CYBER felons are here to stay, unless both the public and private sectors work together to protect the cyber landscape in the Philippines from their unscrupulous activities on the web.
Based on Fortinet’s commissioned survey on the state of Security Operations (SecOps) in the Asia-Pacific region that IDC conducted from October to November 2023, phishing and ransomware are the topmost cyber threats in the Philippines, with over 50 percent of organizations ranking them as their biggest concerns. Other risks are identity theft, patching vulnerabilities, and insider threats.
Phishing, which is getting people to click on a link, install an application or open a document, will lead to a ransomware attack or an identity theft, Fortinet Vice President for Marketing and Communications in Asia, Australia and New Zealand Rashish Pandey said in a media briefing on January 16.
Ransomware, he noted, is a threat vector that has evolved further in the last couple of years. In fact, the study revealed that it has actually doubled nationwide, with 56 percent of organizations reporting at least a doubling of incidents from 2022 to 2023.
“What we are seeing now is [that] even if you pay the money, they will extricate the data and sell it outside, or even if you pay the money, they will not give you the data; they’re just deleted,” he said of how ransomware companies are now acting like large organized crime syndicates that even offer the so-called ransomware-as-a-service for a few hundred dollars. “These organizations are so big. Some of them have more than a billion dollars in revenue in a year.”
Besides phishing and malware, other significant vectors include social engineering attacks, Internet of Things vulnerabilities, and insider threats. Eight of 10, or 82 percent of the respondents, feel that remote work has led to an increase in the latter’s cases. The top executive attributed this to insufficient training, lack of employee care, and inadequate communication.
Impact of new innovations, security teams shortage
WHILE emerging technologies have promising benefits, he warned that they also have an effect on cybersecurity if “exploited by the threat actors.” Hybrid work, artificial intelligence (AI), and information technology/operational technology (IT/OT) system convergence pose significant challenges. Cloud technology adoption emerges as a main problem, affecting organizational vulnerability to web threats.
Online threats may be alarming, yet there are not enough people dedicated to cybersecurity to provide an effective response. This is evident in the study that shows only 50 percent of businesses have dedicated IT resources for security teams.
Apart from talent shortage, what’s concerning is that 92 percent of participants find it challenging to keep their team’s skills up to date with the rapidly changing threat landscape. Hence, they prioritize the ability to automate (62 percent) as a key skill for Security Operations Center teams, along with the ability to multi-task and have critical thinking, as well as the right set of certifications.
Automation to the rescue
NOT depending much on manual labor, 94 percent said that they have adopted automation and orchestration tools in their SecOps. Notably, around 92 percent have experienced significant productivity gains, with at least 25 percent improvement in incident detection times attributed to automation.
Preparedness-wise, almost half or 48 percent of the engaged organizations express concerns about being under-equipped to contain risks. On average, more than 50 percent said they get about 220 incidents daily. Alarmingly, three out of four do not conduct regular risk assessments, thus worsening the challenge of timely detection. The top five alerts the SecOps teams face are suspicious e-mails, malware detections, suspicious user behavior, account lockouts, and multiple failed login attempts.
“In the Philippines, there’s only one security professional for 195 employees. This professional has to manage on an average about 44 incidents a day. And it takes about 11 minutes to deal with each alert,” Pandey cited. “And what makes it worse is that almost a quarter [74 percent] of them have looked to at least 25 percent of the alerts that are false positives. We are talking about two, three hours of the day just dealing with noncritical or false positive alerts.”
More than four-fifths or 82 percent of teams take more than 15 minutes to validate an alert, highlighting the need for automation. Apparently, 100 percent of organizations all over the country plan to implement automation and orchestration tools within the next 12 months. The research, likewise, highlights that 70.7 percent prioritize faster threat detection, as 58.5 percent aim to increase overall threat detection capabilities via automation.
Meanwhile, 50 percent said that the top areas for automation include maximizing visibility, automated responses, and threat intelligence, and optimizing the operational efficiency of existing security resources and intelligence. The top five priorities include boosting network and endpoint security, empowering staff cyber awareness, elevating threat hunting and response, updating critical systems, and performing security audits.
The 2023 Fortinet-IDC Asia Pacific SecOps survey engaged 550 cybersecurity leaders across 11 markets in the region, including 50 from the Philippines.
Costly, widespread breach
APPARENTLY, with reports on the spate of cyber attacks that recently compromised some government agencies’ portals and private companies’ infrastructure, the Philippines is seemed to be constantly confronted by this costly challenge moving forward.
Fortinet reported in May 2023 that the cost for each security breach in the country was at a whopping $1 million or P55 million.
“The average cost, I think, it’s roughly around the same amount [this year],” Pandey said when pressed on the economic impact of cybersecurity infringement. “What we are seeing, though, is [that] the frequency of those attacks is increasing. So it may not be [a case of you being] breached two times or three times in a year. It could be five times, eight times, 10 times in a year. So the overall volume of the cost of remediation goes up, and it also depends on the nature and the sophistication of how well they are progressing.”
This is where cybersecurity providers like Fortinet come in. The company serves thousands of customers from across all verticals in the Philippines. It has the biggest market share when it comes to security solutions deployed on various industries like government, retail, financial services institutions, and service providers, among others.
“Our job is to make sure that with automation and AI, we can lower the cost [of remediation],” said the regional marketing and communications officer of Fortinet.
On average, the company sees millions of attacks being received in the Philippines every day. Based on its data in the third quarter of 2023, it stops a mean of 16 million viruses, botnets and exploits from entering into its customers’ infrastructures daily. A third-party organization gives the firm up to 90 percent success rate in stopping malware.
Industry analyst Virus Bulletin, likewise, ranked it among the top vendors that have the least number of false positives.
Pressed on how to hack-proof one’s organization, he recommended the concept called “defense in depth,” which means not just relying on one but multiple layers of protection built in. With this, even if a threat actor gets into one side, it can be blocked from other layers without causing much damage to the whole system.
Knowing that “the threat landscape and the tactics for the Philippines are changing very, very rapidly in our industry,” Pandey stressed that it’s “an ongoing process that we need to be more secured than we were yesterday. We need to be more advanced than we were yesterday to stop those threats.”
Since they have been leveraging on AI and machine learning for the past decade, Fortinet Philippines Senior Manager for Systems Engineering Nap Castillo assured their existing and potential clients that they will keep on improving their offerings to help shield them and the entire country from cyber attacks henceforth.
“With over decades of machine learning, artificial intelligence, data gathering and processing, we are able to provide a more improved security posture to our customers. We are committed to continuously innovate this security functionality and inspection to make sure that we improve it further and the solution is accurate, as well as able to address the different limitations that have been encountered in the past,” he stressed.