Place cybersecurity high in this year’s agenda

2023 was a year of heightened cybersecurity risks, marked by high-profile incidents where government agencies became the targets of hacker groups.

In late September, the Philippine Health Insurance Corporation was at the center of the most significant cybersecurity breach in years, where the private information of at least 13 million members was affected.

Meanwhile, the Philippine National Police and the National Bureau of Investigation also weren’t safe from cyberattacks, with 1.2 million personal records at risk from a breach.

The Department of Science and Technology and the Philippine Statistics Authority also had their share of data breaches in 2023, wherein agency information may have been compromised.

Apart from these attacks on government agencies, unsuspecting organizations in and out of the country also fell victim to different hacking incidents.

Across the cybersecurity landscape, trends point to the prevalence of ransomware attacks and phishing and smishing (SMS or text message phishing) scams.

According to one cybersecurity publication, the frequency of ransomware in 2023 surpassed the combined numbers of 2021 and 2022. Additionally, as much as 72 percent of businesses worldwide face this cyberattack.

For phishing and smishing attacks, cybersecurity professionals are becoming common targets as keepers to vital points of access to the IT infrastructure of a business. In 2023, more than 70 percent were reportedly targeted by attempts, with 28 percent via text messages.

Jon Clairmond Siy, chief security officer of Shellsoft Technology Corporation, one of the top cybersecurity solutions consultants in the Philippines, pointed out that attacks will continue to rise as hackers find more supply chain vulnerabilities in an increasingly interconnected digital environment.

“It can take just one third-party supplier or service provider with a weakness in their IT infrastructure,” he cautioned. “Some threat actors can take advantage of these exposed systems as an opportunity to infiltrate more critical infrastructures.”

He extended the warning to micro, small, and medium enterprises that lack a more robust cybersecurity system due to their size and capabilities. “And with minimal cybersecurity awareness, they are also more vulnerable to phishing or smishing.”

As businesses put the finishing touches on their plans for the year, Siy expressed his hopes that increased efforts on cybersecurity would be on the agenda. His call resonated with President Ferdinand Marcos Jr.’s directive for the government, particularly the Department of Information and Communication, to strengthen cybersecurity efforts for public agencies.

“Beyond just awareness, we should all continue to augment cybersecurity capabilities when we can, always to be one step ahead of threat actors,” he added.

One of the best places to start, Siy explained, “is by assessing your organization’s digital infrastructure and the potential threats that your business is facing and promoting a stringent Cybersecurity culture in the workplace.”

“It’s important to regularly take stock of your capabilities to avoid being exposed and exploited,” he concluded.