IBPAP ‘deeply alarmed’ on hackings, urges gov’t to adopt security strategy

The recent surge in cyberattacks targeting the government’s critical information and communications technology (ICT) systems is a serious threat that requires immediate attention, the IT and Business Process Association of the Philippines (IBPAP) said in a statement.

Jack Madrid, president and CEO of IBPAP, further said that the organization is “deeply alarmed by these malicious acts, which not only jeopardize the operations of the IT-BPM industry but also the reputation of the Philippines as an attractive investment destination.”

The industry group said there is a need to maintain a heightened state of alertness, recognizing the inherent risks from its dependence on digital technologies and systems that host substantial volumes of sensitive data.

The Philippine IT-BPM industry, which is projected to generate revenues of $35.4 billion by the end of 2023, could potentially suffer substantial losses from cyberattacks, IBPAP said.

“More importantly, the ramifications of cyberattacks extend beyond immediate financial losses. They can inflict lasting damage on businesses, leading to client attrition, reputational harm, and long-term financial implications,” it said.

Amid the recent cyberattacks, the group cited the recommendations outlined in the Philippine IT-BPM Industry Roadmap 2028 for countering cyber threats at the organizational level:

1. Adopt a zero-trust approach: Implement a zero-trust architecture to ensure that no user or device is automatically trusted, and that verification is required at every step.
2. Invest in artificial intelligence (AI) and machine learning (ML)-led threat hunting: Utilize AI and ML technologies to proactively identify and mitigate potential threats.
3. Enhance threat intelligence capabilities: Develop robust threat intelligence capabilities to include monitoring and analyzing threat intelligence feeds, collaborating with peers in the sector, and leveraging threat intelligence platforms.
4. Strengthen cybersecurity skills: Address the cybersecurity skills gap by investing in training and upskilling programs for employees.
5. Implement strong data privacy and security measures: Establish policies and frameworks to protect sensitive data and ensure compliance with data privacy regulations.
6. Regularly update and patch systems: Keep all software, applications, and systems up to date with the latest security patches and updates. Regularly scan for vulnerabilities and apply necessary patches to mitigate potential risks.
7. Conduct regular security assessments: Perform regular security assessments and penetration testing to identify vulnerabilities and weaknesses in the organization’s infrastructure.
8. Educate employees on cybersecurity best practices: Conduct cybersecurity awareness training programs to educate employees about common cyber threats, phishing attacks, password hygiene, and other best practices to ensure a security-conscious workforce.
9. Establish incident response plans: Develop and regularly update incident response plans to effectively respond to and mitigate the impact of cyberattacks. This includes defining roles and responsibilities, establishing communication channels, and conducting regular drills and simulations to ensure preparedness.

“Given the vital contribution of technology and the IT-BPM industry to the economy, IBPAP urges the government to ensure that robust data privacy and cybersecurity laws are established to deter cyberattacks and threats across sectors,” it said.

The IBPAP further recommended that the government approve and implement the National Cybersecurity Plan 2023-2028, which outlines the Philippines’ overall strategy in combating cyber threats that could cripple the economy and national security.

The organization is also urging the government to certify as urgent the passage of the proposed Critical Information Infrastructure Protection Act, which provides a clear reporting mechanism and policy framework for public and private institutions in safeguarding the ICT systems of critical information infrastructures from cyber threats and attacks and amend the Cybercrime Law to facilitate the legal proceedings against cybercrimes perpetrated by employees that damage the reputation of Philippine IT-BPM and other industries.

The IBPAP further said it is advocating for public-private partnerships, calling for a cohesive approach to combat cyber threats and pledged to participate in partnerships and collaborations with industry stakeholders, government agencies, and cybersecurity organizations to exchange threat intelligence, best practices, and cooperate on cybersecurity initiatives to create a safer Philippine cyber space.