MANILA, Philippines — In the last quarter of 2018, the Philippines GDP picked up to 6.8%. This year, it is forecasted by analysts to grow 7-8%.
“The Philippines GDP currently stands at about $305 billion. With our economy on a continuous upward growth trajectory, many of us remain optimistic in the business landscape of today,” said Vic Tria, first vice president for PLDT ALPHA, at the 30th Bankers Institute of the Philippines Inc. (BAIPHIL) Convention held last March at the Baguio Country Club.
Tria, however, cited a recent study by Frost and Sullivan for Microsoft, in which 1.1% of the GDP may be lost due to threats on cybersecurity.
This is equivalent to about $3.5 billion, an alarming amount that was revealed at the breakout session on cybersecurity and anti-fraud, wherein Tria served as the keynote speaker.
He added that rapid digitalization of industries has brought with it the prevalence of cyberattacks, making businesses vulnerable.
The most alarming and advanced cybersecurity threats come in many forms causing damage that may amount to trillions of dollars by 2021. Photo Release
According to the same study, 52% of medium to large enterprises — more than half of today’s top enterprises — have reported exposure to a cybersecurity incident, while others are uncertain. For large corporations, a data breach due can worth up to $7.5 million.
In the Philippines, Tria said that the most alarming and advanced cybersecurity threats can come in forms of data exfiltration and data corruption, unauthorized transfer of data to a foreign network, and tampering and/or sabotage of data.
These attacks cause the greatest impact that takes a very long time for any large organization to recover from.
It’s not a matter of what can be done in the aftermath, rather what can be done to prevent such catastrophic incident from happening.
Vigilance amid growing threat
The banking industry has always been at the forefront of cybersecurity, evolving constantly and leveraging on technology to ensure sensitive customer and financial data remain secure in an increasingly digital world.
These efforts should not be let up, seeing that the banking industry is the main target among hackers. In this regard, complacency may eventually lead to ruin.
Tria cited Cobalt, the cybercrime group suspected to have resurfaced following the arrest of its alleged leaders in March last year.
The infamous group was said to have targeted banks across 40 different countries, earning an overall estimate of EU10 million, and leaving as much as $1 billion worth of digital infrastructure in its wake.
Their main operation consists of a phishing campaign: emails containing malware were sent out to devices linking them to Cobalt’s servers. This allowed the group to monitor the internal network of a target bank, eventually gaining higher levels of access in its systems (including ATMs, card processing platforms, and SWIFT attacks)1.
The Cobalt case attests to the reality of these threats against the banking industry. Taking advantage of the same advancements in technology, they may spawn unfamiliar threats and attacks to target any vulnerability.
This now calls for a sound response system among organizations, which is where security operations center, or SOC, comes in.
A reliable vanguard
“A security operations center is usually defined as an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents with the aid of both technology and well-defined processes and procedures,” explained Tria.
The financial sector has grown familiar with SOCs with four main roles: 1. Full visibility into security incidents through 24x7 monitoring; 2. Accelerated response and recovery from attacks; 3. Investigation to prevent breaches from recurring; and 4. Reporting to provide the board and C-levels an accurate picture of the organization’s cybersecurity posture.
But even with SOCs, Tria revealed that businesses can still be disrupted by advanced cyberattacks, due mainly from struggling to effectively operate such systems.
What is needed, Tria said, is manpower equipped with the right skills and knowledge required to counter threats and security breaches.
Given this, banks and financial institutions are scrambling to build up those skills or rely on trusted security partners.
Another drastic step to fight cyberattacks was taken in August 2018. The Bangko Sentral ng Pilipinas proposed to shorten the reporting time of cybersecurity breaches from 10 days to just 48 hours.2 This urges banks to employ the right people, process and tools to determine advanced threats.
Because of this directive, the SOCs have gained a reputation in its capacity to boost organizations’ overall resilience strategy, in effect, delivering timely financial services while keeping confidential data from unauthorized access.
ePLDT takes up the gauntlet
Following the fundamental SOC model with a threat intelligence component on board, ePLDT introduces its own SOC practice.
Beyond building a SOC platform in its ISO 27001 certified data center and hiring and maintaining local expertise for its round-the-clock analysts and incident responders, ePLDT has also developed its own threat database.
It features intelligence gathered from open source, on top of commercial threat feeds that ePLDT partners with for knowledge sharing. Equally vital is its internal talent providing actual threat hunting in the dark web, as well as malware analysis.
“We built this platform because we recognize the need for this type of facility and expertise in the Philippines. We envisioned our SOC as a secure, reliable and most importantly, an affordable alternative to customers that want to secure their data,” Tria said.
The PLDT Group stands to be the country’s leading ICT and digital services provider serving more than 60 million fixed and wireless subscribers, and the preferred ICT partner among various industries in the enterprise and SME market.
Leading the charge to empower customers towards digital competence, the Group has continuously invested in modernizing its expansive fiber infrastructure and network facilities ready to serve and enable a truly smart and digital nation.
“Almost two decades ago, we put up our first data center in the Philippines to address the need for security and business continuity. Today, the PLDT Group now has 10 data centers across the archipelago. I’m very proud to say that PLDT has been among the primary enablers and technology partners of the country’s digital transformation journey,” Tria said.
From P58 billion last year, it has increased its CAPEX to P78 billion to enhance the development and expansion of its system.
PLDT has developed its slew of cybersecurity solutions to address the increase in global cyberattacks. Photo Release
More than that, it has developed its slew of cybersecurity solutions to address the increase in global cyberattacks specifically targeting industries like banking and finance, IT-BPM sector, content and media, retail and public sectors, among others.
“Personally, my team and I are always excited to join events such as this because it allows us to work hand in hand together in building a nation that’s not only economically sound but digitally inclusive and secure,” Tria said.
Given all this, PLDT remains committed to securing every organization and ensuring more growth and success.
1. Notorious cybercrime gang behind global bank hacking spree returns with new attack
2. BSP to adopt tighter cybersecurity reporting, The Philippine STAR, October 26, 2018