Insights from the latest Cybersecurity Conference PH | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

IN the wake of the latest malware attack on PhilHealth, the recently concluded CyberSecConPH Conference aimed at the emergence of an Asean-Japan Cybersecurity Community in the country yielded ideas and initiatives that should prove useful in addressing the current cyber breach and preempting future ones, as well. Let me quote from the Conference’s main resource persons.

Seiichi Ito, chairman of the International Relations Committee of the Japan Network Security Association (JNSA), said that creating an Asia-wide Cybersecurity Community of Practice and Cooperation is one of the best ways to fight cybercrime.

He added, “JNSA is one of many cybersecurity firms in Japan, but it has the longest history in supporting private companies and Asean governments in cybersecurity policymaking and training. It is through sharing best practices in cooperation and collaboration that Japan can contribute in dealing with cybersecurity concerns at home and abroad.”

Dr. Rudi Lumanto, founder and advisor of the Indonesia Network Security Association (IdNSA) told the audience about linking with JNSA because communities have scarce resources in addressing cybersecurity concerns and then tapping more collaboration and cooperation to support activities at the community level.

Lumanto explained, “We believe communities play a big role in promoting cybersecurity in support of government efforts and to spread the word down to the masses. To talk to the people is a tough task; that’s why we do our share in creating awareness about cybersecurity among the people.

“And we do a lot of activities. The first step is to learn and understand cybersecurity threats, which are growing worldwide right now. We then create awareness at the community level to ensure cybersecurity awareness in Indonesia through the bottoms-up approach. We strengthen the weakest link, which we tend to think are the people themselves, so we do a lot of work hand in hand with communities and local associations, which in turn do their own targeted awareness campaigns. The vision is to build and sustain a better and safer cyber environment in our country.”

Lito Averia, president of the Philippine Computer Emergency Response Team (PH-CERT), a volunteer organization that assists individuals and institutions on information security issues, said, “Stronger partnerships of individuals and communities that cooperate and fight against cyberthreats is the best way to protect citizens and countries. I believe regulators should already anticipate the worst-case scenario as it is better to warn Filipino consumers as soon as possible as the threat actors can already exploit the illegally accessed personal information.”

In light of the recent PhilHealth cyber breach, Averia, in a statement, commented, “PhilHealth, with the help of the DICT, is releasing information on the breach bit by bit. This is actually understandable as the discovery process for external security incidents is complicated, but they can already assume that a significant number of member data has been compromised. Thus, PhilHealth members should be better prepared for the worst-case scenario so they will not be caught off-guard and suffer potential financial loss or be a victim of identity theft.”

At the CyberSecConPH Conference, Sam Jacoba, conference chairman and president of the National Association of Data Protection Officers of the Philippines (Nadpop), the Philippines’ first advocacy group of Data Protection Officers, shared that “it is about time that a multi-country approach spearheaded by Communities of Practice join hands to fight against cybercriminals. Along with similar initiatives from government institutions and other private sector organizations, our Communities of Practice will work with them proactively to train current and future InfoSec and Cybersecurity professionals to enable them to go head-to-head against online threats.”

With the latest PhilHealth cyberattack, Jacoba said, “Compared to the Comelec data breach in 2016, the potential impact of this (PhilHealth) incident is even bigger as all working Filipinos are mandatorily enrolled, and need to pay monthly contributions. We urgently request the DICT and NPC that even if only a fraction of the extent of the breach has been revealed by the threat actors, they can already guide consumers and institutions that use PhilHealth information on what to do in case their personal information was compromised by the breach.”

Nadpop and PH-CERT are also willing and able to provide a third-party perspective and assist PhilHealth in its current breach investigation with the DICT and NPC. Jacoba and Averia jointly offered. “We are extending our support to PhilHealth and its impacted employees and members during this time, as we know the value of all of us helping each other during these times. It takes a community to protect personal information.”


Erratum. In last Sunday’s Tech Space, the resource person for the interview should have been Jan Sysmans, Mobile App Security Evangelist at Appdome. Apologies for the lapse on our part.


Click Here For The Original Source.

National Cyber Security