IBPAP raises concerns on rising cyberthreats

CEBU, Philippines — The IT and Business Process Association of the Philippines (IBPAP) has voiced its concerns in light of the rising threat of cyberattacks aimed at critical information and communication technology (ICT) systems within the government.

?In a statement, IBPAP president and chief executive officer (CEO) Jack Madrid said the attack is a serious threat that requires immediate attention.

“IBPAP is deeply alarmed by these malicious acts, which not only jeopardize the operations of the IT-BPM industry but also the reputation of the Philippines as an attractive investment destination,” said Madrid.

According to Madrid, IBPAP recognizes the need to maintain a heightened state of alertness, recognizing the inherent risks from its dependence on digital technologies and systems that host substantial volumes of sensitive data.

The Philippine IT-BPM industry, which is projected to generate revenues of US$35.4 billion by the end of 2023, acknowledges that a successful cyberattack could potentially lead to substantial losses.

More importantly, the ramifications of cyberattacks extend beyond immediate financial losses. They can inflict lasting damage on businesses, leading to client attrition, reputational harm, and long-term financial implications, Madrid explained.

Given the vital contribution of technology and the IT-BPM industry to the economy, IBPAP urged the government to ensure that robust data privacy and cybersecurity laws are established to deter cyberattacks and threats across sectors.

“In this light, we recommend that the government: Approve and implement the National Cybersecurity Plan 2023-2028, which outlines the Philippines’ overall strategy in combating cyber threats that could cripple the economy and national security,” said Madrid.

Likewise, the group asked the government to certify as urgent the passage of the proposed Critical Information Infrastructure Protection Act, which provides a clear reporting mechanism and policy framework for public and private institutions in safeguarding the ICT systems of critical information infrastructures from cyber threats and attacks.

Amending the Cybercrime Law is also deemed critical in order to facilitate the legal proceedings against cybercrimes perpetrated by employees that damage the reputation of the Philippines IT-BPM and other industries.

“IBPAP has taken the lead in communicating the urgency of addressing fraud within our sector and the inability of our members to take legal action against culpable individuals due to constraints set by current laws and regulations. We are grateful to House Speaker Ferdinand Martin Romualdez, Representative Manuel Dalipe, Rep. Yedda Marie Romualdez, and Rep. Jude Acidre for filing House Bill No. 9261, amending the Cybercrime Prevention Act of 2012 in September,” added Madrid.

IBPAP advocates for public-private partnerships, calling for a cohesive approach to combat cyber threats.

Consistent with the Philippines IT-BPM Industry Roadmap 2028, IBPAP pledged to participate in partnerships and collaborations with industry stakeholders, government agencies, and cybersecurity organizations to exchange threat intelligence, and best practices, and cooperate on cybersecurity initiatives to create a safer Philippine cyberspace.

Amid the recent cyberattacks, the sector remains steadfast in promoting the recommendations outlined in the Philippine IT-BPM Industry Roadmap 2028 for countering cyber threats at the organizational level. These are:  Adopt a zero-trust approach: Implement a zero-trust architecture to ensure that no user or device is automatically trusted, and that verification is required at every step;  Invest in artificial intelligence (AI) and machine learning (ML)--led threat hunting: Utilize AI and ML technologies to proactively identify and mitigate potential threats;  Enhance threat intelligence capabilities: Develop robust threat intelligence capabilities to include monitoring and analyzing threat intelligence feeds, collaborating with peers in the sector, and leveraging threat intelligence platforms.

IBPAP also suggested that with the current threat, the government or any organization should strengthen cybersecurity skills—and address the cybersecurity skills gap by investing in training and upskilling programs for employees. Along this line, IBPAP urged organizations to implement strong data privacy and security measures, such as establishing policies and frameworks to protect sensitive data and ensure compliance with data privacy regulations.

A regular update and patch system should be kept in place, which means keeping all software, applications, and systems up to date with the latest security patches and updates.

Employees should also be well-educated on cybersecurity and best practices, making them well aware of the common cyber threats, like phishing attacks, password hygiene, and other best practices to ensure a security-conscious workforce.