Survey: PH firms unmindful of nearly half of cyber threat alerts

Companies in Philippines do not address nearly half of the legitimate cyber threat alerts they receive, according to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study.

Cisco PH managing director Karrie Ilagan discussing the results of the survey

Among those surveyed, 42 percent say they receive more than 5,000 alerts each day. While companies in Philippines ranked the lowest in Southeast Asia among those receiving more than 5,000 alerts per day, the real challenge lies in what comes after the alert is received, and how many are actually investigated.

The study showed that on average just 50 percent of the alerts received are investigated by companies in Philippines. Of those investigated, on average, only 30 percent turn out to be legitimate, of which only 51 percent are acted upon and corrected.

This suggests that more work is needed to help companies and security professionals in Philippines to tackle the rapidly evolving cyber threat landscape.

The results of the study highlighted the scale of the challenge faced by the companies, with 79 percent of respondents saying their organization has suffered a breach in the past year.

Cyberattacks are also having a significant financial impact. Among those who suffered an attack in the past 12 months, 35 percent say it cost them $500,000 or more, while 25 percent say the cost was $1 million or more. This includes costs from lost revenue, loss of customers, and out of pocket expenses etc.

“In the Philippines, digital transformation has been a favorite theme for consumers, businesses, and the government. While we have seen many benefits from digital innovation and adoption, it is important to ensure that we have the right infrastructure, processes, and technologies in place that continue to enable and empower digital growth. The ability to tackle the cybersecurity threat is critical on that front,” said Karrie Ilagan, managing director for Philippines at Cisco.

“All stakeholders need to work together in a coordinated manner to achieve this. Businesses need to raise awareness about the issue, have proper processes in place and deploy the right technologies to help identify, block or address any attacks. We need strict regulations that deter malicious actors from taking the risk of launching such attacks. Finally, we need to develop local cybersecurity talent so we have the manpower to support the country’s digital drive in a sustainable manner,” she added.

Cyberattacks are starting to evolve from just targeting IT infrastructure to attacking operational infrastructure, intensifying the challenge for companies.

According to the survey, 19 percent of respondents say they have already seen cyberattacks on their operational infrastructure, 35 percent said they expect similar attacks to take place on them within the next one year.

Given the growing scale of cyber threats, respondents said they expect scrutiny of their security policies to increase over the next one year from all stakeholders, especially their customers who are keen to ensure their data is protected.

Among those surveyed, 76 percent say they expect increased scrutiny from customers. Privacy concerns are also delaying sales for the companies, with 66 percent of respondents saying such concerns are adding time to the sales cycle.

“When it comes to cyber security, it is no longer a case of a company needing to protect just its own IT infrastructure. Today, business partners, customers, and employees expect a company to keep their data secure,” said Stephen Dane, managing director of security for Asia-Pacific, Japan and China at Cisco.

“With stringent regulations like the European Union’s General Data Protection Regulation (GDPR) coming into force, the pressure on companies to have the right policies, technology and resources in place will only increase. Those who lag behind run the risk of not only facing high financial penalties, but also losing the trust of customers.”

The use of multiple vendors and products is making the challenge more complex. The study showed that 39 percent of surveyed organizations work with more than 10 security vendors, while 41 percent use more than 10 security products or solutions. This creates complexity and increases vulnerability, as having different security products, can lengthen the time to identify and contain a breach.

The study highlighted that companies are already facing this issue, with 97 percent of respondents saying they find it challenging to orchestrate multiple vendor alerts.

To put this in context, it is estimated that an almost instant detection of a cyber security breach within a large enterprise costs the business $433,000. If detection is delayed by more than a week, this figure triples to an average $1,204,000.

Comment on this post