Implementing targeted cybersecurity strategies

By Anna Marie Pabellon

LAST week, news came out that a government-owned entity was hacked, compromising the personal data of employees and rendering online services inaccessible. An official of the Department of Information and Communications Technology (DICT) subsequently asked for a bigger cybersecurity budget for the affected office amid a growing number of digital threats. In the first eight months of this year alone, the DICT received 3,000 cyberattack reports.

Cyber threats will only grow in number and sophistication as we continue to expand our collective footprint in the digital world. While organizations — especially those that provide essential public services — are expected to have a holistic cyber incident and response program, no one is working with an inexhaustible budget.

In Deloitte's 2023 Global Future of Cyber Survey report, researchers noted that cybersecurity and compliance challenges differed by country and by region. The report was based on an analysis of more than 1,000 responses to the survey, which was conducted in the last quarter of 2022. For organizations with limited resources in a battle that is constantly escalating, having geo-specific insights could help with critical decisions.

Based on Deloitte's study, the Asia-Pacific (APAC) region saw the fewest number of cyber incidents while Europe, the Middle East and Africa (EMEA) saw the most. While this sounds like good news for organizations in the Philippines, it is important to note that being able to identify cyber incidents depends on the maturity of an organization's threat detection capabilities.

Asked about the potential threat actors they were most concerned about, nearly 40 percent of respondents across all three regions (the Americas, APAC and EMEA) pointed to cyber criminals and organized crime, followed by cyber terrorists and hacktivists. Outside of these, APAC respondents were most concerned with nation-state threat actors, highlighting the need for the government to strengthen its cybersecurity posture.

When it comes to the threats, tools, or techniques that represent the single biggest cybersecurity threat to their organization, respondents across all the regions identified phishing/malware/ransomware as their top concern, followed by denial-of-service attacks. A study by cybersecurity company Kaspersky found that in 2022, the Philippines ranked fifth among countries in Southeast Asia that experienced the most phishing attacks. A big chunk of these targeted users of delivery services which have become a staple of daily life in many parts of the Philippines.

As for the impact of these cyber incidents, respondents reported operational consequences as the most severe. This includes intellectual property theft, operational disruption, and the negative impact on talent recruitment and retention.

With these findings in mind, how can organizations make smart decisions around cyber strategies, spending, and capabilities to drive greater security?

Focus on threat detection, risk management and cyber incident response planning. Think of this as "an ounce of prevention is worth a pound of cure" in practice. Countries highly concerned about hidden malware threats, for example, can invest in network detection and intrusion monitoring tools that can spot signs of sophisticated incidents to minimize potential damage.

Sharpen focus on emerging technologies. While cyber threats are intensifying, the available technology for combating them is also rapidly improving. Using AI and machine learning, an organization can monitor large volumes of data for vulnerabilities, proactively preventing cyber incidents.

Secure the less obvious entry points. Leaders with security oversight need to keep in mind less obvious entry points to infrastructure and networks, such as routers that haven't been maintained or replaced for some time. For perpetrators, these are easy targets.

Focus on security by design principles. One strong argument for cloud technology adoption is that it greatly enhances an organization's resilience against cyber incidents. Cloud migration is one way to build security into technology and processes because it allows an organization to "containerize" data and enables tighter feedback loops.

Devise and implement response playbooks and scenario planning techniques. I was pleasantly surprised to see a local telco had chosen to highlight phishing awareness in its advertising. This is precisely the kind of effort that helps prevent bigger problems down the road. Giving employees cybersecurity training and making sure they are familiar with the organization's response program empowers them to be security assets, positioning the organization to better identify and prevent potential threats.

As of this writing, the hackers that targeted the government entity were still holding the worker data hostage — some have begun appearing on the dark web. However the issue gets resolved, I am certain the government office will have learned many hard lessons about its vulnerabilities. Let's hope those translate to targeted cybersecurity solutions that ensure this doesn't happen again.

As published in The Manila Times on 2 October 2023. Anna Marie Pabellon is the Risk Advisory Leader of Deloitte Philippines.