PHL gov’t must boost pool of cybersecurity talent, beef up digital infrastructure to attract investors
THE PHILIPPINE GOVERNMENT needs to ramp up cybersecurity education and set up globally recognized training centers to grow its small pool of local cybersecurity talent, which will help boost the country’s resilience against cyberattacks to attract more foreign investors, according to analysts.
“We need to make cybersecurity a standard track in all universities,” Dominic Vincent D. Ligot, founder of Cirrolytix and artificial intelligence, technology, and research consultant for the Information Technology (IT) and Business Process Association of the Philippines, told BusinessWorld in an e-mail.
“This means industry expertise should be tapped by the academia — all of practical knowledge in cyber is outside school and we need to bring it back in.”
He said most of the country’s cybersecurity experts are trained outside of schools and are usually sponsored by companies that sell cybersecurity products.
“If the optic from local companies and the public sector is that cyberattacks include a heavy administrative burden, it starts to make other countries more attractive investment destinations,” Mr. Ligot said.
“In addition to a talented labor pool, we need to show our infrastructure and enforcement mechanisms are solid.”
In 2022, the Philippines only had about 200 cybersecurity professionals compared to Singapore’s 2,000 experts, Department of Information Communications Technology Secretary (DICT) Ivan John E. Uy earlier said, noting that 80% of Filipino cyber experts work overseas.
Mr. Uy said cybersecurity experts in the private sector earn about P200,000 a month, while those in the government are only paid P50,000.
The Philippines needs more globally recognized cybersecurity certification programs to keep Filipino experts from taking their talents elsewhere, Allan S. Cabanlong, regional director for Southeast Asia at Global Forum on Cyber Expertise and a former DICT assistant secretary, said by telephone.
“We also need better talent-matching for our experts and boost demand for them since our certified professionals usually go abroad,” he said. “The problem is the government’s defense infrastructure is weak, and the monitoring and detection capabilities are not that good.”
“The government needs to institutionalize digital literacy in basic and secondary education, not just to educate students but also to trigger their interest in taking cybersecurity and other information technology-related courses,” Ronald B. Gustilo, national campaigner for Digital Pinoys, said in a Viber message.
According to Fortinet’s 2024 Global Cybersecurity Skills Gap Report released in August, 77% of organizations in the Philippines said the cybersecurity skills shortage creates additional risks for their organizations, with 94% of firms experiencing a breach in the past year.
The survey was conducted among 25 IT and cybersecurity decision makers in the Philippines from various industries like technology, manufacturing, and financial services.
“More organizations are increasingly linking security breaches to the cybersecurity skills gap, with 94% of organizations in the Philippines recognizing this issue, up from 92% in the last report. This emphasizes the urgent need for organizations in the Philippines to continue addressing the cybersecurity skills shortage to strengthen their security posture,” Alan Reyes, country manager at Fortinet Philippines, said in a statement.
“Our latest report shows that organizations are actively making efforts to bridge this gap, such as diversifying their candidate pools, which the Philippines is showing significant improvement. As organizations in the country continue this effort, they should also invest in training and certifications for their IT and security teams, educate employees about threats and best practices in cyberspace, and implement the right technologies to enhance resilience,” Mr. Reyes said.
The report showed that executives and boards of directors are increasingly prioritizing cybersecurity, with 80% of respondents saying their boards were more focused on security in 2023 than the year before and 94% saying board sees cybersecurity as a business priority.
More than 90% of respondents (94%) said they prefer to hire candidates who hold cybersecurity certifications, but 84% said it is difficult to find candidates with technology-focused certifications. Meanwhile, 98% of respondents said they would pay for an employee to obtain a cybersecurity certification.
“As the cyber workforce shortage persists, some organizations are diversifying their recruitment pools to include candidates whose credentials fall outside traditional backgrounds — such as a four-year degree in cybersecurity or a related field — to attract new talent and fill open roles. Shifting these hiring requirements can unlock new possibilities, especially if organizations are also willing to pay for certifications and training,” Fortinet Philippines said.
“The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises,” it added.
Meanwhile, Congress should also ensure that next year’s national budget would upgrade the cybersecurity defenses of government agencies, Mr. Gustilo added.
“There should be a clause that the funds will not be allocated for other purposes and can be replenished should the need for the improvement of cybersecurity infrastructure arise,” he said.
“Cyber readiness should be a line item in every agency’s budget for next year,” Cirrolytix’s Mr. Ligot added. “This should include an education and training budget for cyber, an engineering budget to make systems threat-ready, and enforcement mechanisms to incentivize readiness and penalize abuse.”
President Ferdinand R. Marcos, Jr. this year adopted the National Cybersecurity Plan (NCSP) 2023-2028 to help address the rising number of cyber threats in the Philippines. Crafted by the DICT, the NCSP 2023-2028 outlines the country’s policy direction and operational guidelines for a secure cyberspace.
Aside from NCSP, the DICT amended its Cloud First Policy in 2020 to provide “clearer directives on policy coverage, data classification, and data security.” This policy mandated government departments and agencies to prioritize cloud computing solutions.
In a congressional hearing in April, the DICT reported 282 cyberattacks against government organizations between January and March 2024, adding that 90% of these were resolved. It said 811 early-stage hacking attempts were detected and neutralized by the agency’s National Security Operations Center as of April. This translates to over 74% of total hacking attempts.
The DICT’s Project Security Operations and Network Analysis Research also scanned over 2,000 online assets, exposing 30,682 vulnerabilities.
According to the DICT, the Department of Transportation, the National Economic Development Authority, and the Philippine National Police-Information Technology Management Service are the agencies most frequently targeted by cyberattacks.
The Philippine National Police’s Anti-Cybercrime Group also reported that there were 4,469 cybercrime incidents in the country in the first quarter of 2024, up 21.84% from the previous three-month period.
Last year, the Philippine Health Insurance Corp. was hit by Medusa ransomware, with more than 600 gigabytes of data stolen by hackers.
“The Philippines is one of those countries that is being attacked very often.” Israel Ambassador to the Philippines Ilan Fluss told BusinessWorld in an interview. “If critical infrastructure in water supply, energy supply, banking systems are not protected properly, it could hurt these critical services that are crucial to your population.”
Tomer Heyvi, head of Israel’s economic mission to the Philippines, said Israel could help the Philippines enhance its cybersecurity defenses as many of its startups specializing in security software are looking to enter the country.
“We (Israel government) have a lot of knowledge in cybersecurity especially from military service applying tech in the civilian sphere,” he said. “If hackers are succeeding in some hacking attempts on different government websites, social media, I believe using these innovative technologies it would be beneficial for the Philippines.”
Dotan Sagi, chief executive officer of Israeli software development company Cinten, said the Philippines should invest in tech accelerators to train Filipinos in writing code and innovation.
“If the government invests in accelerators, hubs for young people that can work and understand the tech way of thinking and how to build a startup, it will be easier to work here,” he said. — John Victor D. Ordoñez