Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

November 25, 2024

Empowering resilience: Home Credit PH champions cybersecurity with Risk Compliance Audit Week 2024

Annual event equips employees with essential skills in data protection and compliance amid rising cyber threats


Home Credit Philippines (HCPH), the country’s leading consumer finance company, has underscored its dedication to data protection, data security, data privacy, and compliance by hosting its annual Risk Compliance Audit (RCA) Week. This initiative aims to foster a culture of vigilance and responsibility among employees, empowering them with essential skills in safeguarding sensitive information and mitigating potential risks.

Under this year’s theme, PAOER! Prepare, Adapt, Overcome = Empowering Resilience, HCPH’s RCA Week engaged employees in a series of events and training sessions designed to strengthen the company’s protective risk culture. Through dedicated information hubs set up across offices, employees accessed interactive resources and reviewed policies on data security and compliance, enhancing their readiness to protect against risks in real time.

“Building a protective culture is fundamental to who we are as a company. By equipping our people with a proactive mindset toward risk, we are not only protecting Home Credit but also reinforcing the trust our customers place in us. Our RCA Week is a concrete step in empowering our workforce to handle today’s complexities with confidence." Ihor Kruchynenko, HCPH Chief Risk Officer, said.

Leveraging experts’ insights in mitigating risks

Among the highlights of this year’s RCA Week was the virtual Expert Insights series, which featured leading voices in data security and compliance.

Meralco Vice President and Data Privacy Officer Atty. Francis Acero opened the series with a session on secure data handling practices to mitigate breach risks. Meanwhile, Vanguard Screening Solutions Co-Founder and Chief Executive Officer Jan Michael Espino followed with insights on the role of data protection in fraud prevention, emphasizing the importance of vigilance and compliance in safeguarding assets.

Rounding out the series was Atty. Rainer Anthony M. Milanes, former Chief of the Compliance and Monitoring Division at the National Privacy Commission, who discussed the necessity of protecting sensitive personal information within the finance sector to maintain trust and regulatory compliance.

In addition to expert sessions, employees received daily email briefings on key risk and compliance topics, reinforcing takeaways from each session and promoting a continuous learning environment. This comprehensive approach enabled employees to develop a robust understanding of risk mitigation strategies and the critical role each team member plays in maintaining a secure, compliant workplace.

Data breaches in the finance sector

The latest Data Breach Notification Management System report from the National Privacy Commission points to a worrying trend in data security within the financial services sector.

In the Philippines, financial services ranked among the top five sectors reporting security incidents in 2023 and 2024. By September 2024, at least 25 personal data breaches had been reported in this sector, underscoring the high stakes involved in protecting sensitive financial information.

Human error stands out as a major factor, responsible for nearly half of these breaches. This suggests that, while technology may provide strong data protection tools, the human component is often a weak link. Simple mistakes, whether due to inadequate knowledge or minor lapses in judgment, can inadvertently expose sensitive information, leading to serious consequences for both the company and its clients.

This data serves as a clear call to action for financial service institutions to prioritize data protection training. With the rapid digitization of financial services, it is more important than ever for employees to be equipped with practical skills in data protection, privacy, and security to prevent these kinds of incidents.

In response to these alarming findings, HCPH’s RCA Week demonstrates the company’s proactive commitment to addressing these risks head-on. By educating employees through practical training and fostering a culture of responsibility, RCA Week directly tackles the root causes of human error in data breaches, bolstering HCPH’s defenses and enhancing its reputation as a trusted consumer finance partner.

“For us at Home Credit, this initiative is more than a series of trainings. It’s a testament to our unwavering dedication to a protective risk culture that drives sustainable growth and resilience. By fostering a workforce skilled in navigating risks and committed to data security best practices, we not only strengthen our defenses but also set a high standard of accountability and trust in the industry,” Kruchynenko concluded.

To know more about the latest updates from Home Credit Philippines, visit its official website, www.homecredit.ph. You may also follow its official Facebook, Instagram, and TikTok accounts.

Home Credit Philippines is a financing company duly licensed and supervised by the Securities and Exchange Commission (SEC) and the Bangko Sentral ng Pilipinas (BSP).

August 2, 2024

Over 70% of Filipino industrial organisations experienced an OT attack in 2023—Palo Alto Networks


Palo Alto Networks, the global cybersecurity leader, has published its State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience report. The report surveyed 1,979 operational technology (OT) and IT business leaders across 23 countries globally, including 51 leaders in the Philippines, to understand the trends, risks, and cyber resilience strategies within OT environments, offering insights into the challenges faced by organisations across the globe.
 
