Amid hacking attacks, government needs to prioritize cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

THE rash of hacking raids on government websites has exposed a gaping hole in cybersecurity in the country that needs to be sealed before more sensitive data can leak out.

In quick succession, the official sites of the Department of Science and Technology (DoST), the Philippine Statistics Authority (PSA), the Philippine Health Insurance Corp. (PhilHealth), the Philippine National Police (PNP) and the House of Representatives have come under attack. In the worst case, ransomware was used to steal personal information on PhilHealth members.

None of the agencies was prepared to thwart the attacks because they do not have cybersecurity experts on their IT staff.

That is a serious problem, considering that 3,000 “high level” cyberattacks were recorded in the Philippines from 2020 to 2022, notes the Department of Information and Communications Technology (DICT).

Half of those attacked were systems and networks of government agencies and emergency response teams.

That comes as no surprise, since the Philippines ranked 4th in Kaspersky’s 2021 Security Network (KSN) report of global cybersecurity and digital privacy firms that had been hacked.

The Philippine Institute of Cyber Security Professionals (PICSPro) says Philippine firms spend millions to recover from ransomware attacks.

Even more distressing is the report by the United States Agency for International Development (USAid) that the poor ICT infrastructure in the Philippines is making business process outsourcing (BPO) companies operating here vulnerable to data breaches.

The study by the Reboot Digital PR agency that lists the Philippines as among the least cybersecure countries in Asia offers no consolation either.

IT experts blame the bleak perspective on the low priority given to cybersecurity as the government and private companies rushed to build up online operations during the Covid-19 pandemic.

DICT chief Ivan John Uy lamented that until now, some government offices treat cybersecurity as an afterthought. He likened the problem to “building a fire station or installing a sprinkler system only after several fires affect a community.”

Dominic Ligot, founder of Data Ethics PH, fully agrees with Uy.

The Data Privacy Act and the Anti-Cybercrime Law only take effect after a breach or a crime has happened, Ligot explained. “We need more rules and policies that are more preventive in nature, how do we set up structures and systems that look to monitor and detect breaches.”

A more proactive approach will help fortify existing firewalls, but it will work only if the government recruits experts to repel attempts to breach those firewalls and to quickly repair any damage done.

Ligot said that ideally, every government agency should have a rapid response team to handle cyber threats, “the same way we have fire marshals, for example.”

Government personnel must also be taught to be cybersecurity-conscious. “Sometimes weak passwords could be the culprit. If people are unable to secure their web servers with appropriate passwords any attacker can come in,” Ligot said.

Hack-proofing data systems entails “not just purely technology, it’s also people,” he added.

Recruiting for a government agency’s anti-hacking team is hamstrung by a shortage of cybersecurity professionals, said Uy.

Many of the 300 certified information security systems experts in the country prefer jobs in private companies or to work abroad, where the pay is much higher than what the government offers, he said.

PICSPro puts a premium on training new cybersecurity specialists and upskilling current ones.

The best way to improve the state of cybersecurity in the country is to make it “more accessible and train professionals and hone their skills, to the point where they become globally competitive,” PICSPro Chairman Angel Redoble said.

The DICT said cybersecurity in the country was still in the “infancy stage,” but a national cybersecurity strategy that will be launched next year aims to speed up its growth.

Part of the plan is to offer scholarships for cybersecurity professionals and obtain foreign grants to build up the DICT.

The government needs to beef up its corps of cybersecurity specialists if it wants to develop momentum in its drive toward digitalization.


Click Here For The Original Source.

National Cyber Security