A September study by digital privacy firm Kaspersky found that cyberattacks in the Philippines almost doubled to 4.88 million cases from January to June, compared to only 2.46 million in the same period last year.
Data showing brute-force attacks vs users of Kaspersky solutions in the Philippines from January–June 2020 and January–June 2021. Table via Kaspersky.
Cyberattacks are inevitable, said AJ Dumanhug, chief information security officer of Secuna, a cybersecurity testing platform. In a recent cybersecurity webinar co-organized with the FinTech Philippines Association, he likened such attacks as an 8 out of 10 in terms of impact — “almost the same as natural disasters.”
Companies are vulnerable to cyberattacks because they aren’t concerned with cybersecurity, as evidenced by the absence of an information security officer dedicated to responding to such issues, he told BusinessWorld in an e-mail.
“Most of the time companies don’t have an allotted budget for this,” Mr. Dumanhug said. “They see cybersecurity as an item in the checklist [they need] to be compliant [with].”
The Philippines’ 2020 Global Cybersecurity Index score is 77, which places it at number 13 in the Asia Pacific region, right below Iran and a notch above Pakistan.
White hat hackers (WHHs) or ethical hackers are being touted as a means to improve the country’s cybersecurity measures.
In the Philippines, there exists a community of WHHs numbering almost 4000, Mr. Dumanhug told BusinessWorld.
“WHHs offer their service during their free time to find security flaws,” he said. “Most of them are already employed full time.”
The difference between black hat hackers and white hat hackers is their moral compass. The former finds flaws in a system to exploit these vulnerabilities, whereas the latter does the same so an organization can fix them.
“We incentivize WHHs for finding valid security vulnerability in our clients by paying the first hacker who finds those problems,” added Mr. Dumanhug.
There are over 3.1 million vacant positions in cybersecurity worldwide, a majority of which are in the Asia Pacific.
According to information security magazine CISOMAG, one reason for this lack of supply is a lack of understanding about what ethical hackers do. India, for instance, produces more ethical hackers than anywhere else in the world but ranks only 10th in the 2020 Global Cybersecurity Index.
India’s ethical hackers, CISOMAG said, earn millions protecting foreign corporations from cyberattacks, but “are largely ignored at home.” — Patricia B. Mirasol