Filipino firms find cybersecurity measures daunting
PHILIPPINE businesses are reluctant to adopt advanced cybersecurity because they find it “complex and daunting,” according to Yondu, Inc.
This reluctance is why 99% of Filipino companies could not defend themselves from cyberattacks, the Globe Telecom, Inc. unit said in a statement.
Businesses should overcome this hesitation and be more proactive, said Dennis S. Sanchez, Yondu’s chief information security officer.
“Stay informed about the latest threats,” he said. “Understand what hackers are doing and apply those methods to your own defenses. Instead of just waiting for attacks, you should test your own systems and use up-to-date techniques.”
Cisco’s Cybersecurity Readiness Index for 2024 found that only 1% of organizations in the Philippines could ward off modern cybersecurity risks, compared with 3% globally.
Intelligence sharing between the private and public sectors can help improve everyone’s cybersecurity acumen, Information and Communications Technology Assistant Secretary Renato A. Paraiso told a BusinessWorld Insights event on June 25.
“That should be the focus of collaboration — voluntary information sharing [by] providing a safe space for everyone to improve their cybersecurity capacity through the experience of everyone else,” he said. “If we mandate it, it becomes regulatory. It’s counterproductive.”
Organizations can contribute to a safe cyberspace by following the law, said Aubin Arn R. Nieva, director of data security and compliance office at the National Privacy Commission (NPC).
“In case of a breach, you have 72 hours to report it to the NPC, and then you have the obligation to notify data subjects that their data have been breached,” he said. “If corporations do not comply with that, are they not ruining the policies that are there to govern for good measure?”
Know the importance of how to respond to a breach, Alexis Bernardino, field chief information security officer and head of enterprise consulting practices at PLDT Enterprise, said.
“In the event of a successful cyberbreach, it is not only the operational disruption that is catastrophic but also the reputational damage,” he told the June 25 event. “You cannot put a monetary value on that.” — Patricia B. Mirasol