Most important for cybersecurity is the human factor
by Patricia B. Mirasol, Producer
Experts highlighted the importance of the human factor in combatting cyberthreats in an October 9 forum by P&A Grant Thornton, a professional services firm.
Social engineering (the use of deception to manipulate people into giving away private information) is as potent now as it was back in 2000 when he was a black hat, Leonard B. Duque, CIO of the company’s technology solutions group, said.
“It’s still the number one entry of cyberattacks,” he said.
Human error is cybersecurity’s bane, according to Mr. Duque.
“When employees ignore your guidance and click on links, those are human-based mistakes… When upper management doesn’t prioritize cybersecurity, that’s a human decision,” he added.
According to a 2023 workforce study by ISC2, a non-profit organization for cybersecurity professionals, the top three skills gaps at an organization are cloud computing security (35%), artificial intelligence/machine learning (32%), zero trust implementation (29%).
Artificial intelligence (AI) is already the fastest growing technology in history, according to Alexis C. Bernardino, field CISO and head of enterprise consulting practices at PLDT Enterprise.
“It took the Internet 23 years to reach 1 billion users. It will only take AI 7 years to reach the same number,” he said.
“With that adoption,” he added, “the attack surface will increase.”
Most of the cyberthreats identified in 2022 by the European Union Agency for Cybersecurity (ENISA) are related to AI, Jeffrey Ian C. Dy, undersecretary for the Department of Information and Communications Technology (DICT), noted in the same event.
That said, “no firewall is stronger than a workforce trained to think critically, adapt rapidly, and respond decisively.”
Even end-users have to be concerned, Mr. Dy said.
“The number one identified threat identified by ENISA is supply chain compromise, [yet] cybersecurity can’t just be the vendor’s responsibility,” he said.
“We’re trying to get legislation onboard such that it also becomes your concern,” he told the event audience.
Mr. Dy added that the DICT is collaborating with social media platforms to implement automatic information labeling. The initiative aims to improve public understanding and surface “verified sources of truth.”
Human-centricity is the trend in security design practices in 2024, according to findings by Gartner, Inc., a research and consulting firm.
By 2027, 50% of large enterprise CISOs will have adopted such an approach, the research showed.
“In the early 2010s, the focus was on technical implementation,” Mr. Duque said. “The catalyst for the security awareness shift was COVID.”
Think of it as a shared responsibility, advised Mr. Bernardino.
“Ang trabaho po natin is pahirapan ang buhay nung [Our role is to make it hard for the] hacker to be able to exfiltrate data,” he said.
“If employees are made aware, they could be the first line of defense and force multiplier in cybersecurity,” he added.
The Philippines has an overall score of 93.49 – up from 77 in 2020 – in the Global Cybersecurity Index of 2024. The area where the country most improved is in workforce capabilities.