‘Something like 90% of all financial transactions that go through Wall Street, go through the Philippines. So if you want to do a cyberattack on the US, all you have to do is attack the Philippines,’ says Kanishka Gangopadhyay, US embassy press attaché
MANILA, Philippines – The US embassy at its annual media seminar held June 7 and 8 underscored an urgent need to strengthen the Philippines’ cybersecurity capabilities, and internet connectivity to bolster economic relations with the US.
Kanishka Gangopadhyay, US embassy press attaché, says, “Why do we care about cybersecurity, why do we care about cybersecurity infrastructure in the Philippines? What people don’t realize is in order to enact a cyberattack on the US, you don’t have to attack the United States.
“Something like 90% of all financial transactions that go through Wall Street, go through the Philippines. So if you want to do a cyberattack on the US, all you have to do is attack the Philippines…This is a national security priority for us.”
Ely Tingson, former data protection officer at the Presidential Security Group (PSG) and currently a senior vice president at US cybersecurity firm Kroll, shared key findings on cyberattacks in Asia Pacific.
In 2022, 75% of businesses in the Philippines suffered a cyberattack, second only to Malaysia’s 76%, with Hong Kong setting the lowest benchmark at 43%, with ransomware, which locks data for a ransom, remaining the top operational threat.
93% of US businesses operating in the region experienced a cyberattack as well, which may potentially affect operations in the US homeland as well. A country with a more developed cybersecurity infrastructure and national policy may prove to be the more attractive business partner.
Tingson noted the need for more reportorial requirements for companies operating in the Philippines that have experienced a cyberattack, beyond the current National Privacy Commission regime, to cover more forms and types of cyberattacks.
In recent months, Tingson said 3 Philippine companies were found posted in the LockBit darkweb site, but because there are no requirements for reporting such incidents publicly, who these companies were remains undisclosed.
Big gap in number of cybersecurity pros
But the biggest problem may be the number of cybersecurity professionals the Philippines has.
John Avila, senior economic growth specialist at United States Agency for International Development (USAID), says that the Philippine government has to make room for cybersecurity positions. “Right now, [the] government does not have in its plantilla, a cybersecurity professional – nor the job description, nor the salary commensurate to that professional.”
“Fortunately, the government is well aware of this. We’re working with the Department of Budget, the Civil Service Commission, and the Department of Information and Communications Technology to precisely come up with those plantilla items – not just for cybersecurity but the government is upgrading all its IT positions.”
The USAID, Avila says, is providing training, as well as crafting the job description and proposed salaries. “The idea is to have a cybersecurity professional in all critical sectors of government.” It is important to be able to craft a solid compensation package to encourage cybersecurity professionals to work in the Philippines instead of going abroad to countries such as Singapore.
In 2023, Singapore has about 3,000 cybersecurity professionals while the Philippines is estimated to have 200.
In 2022, another US-based cybersecurity firm Fortinet also expressed the need for more cybersecurity professionals. Before the pandemic, the estimated deficiency of cybersecurity professionals needed was at 2 million, and this was a number, which the company says, has only increased during the pandemic.
USAID has two digital programs currently, the 5-year, $33-M BEACON project helping with infra development, policy updating, and addressing cybersecurity needs, including a project bringing wireless connections in smaller islands in Cebu in partnership with Central Visayas Information Sharing Network Foundation (CVISNET); and SPEED, a P1-B project to support digitalization of SMEs, including projects with the Cebu Chamber of Commerce to establish an online marketplace and expand digital payment options in the region.
Cybersecurity in the private sector
In the private sector, Avila says, investors are “increasingly looking at cyber-readiness or digital readiness when they make investment positions.”
Among the largest job-maker in the Philippines is US BPO firm Concentrix which counts 120,000 Filipino employees. The company says it has one of the biggest information security investments in the world, and counts more than 300 cybersecurity professionals globally. In spite of that, having a national policy would be a boost says press attaché Gangopadhyay. “The big companies have company-based policies that are good, but there is no national policy framework, and that creates great risks for the US,” he says.
Currently, Avila says, “The Philippines ranks very poorly if you compare us with the rest of ASEAN, in terms of cyber-readiness. If investors use those indices as a decision-making tool, then yes, the answer would be, that would be an important consideration for investors.”
Locally, Philippine firms are estimated to be losing about P6.16 billion every day, due to cyberattacks.
Tingson also encouraged the youth to go into the field of cybersecurity, saying that by getting the proper training and acquiring certifications, one could find 6-digit peso offers in about 3 years time, and doesn’t see job demand waning anytime soon.
Gangopadhyay noted that if the 16-year-old, 17-year-old Filipinos today can realize that cybersecurity is a growth industry, they have the potential of earning 3 times that of a call center agent, and at the same time, help with national security. – Rappler.com