Image

MAP Insights

Column in BUSINESSWORLD

Protect your business: Emerging strategies for Cyber-risk management

written by Ms. HELEN P. MACASAET - September 5, 2023

The ever-changing technology in a smart and data-centric digital landscape connects more Filipinos on advanced cyber spaces, making them vulnerable to cyber risks. More than a thousand cybersecurity incidents have happened and continuously pose threats to businesses, organizations, and consumers through SIM card scamming schemes, cloud exploitation, credential theft, and digital fraud attempts.

In an age where cyber threat actors become more advanced, creative, and sophisticated, leaders are expected to ensure that businesses are not only operating efficiently but also prepare for what is yet to come in a digital aspect. This means that employees must continue to validate their identity and credentials, and prove their level of access through a series of regular security checks and verification.

Another alarming problem in cybersecurity is the lack of knowledge on the prosecution side where most imprisoned cyber criminals were released and freely migrate to another illegal organization to harm digital consumers. Aside from this, with the pandemic opening the doors for work-from-home arrangements, it exposes employees to a non-secure home network and data breaches, especially when sites being visited from another device may be vulnerable to cybersecurity attacks.

Enterprises and tech giants, such as Facebook and Google, may have the most advanced network in cybersecurity perimeter of defenses, but a single phishing e-mail or message can access a consumer’s credentials and knock down these gates.

To extensively expand our knowledge, cybersecurity governance and building trust by championing cybersecurity were tackled in an insightful discussion with the Department of Information and Communications Technology (DICT) Secretary Ivan John E. Uy and GCash President and CEO Martha M. Sazon during the Management Association of the Philippines (MAP) – GCash ICT Summit on Aug. 22 at Shangri-La The Fort.

Secretary Uy urged CEOs and managers to adopt cybersecurity strategies and prop up standard security defenses for their companies’ most confidential information and infrastructure as these cyber threats may potentially damage critical data and may impact the economy if compromised.

Another element that plays a crucial role in cybersecurity governance is people. It is imperative that businesses must invest in nurturing and developing a skilled cybersecurity workforce. The DICT seeks to enhance cybersecurity resiliency by maximizing latent talent and skill through education, training, and other capacity-building initiatives.

These skills can go a long way as they will immediately increase the value proposition for locators to come to the Philippines and, eventually, the country may have the potential of becoming the cybersecurity outsourcing center of the world.

The DICT calls for a collaboration between the government and the private sector to form a holistic cybersecurity risk mitigation as the Department jump starts the operationalization of government computer emergency response teams with cyber threat advisories, real-time updates, and cybersecurity best practices.

In line with this, MAP President Dick Du-Baladad said that “a robust and effective cyber risk management strategy will certainly help us avoid substantial financial losses that we may incur from cyber-attacks and ensure that our business processes remain operational, even in the face of cyber threats.”

With fraudsters upgrading their tactics, companies need to be just as innovative with strategies and solutions. As to what GCash’s Marts Sazon has emphasized, “We need to be one step ahead of the bad guys to protect our users.”

Cyber crises will happen, and preparation must be always at close range. As a finance super app, GCash mandates trust and security and commits to the protection of its consumers through building a safe and secure platform, fostering industry partnerships, harnessing data and analytics, and empowering through customer education. These are the steps that GCash takes to protect its users, and which should also be taken as a framework for other companies as well.

Raising awareness is crucial for people to take their own cybersecurity more seriously as this will become a weapon against scammers roaming and infiltrating different media platforms that consumers regularly use. People tend to fall for these scams because of fear and believing in good-to-be-true schemes.

Cyber resiliency is a daunting ability and not an overnight acquired solution; several steps are needed to enhance this, and we all should start by understanding our business landscape through company assessment and knowing our digital assets while calculating the risks that come with it.

To strengthen our cyber resilience, everything should be seen at a national, company, and consumer level. We must ensure that our cyber investments are aligned and keep in mind the best practices we should utilize as digital players. We should leverage automation with precaution, adopt DevOps practices, and prioritize agility to stay one step ahead from these threats to protect our consumers.

The key cybersecurity-related risks that companies should watch out for include the 4Ps (people, process, policies, and protection). Protection tools available in the market should be utilized for us to understand the occurrence of huge risks, especially with cyber-attacks becoming more complex.

Through this, any public and private collaboration is considered as a best practice, for both sectors to exchange notes on the programs being initiated and how it will target the ecosystem that threatens cybersecurity.

There are a lot of points where the government and the private sector can partner up at, such as campaigning on platforms that consumers can tap once cybercrimes arise.

Filipinos do not shy away from technology; we embrace it, but we should also be cautious about what links we click and sites we visit. As consumers, we should assess and secure our digital assets and should not rely solely on the security of the apps we download and use.

Compliance does not equate to resiliency, but with developers putting extra effort in securing our shared information online, we should also do our part and be aware of the cyber risks we may come across in the digital world.

Cybersecurity is a shared responsibility as we can defend against a swarm of attacks if we work as a team. Our identity, information, and infrastructure are the most important assets of our life, let us not allow these cyber criminals steal them from us.

Helen P. Macasaet is the chair of the Management Association of the Philippines’ ICT Committee and an ICT consultant.