November 25, 2024
Empowering resilience: Home Credit PH champions cybersecurity with Risk Compliance Audit Week 2024
August 2, 2024
Over 70% of Filipino industrial organisations experienced an OT attack in 2023—Palo Alto Networks
In Philippines, over 70 % of industrial organizations experienced cyber attacks in their OT environments in the past year
38 out of 51 organisations agreed that AI will be key to stopping OT attacks
Industrial operations are increasingly under regular and widespread cyberattacks, forcing operational shutdowns which result in lost revenue and significant remediation costs. At the same time, operators face increased compliance requirements as well as new risks posed by their adoption of new technologies and processes, including AI, remote access, cloud, 5G, and robotics. As a result, industrial operators are increasingly conscious of the need to adapt cybersecurity to the new demands of the day.
The report’s key findings reveal a concerning landscape in OT security:
Industrial operations are at high risk of cyberattacks – Industrial operations were once believed to be immune to cyberattacks given their air-gapped systems, legacy assets, proprietary technologies, and fragmented end markets. This is no longer the case. 76.5% of the Filipino respondents stated that their organizations had experienced at least one cyberattack in the past year. Equally alarming is the frequency of these attacks, with about half (48.7%) of the respondents experiencing attacks often monthly or weekly.
Cyberattacks can shut down local OT operations – The impact of these attacks has been significant, with 23.1% of Filipino organisations needing to shut down industrial operations in the last year due to a successful attack. This dangerous state of affairs is driving industrial operators to increasingly focus on security for their OT environments, with more than 70.6% of Filipino respondents considering it a high priority, and more than half (56.9%) expecting to increase spending on OT cybersecurity in the next two years.
Friction between OT and IT is a challenge – Despite the urgency, there remains a disconnect between OT and IT teams, hindering coordinated responses to threats. When asked to describe the relationship between OT and IT, more than half (54.9%) stated that it was either siloed or frictional, with only 17.6% answering that their teams are aligned. Furthermore, only 37.3% of respondents reported shared responsibility for OT cybersecurity purchase decisions between the two teams. This disparity is due to the historical roles of both teams, with IT traditionally being in charge of company-wide security, while OT has historically focused on industrial operations.
AI is a double-edged sword – AI has already caught the attention of industrial operators, but the judgement on its value is split between fear of AI-enabled attacks and demand for AI-enabled protection. The survey found that 70.6% of respondents in the Philippines identified AI attacks against OT as a critical issue today, but 4 out of 5 also agreed that AI will be key to stopping OT attacks.
The move to cloud will reinforce OT security – AI is not the only new technology making its way into OT environments, with operators also getting ready to implement cloud solutions, among others. The report found that 92.2% of organizations in the Philippines believed the move to cloud will reinforce OT security. However, 64.7% of them also stated it would create increased cybersecurity challenges in the next two years.
Zero Trust is the North Star – The report also underscores the criticality of embracing a Zero Trust approach to OT security, with over 80% of industrial respondents endorsing it as the right strategy. However, deployment rates remain relatively low, with just over 20% having fully implemented Zero Trust solutions for their OT/IT environments.
Oscar Visaya, Country Manager, Philippines at Palo Alto Networks, said, "The growing attacks on industrial operators highlight the urgent need for proactive risk mitigation and system resilience. As industrial operations undergo digital transformation in the AI era, traditional security measures are inadequate against advanced cyber threats. AI-driven defenses must be adopted to quickly analyze large data sets and detect patterns of impending threats, often before an attack occurs. Further, close collaboration between IT and OT teams is essential to ensure a unified and effective approach to cybersecurity.”
For more information,please visit: https://www.paloaltonetworks.com/network-security/zero-trust-ot-security.
Click to read more:
Blog post: Palo Alto Networks Surveys the State of OT Security
May 4, 2023
World Password Day: May the cyberforce be with you?
The invention of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in our lives; from your first pet to the street you grew up on, they are deeply ingrained in our minds. Passwords today are the primary guardians of our privacy, personal data, and finances.
