By Edd K. Usman
Fighting the bad guys lurking in the internet is not easy, and this problem is aggravated by the fact that the Philippines does not cyber-security experts to fight these modern-day menace.
This is according to Craig Nielsen, managing director at McAfee Intel Security Southeast Asia (SEA), and Daryush Asjari, vice president at McAfee Intel Security Asia Pacific, who gave their insights recently on the dangers of the lack of cybersecurity.
Ashjari discussed in a presentation the “Philippines Cybersecurity Landscape” showing some of the incidents in the country in the past. Hacktivism, he said, is very active in the Philippines, citing the defacement of government websites in a number of instances, particularly against the Cybercrime Prevention Act of 2012″ and during the Comelec database breach.
Ashjari’s presentation showed that based on the 2014-2015 Cybercrime Report of the Office of Cybercrime of the Department of Justice (DOJ), cyberespionage attacks or theft of intellectual property theft is also rising.
Based on the report, there were was an average of 17 ransomware attacks a day in 2015, with 31 percent of attacks in recent years against small businesses, and 33 percent of 614 recorded cybercrime incidents directed against internet/ATM fraud and identity theft.
But the Intel Security exec’s main worry was that the Philippines has not enough Filipino IT security professionals to combat these attacks.
Ashjari said the Philippines only has 84 CISSP-certified professionals. CISSP means Certified Information Systems Security Professionals. In contrast, Indonesia has 107 CISSP-certified professionals, while Thailand has 189.
Furthermore, 40 of the CISSP-certified Filipinos are working in foreign countries, according to consulting firm Sinag Solutions.
Ashjari said in 2015, cybersecurity had a global tag price of $620 billion — money lost in thwarting cyber attacks and money gained by cyber criminals.
Ashjari suggested two ways for the government to build a better cybersecurity platform. “To me, the very first is awareness — create awareness within sectors, within different businesses, within different groups, on the reality of cybersecurity today,” he said.
The executive said providing guidance is the second method. ?The duty of the government is to guide businesses, maybe through adoption of policies and legislation, so they can guide different industries on how they can protect themselves against cyber threats,? he said.
Ashjari said various industries are concerned on their competencies and do not have the time nor the skills to ward off online threats. “They are not e-security specialists,” Ashjari emphasized.
He said what “governments can do is to educate and provide guidance… on how to protect themselves against cyber threats.”