digital infrastructure must work together to build security, resilience and trust,” said Jeremy Jurgens, Managing Director, World Economic Forum.

WEF said there is a need to expand the cybersecurity talent pool is needed to solve this problem. Several successful cybersecurity skills programmes are under way around the world, but many have difficulty scaling to large numbers. Greater cross-industry collaboration and public-private is needed to overcome this.

Despite challenges, organizations are improving cyber resilience, one of the key priorities of the World Economic Forum’s Centre for Cybersecurity.

The Global Cybersecurity Outlook 2023 findings were based on surveys, workshops and interviews with over 300 experts and C-suite executives. Half of the companies surveyed said the current landscape is making them re-evaluate the countries in which their organization does business.