Despite
this knowledge, passwords are often viewed complacently, even though simple,
easy-to-guess passwords are insecure. Your dog’s name, spouse’s name,
birthdate, and other words and phrases related to your life that are easily
discoverable on your social media profiles are easy for attackers to discover.
While
the onus of ensuring security and protecting data does lie on the companies
that collect and store this data, there is quite a bit consumers can do on
their end to secure their credentials. World Password Day 2023 is driven by the
purpose of raising awareness about the importance of strong passwords and encouraging
individuals and organizations to take steps to improve their password security.
With the increasing prevalence of cyberattacks and data breaches, it is more
important than ever to use strong and unique passwords to protect our online
accounts and personal information.
Based
on research, 91% of
people know that using the same password on multiple accounts is a security
risk, yet 66% continue to use the same password anyway. Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto
Networks, provides simple but effective measures to make passwords the
primary guardian of your personal and professional
● Set
guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of
different character types—letters, numbers, and special characters. An
8-character password is easier to guess by a computer than a 16- or
24-character password.
● Avoid
vulnerable passwords that are easily guessed or already compromised. If you go and Google ‘commonly used
passwords," you’ll see a list that any attacker uses when trying to guess
passwords. If there is a default password on an internet-facing device or even
internally. Change it ASAP!
● Avoid
reusing passwords: Everyone
hates remembering passwords; some great options are using the passphrase
options. We can use it to create unique passwords that are easy to remember. Be
wary of password managers; several have been hit recently, and some of them
multiple times. But they can also be an option.
● Require
password updates at set frequencies: This is a pain, but consider it the standard operating procedure for
business risk reduction. It doesn’t take that long to do and helps secure the
organization if a set of credentials is stolen or phished somehow.
● Use
multi-factor authentication methods:
If a password is stolen or guessed, no matter how hard you’ve tried to be
unique, having other methods to confirm it is you trying to get to a resource
or a web service you use is vital. Many different cloud, security, and
operating system vendors have a multi-factor authentication app that you can
install on your phone to link to almost every website that supports it.
By
taking these steps, individuals and organizations can help improve their
password security and protect their online accounts and personal information.
Learn more about how to create a stronger cybersecurity posture with an
intelligent, automated, artificial intelligence (AI)-driven security operations
center by checking out Palo Alto Networks’ World Password Day
webinar.
----------------------------------
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyber threats so that organizations can confidently embrace technology. We provide next-gen cybersecurity to thousands of customers globally across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto
Networks, we’re committed to bringing together the very best people in service
of our mission, so we’re also proud to be the cybersecurity workplace of
choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably
Best Companies for Diversity (2021), and HRC's Best Places for LGBTQ Equality
(2022). For more information, visit www.paloaltonetworks.com.
November 3, 2022
Don’t Get Fooled: Here’s How You Can Stay Safe Online Amid Scams and Frauds
August 23, 2022
Learn the A-Z to stop cyberbullying; go to www.makeitsafe.ph
September 2, 2020
Bridging the Cybersecurity Skills Gap Through Artificial Intelligence
By Sandra Wheatley, Sr. Vice President, Marketing, Threat Intelligence and Influencer Communications, Fortinet
Today’s Tools Only Begin to Close the Cybersecurity Skills Gap
Using AI to Build a Virtual Security Analyst
Address Your Skills Gap Challenges Now While Preparing for the Future
July 10, 2018
Cybersecurity in APAC: The art of simplicity and being on the right side of history - Michael Montoya, Chief Cybersecurity Officer, Microsoft Asia
- fraudulent wire transfers;
- data corruption;
- online brand impersonation, which is when a cyber fraudster creates a bogus webpage or a social media account, either to harm your brand or simply to gain the confidence of your trusting customers;
- and data exfiltration, whereby cybercriminals use various malicious ways to copy, transfer, or retrieve data from computers or servers.
April 29, 2017
Technology alone can’t protect your business against cyber threats – ePLDT
Angel Redoble |
“Thanks to growing trends, not deploying cybersecurity is and will become more costly in the future. Companies who are serious about surviving must place it as a business imperative as a single attack can break any business.”