AS more Philippine companies move operations online, they are not just unlocking growth — they are also exposing themselves to faster and more deceptive cyberattacks. Attackers are no longer forcing their way in; they are quietly logging in with stolen credentials.
Fabio Fratucello, field chief technology officer worldwide at CrowdStrike, spoke with The Manila Times about how threats are evolving and what local companies must do to keep up, based on findings from the 2025 Global Threat Report.
“Today’s adversaries no longer break in — they log in,” Fratucello said.
Instead of relying on malware, attackers are increasingly using stolen credentials to access systems undetected. “Once inside, they operate as legitimate users, bypassing conventional security controls and moving laterally across endpoints, identities, and cloud environments,” Fratucello explained.
CrowdStrike’s report found that 79 percent of initial access methods are now malware-free, a sharp rise from 40 percent in 2019. Fratucello warned that the pace of digital transformation in the Philippines, especially the adoption of cloud services and artificial intelligence, has expanded the attack surface. The challenge is no longer blocking malware, but closing visibility gaps — areas where threats go undetected across cloud, identity, and endpoints.
To stay ahead, he urged local businesses to adopt a unified, identity-centric approach that secures user access across all systems.
Social engineering
gets a boost from AI
The report also highlights a surge in human-centric attacks powered by generative AI. “We saw a 442 percent increase in vishing (voice phishing) attacks between the first and second half of 2024,” Fratucello said. “And it’s not just humans behind the messages anymore. Generative AI is being used to craft phishing emails that are more convincing and harder to spot, with a 54 percent click-through rate, compared to 12 percent for human-written phishing.”
Fratucello emphasized the importance of continuous, real-world-aligned cybersecurity education. “Cybersecurity education needs to be continuous, engaging, and aligned to real-world threats,” he said. This should be supported by multi-factor authentication, passwordless access such as biometric logins or app-based authentication, identity protection, and zero-trust principles — delivered through an AI-native platform that can detect and stop attacks as they occur.
Shrinking breakout times leave no
room for delay
Another critical finding: the average breakout time — the window between initial access and lateral movement — has dropped to just 48 minutes, with the fastest observed attack taking only 51 seconds.
“Time is the most critical factor in stopping a breach,” Fratucello said. For many Philippine businesses still maturing their security posture, this speed poses a significant challenge. “Organizations need a security platform that can correlate signals across endpoints, cloud, and identities, and respond immediately to lateral movement or anomalous behavior.”
He stressed the role of AI-driven threat detection and around-the-clock threat hunting to help even lean security teams respond quickly and effectively.
Cloud security
needs simplification
As cloud adoption accelerates across the Philippines, new risks are emerging. “Cloud intrusions jumped 26 percent last year, with compromised credentials and misconfigurations being the top causes,” Fratucello said. “In fact, valid account abuse was the entry point in 35 percent of cloud incidents in early 2024.”
Many businesses rely on fragmented or bolt-on security tools that cannot keep up with the dynamic nature of the cloud. Fratucello recommended a unified strategy that secures applications, data, identities, and workloads from a single platform. This reduces complexity and enables more responsive and continuous protection.
“You cannot protect what you cannot see,” he added, urging companies to implement modern cloud detection and response (CDR), which helps detect and respond to threats in cloud environments in real time.
Thinking like
your adversary
Fratucello described today’s cybercriminals as highly organized and scalable. “These aren’t lone hackers. They are running operations like corporations. They have roles, KPIs, and growth targets,” he said. “That is why Philippine businesses need to shift their mindset. Cybersecurity is not a technical issue anymore. It is a business imperative.”
To stay ahead, companies must move from reactive to proactive strategies. “It starts with intelligence,” he said. “Use threat data to guide your security strategy. Invest in AI-native tools that automate detection and response. And most importantly, empower your people, because speed and coordination make all the difference.”
Security as an enabler
Cybersecurity should evolve alongside innovation, not lag behind it. “Digital transformation shouldn’t come at the cost of security. In fact, it should be the other way around. Security should be the enabler,” he said. “When you have real-time visibility, unified defenses, and an intelligence-led strategy, you not only reduce risk. You unlock the full potential of your digital future.”
In a landscape where attackers move with speed and precision, the true test for Philippine businesses is not how fast they can respond — but how well they can anticipate. Cybersecurity today is not just about defense. It is about having a clear strategy, sharp visibility, and the readiness to act before threats gain ground.
