How Cybersecurity is Being Implemented in The Philippines?

How Cybersecurity is Being Implemented in The Philippines
How Cybersecurity is Being Implemented in The Philippines

Along with its large social media-savvy populace and lack of data protection safeguards, the Philippines is especially vulnerable to cyber-attacks and mishaps. Despite being ranked 30th in the world for e-security, the country outperforms the worldwide average by 20%, outperforming New Zealand, Australia, and one of the DQL leaders, South Korea.

Cybercrime is a significant threat for businesses of all sorts, from small start-ups to large multinational organizations. The threat is as evident as it is ever-present, with so many high-profile breaches in the recent decade. Furthermore, the COVID-19 has benefited in increasing reliance on digital channels, but it has also attracted bad actors as the number of online scams has grown.

Data has become a valuable resource that “black hat” hackers (BHHs) use for personal advantage, primarily monetary gain. Over the years, they have proven to be intelligent and inventive geniuses when it comes to hacking into a system. As a result, malicious attacks on a variety of major and small organizations around the world have cost millions of dollars and are likely to cost trillions in the future.

According to OpenGov Asia, a UK-based cybersecurity consultancy discovered that Philippine businesses have spent an average of $820,000 (about P40 million) to recover from these attacks – expenditures that include the ransom paid as well as the costs of downtime. The price is less than the $1.85 million global average. The global average is $170,404, with the largest amount recorded in the survey being $3.2 million.

Businesses all over the world have been more cautious as a result of these instances, rethinking their views on the relevance of ethical hacking and rethinking their cybersecurity policies. With statistics indicating that cybercrime and cyber-related offences are on the rise, trained professionals are in high demand. Despite this, there are insufficient cybersecurity workers to match demand, with 2.046 million job openings in Asia alone.

White Hat Hackers (WHHs), sometimes known as “good or ethical hackers,” are credited with improving the country’s cybersecurity defenses against this backdrop. Their skills are in great demand as Philippine businesses find themselves in the crosshairs of cyber adversaries hunting for and exploiting flaws in their IT systems.

The country’s cybersecurity testing platform had also revealed the country’s vulnerability to cyber threats. According to the CEO of a cybersecurity firm, the country’s national level of cyber risk is not the worst it might be, but it could be better. Although some countries have stronger cybersecurity, the Philippines is quickly learning and catching up.

“How can businesses become cyber-secure in this ever-changing digital environment, with escalating cyber threats in the Philippines?” “With the help of the cybersecurity community and a proactive, ongoing mindset toward data protection, we can assure a brighter future,” he stated.

He, too, sees WHHs as an agile and effective tool for detecting and reporting IT and digital weaknesses that expose companies to cyber-attacks. WHHs can assist firms in identifying vulnerabilities in their cyber security before they are found and exploited by criminals.

WHHs, or ethical hackers, are in high demand, with the global market for their services expected to hit $4.1 billion by 2027. This is especially relevant now, as remote working expands the attack surface for vulnerabilities while the Covid-19 pandemic continues.

The Department of Information and Communications Technology, through its attached agency, the Cybercrime Investigation and Coordination Centre, will be responsible for institutionalizing the adoption and integration of Information Security Governance and Risk Management approaches, according to the National Cybersecurity Strategy Framework (CICC).

CICC is in charge of all cybersecurity functions, including the development of the Philippines’ National Cybersecurity Plan, the formation of the National Computer Emergency Response Team (CERT), and the promotion of international cooperation on cybersecurity intelligence. By 2025, the CICC hopes to be staffed by competent and devoted employees who are fully equipped with knowledge, skills, and tools to ensure a cyber-safe Philippines.

The Philippines’ cyber security

Is it illegal to access third-party data without permission in this jurisdiction? Is it illegal to keep data that has been accessed without permission? Several regulations in the Philippines make it illegal to access third-party data without permission.

If a third party accesses and stores data without the owner’s permission, the access and storage may be considered a violation of the Cybercrime Prevention Act of 2012 (Republic Act No. 10175; “Cybercrime Act”), which punishes violations of the confidentiality, integrity, and availability of computer data and systems. Unauthorized access can be categorized as one of the following offences, depending on the nature and scope of the act committed:

  1. Illegal Access – Unauthorized access to the entire or any part of a computer system.
  2. Illegal Interception — Any non-public transfer of computer data to, from, or within a computer system intercepted by technical means without permission, including electromagnetic emissions from a computer system containing such computer data.

Data Interference is defined as the unauthorized change, destruction, deletion, or deterioration of computer data, electronic documents, or electronic data messages, as well as the introduction or transmission of viruses. Inputting, sending, damaging, deleting, degrading, changing, or suppressing computer data or program, electronic document, or electronic data communication without right or authority, including the introduction or transmission of viruses.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.