THE Bangko Sentral ng Pilipinas (BSP) is issuing new regulations on cybersecurity to ensure the banking industry’s preparedness against threats of sophisticated and more coordinated cyberattacks.
BSP Acting Deputy Director Melchor Plabasan said card skimming and phishing were largely the cybercrime incidents reported in the country. They are issuing regulations to improve cybersecurity and help the banks recover from cyberattacks and potential exposure to reputational risks.
“The cybersecurity is a pressing concern that needs to be addressed by banks. We are about to issue new regulations to improve the cybersecurity in the Philippines,” Plabasan said on the sidelines of the Cyber Security Summit on November 24.
“The BSP is issuing the Enhancement of Business Continuity Regulations to cover cyber resilience,” he told the BusinessMirror. Plabasan added the BSP would also be issuing social-media risk-management guidelines.
“When they engage in the social media, there should be policies and procedures to mitigate reputational risk that may arise in the social media. Even a minor incident can lead to something big, if it goes out on social media,” added Plabasan, who also heads the BSP Core Information Technology Specialist Group. Plabasan said while the number of cyberattack incidents has declined, monetary authorities need to stay vigilant on the new schemes used by cybercriminals. In August Plabasan was quoted in a news report as saying less than one in a hundred Filipinos are victimized by automated teller machine (ATM) fraud.
“There has been an improvement in the number of incidents, because some banks have partially migrated to EMV [Europay, MasterCard, Visa] compliant chip cards and a lot of banks were using sophisticated fraud detectors.”
He said they are in the process of consolidating the data on cybercrimes for 2014 to 2015, which will be submitted to the Monetary Board.
According to Information Security Officers Group (Isog) President Joey Regala, criminals in “spearheaded target attacks” knew the depositor’s password and other personal details to be able to hack the account.
“The latest findings we had is that cybercriminals use other country’s servers to make it appear that the incident happened in that country,” added Regala, who is also vice president and department head of United Coconut Planters Bank.
News of the BSP summit merely poked the Financials subindex at the Philippine Stock Exchange. The subindex managed to eke out small gain of 1.93 points to 1,543.
The benchmark index was slightly down at 3.59 points to 6,992.60.
But the dip coincided with a the regional downward sentiment. Most of the listed banking shares were down. Metropolitan Bank and Trust Co. was down P0.50 to P80.50, while Bank of the Philippine Islands declined P0.05 to P86. East West Bank dropped P0.02 to P18.94 and Security Bank Corp. fell P4.20 to P131.40.
BDO Unibank Inc., the country’s largest, rose P2.20 to P101.50 and Philippine National Bank gained P0.60 to P52.10.
Regala said the banking industry is beefing up its defense mechanism to prevent and detect cyber crimes.
“We have this Cyber Security Summit for the banks to know that, without our collaborations, we will not be able to defeat the enemy,” Regala said. “Our strategy keeps on changing as cyber frauds were becoming more sophisticated and well coordinated.”
But BSP Deputy Governor Nestor Espenilla Jr. said “if the banking industry would not collaborate with each other, their defenses are useless.”
Aside from investments in technology, Isog bank members were also calibrating their competencies, according to Regala.