Cybersecurity firm Palo Alto Networks held a media briefing on Wednesday, Sept. 20, to discuss its recently released 2023 State of Cybersecurity Asean Report, which showed that Philippine organizations weathered the highest number of disruptive attacks across Southeast Asia (SEA) last year.
Only Malaysia matched the Philippines, with 29 percent of local organizations in both countries experiencing a 50 percent or more spike in incidents since the previous year. In the Philippines, 51 percent of businesses also feel that they are at high risk from cybersecurity threats.
The report noted that Filipino enterprises’ intensifying dependence on cloud-based services and applications, as well as the growing pains for managing different modes of work, are the root of their cybersecurity challenges.
Fifty percent of local businesses attested that increased digital transactions exposed them to more cyber-risks and 49 percent stated that more risks arose from personal devices or home networks accessing corporate networks.
The specific cyberattacks that most concerned the Philippine corporations were malware (66%), phishing and spear phishing attacks (63%), and password attacks (56%).
On top of these cyberattacks, Palo Alto Networks drew attention to an emerging threat related to the accelerating trend of combining Information Technology (IT) and Operational Technology (OT) teams. In their report, the company found that 75% of Filipino organizations had their IT and OT teams working together.
While a unified IT and OT team ideally improves companies’ security posture and promotes quicker responses, each respective system requires employees trained in specialized skillsets and different technologies.
A fact that some companies have not yet realized when they assemble their team exclusively from IT professionals, which may leave their OT systems open to bad actors.
“The expertise and the tool sets to manage [both] OT and IOT devices is a very new area of focus… This is going to be a growing concern. We’re starting to see more types of attacks in this area because of the lack of focus, coverage and or IT teams not having the expertise to manage OT,” Steven Scheurmann, Palo Alto Networks regional vice president for Asean, explained during the briefing.
The new vulnerability is especially worrying for the Philippines since comparatively few of the nation’s companies are working to address it.
According to the report, only 36 percent of Filipino companies are developing strategies for IT/OT security and adjusting existing cybersecurity defenses to secure IT/OT, which is the lowest percentage in SE Asia.
Despite the increasing number of attacks and discovery of new vulnerabilities, the report found that Filipino organizations are among the most optimistic in the region, with 90% of local organizations confident in their security measures.
Where does this confidence come from? Companies feel that they are investing significant amounts of time, attention, and money to cybersecurity concerns.
Among the actions taken to address threats over the past year, 44 percent of Filipino organizations implemented cloud security adoption, 44 percent installed identity and access management, and 41 percent enacted a security orchestration, automation, and response strategy.
Fifty four percent of Philippine organizations are also planning to integrate AI over the next two years to mitigate cybersecurity risks.
Furthermore, 56% of local organizations shared that cybersecurity is discussed at a board level monthly and 68% of Filipino businesses have increased their cybersecurity budget.
Forty four percent of Philippine organizations also recognize that need to procure a broader range of cybersecurity solutions to adapt to the developing cybersecurity environment.
The report, though, noted large organizations are the most confident. The country’s small and medium sized enterprises (SMEs) feel relatively less able to meet cybersecurity challenges due to limited budgets and less skilled in-house cybersecurity personnel.
“In many parts of Asean, including the Philippines, SMEs form the backbone of our economies. It is imperative for them to update their security capabilities, and an actionable incident response plan is the first step towards redefining their security strategy, along with a greater emphasis on automation of existing cybersecurity processes to foster resilience and confidence,” Scheurmann advised.
“It is great to see the confidence across Asean and in the Philippines in their security measures” added Oscar Visaya, Palo Alto Networks country manager for the Philippines.
“However, confidence must be coupled with caution. Taking a proactive approach to cybersecurity is the need of the hour, which will need an all-hands-on-deck initiative with active participation from everyone within the organization.”
The report surveyed 500 corporate IT decision-makers and business leaders across key industries in SE Asia, with 100 respondents each from the Philippines, Singapore, Malaysia, Indonesia, and Thailand. Data gathering took place in April 2023.