  • In Philippines, over 70 % of industrial organizations experienced cyber attacks in their OT environments in the past year

  • 38 out of 51 organisations agreed that AI will be key to stopping OT attacks


Industrial operations are increasingly under regular and widespread cyberattacks, forcing operational shutdowns which result in lost revenue and significant remediation costs. At the same time, operators face increased compliance requirements as well as new risks posed by their adoption of new technologies and processes, including AI, remote access, cloud, 5G, and robotics. As a result, industrial operators are increasingly conscious of the need to adapt cybersecurity to the new demands of the day.


The report’s key findings reveal a concerning landscape in OT security: 


Industrial operations are at high risk of cyberattacks – Industrial operations were once believed to be immune to cyberattacks given their air-gapped systems, legacy assets, proprietary technologies, and fragmented end markets. This is no longer the case. 76.5% of the Filipino respondents stated that their organizations had experienced at least one cyberattack in the past year. Equally alarming is the frequency of these attacks, with about half (48.7%) of the respondents experiencing attacks often monthly or weekly. 


Cyberattacks can shut down local OT operations – The impact of these attacks has been significant, with 23.1% of Filipino organisations needing to shut down industrial operations in the last year due to a successful attack. This dangerous state of affairs is driving industrial operators to increasingly focus on security for their OT environments, with more than 70.6% of Filipino respondents considering it a high priority, and more than half (56.9%) expecting to increase spending on OT cybersecurity in the next two years.


Friction between OT and IT is a challenge – Despite the urgency, there remains a disconnect between OT and IT teams, hindering coordinated responses to threats. When asked to describe the relationship between OT and IT, more than half (54.9%) stated that it was either siloed or frictional, with only 17.6% answering that their teams are aligned. Furthermore, only 37.3% of respondents reported shared responsibility for OT cybersecurity purchase decisions between the two teams. This disparity is due to the historical roles of both teams, with IT traditionally being in charge of company-wide security, while OT has historically focused on industrial operations. 


AI is a double-edged sword  AI has already caught the attention of industrial operators, but the judgement on its value is split between fear of AI-enabled attacks and demand for AI-enabled protection. The survey found that 70.6% of respondents in the Philippines identified AI attacks against OT as a critical issue today, but 4 out of 5 also agreed that AI will be key to stopping OT attacks.


The move to cloud will reinforce OT security  AI is not the only new technology making its way into OT environments, with operators also getting ready to implement cloud solutions, among others. The report found that 92.2% of organizations in the Philippines believed the move to cloud will reinforce OT security. However, 64.7% of them also stated it would create increased cybersecurity challenges in the next two years.  


Zero Trust is the North Star – The report also underscores the criticality of embracing a Zero Trust approach to OT security, with over 80% of industrial respondents endorsing it as the right strategy. However, deployment rates remain relatively low, with just over 20% having fully implemented Zero Trust solutions for their OT/IT environments.


Oscar Visaya, Country Manager, Philippines at Palo Alto Networks, said, "The growing attacks on industrial operators highlight the urgent need for proactive risk mitigation and system resilience. As industrial operations undergo digital transformation in the AI era, traditional security measures are inadequate against advanced cyber threats. AI-driven defenses must be adopted to quickly analyze large data sets and detect patterns of impending threats, often before an attack occurs. Further, close collaboration between IT and OT teams is essential to ensure a unified and effective approach to cybersecurity.”


For more information,please visit: https://www.paloaltonetworks.com/network-security/zero-trust-ot-security


Click to read more:

State of OT Security report 

Blog post: Palo Alto Networks Surveys the State of OT Security

May 4, 2023

World Password Day: May the cyberforce be with you?

The invention of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in our lives; from your first pet to the street you grew up on, they are deeply ingrained in our minds. Passwords today are the primary guardians of our privacy, personal data, and finances.

Despite this knowledge, passwords are often viewed complacently, even though simple, easy-to-guess passwords are insecure. Your dog’s name, spouse’s name, birthdate, and other words and phrases related to your life that are easily discoverable on your social media profiles are easy for attackers to discover.

While the onus of ensuring security and protecting data does lie on the companies that collect and store this data, there is quite a bit consumers can do on their end to secure their credentials. World Password Day 2023 is driven by the purpose of raising awareness about the importance of strong passwords and encouraging individuals and organizations to take steps to improve their password security. With the increasing prevalence of cyberattacks and data breaches, it is more important than ever to use strong and unique passwords to protect our online accounts and personal information.

Based on research, 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway. Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks, provides simple but effective measures to make passwords the primary guardian of your personal and professional

       Set guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of different character types—letters, numbers, and special characters. An 8-character password is easier to guess by a computer than a 16- or 24-character password.

       Avoid vulnerable passwords that are easily guessed or already compromised. If you go and Google ‘commonly used passwords," you’ll see a list that any attacker uses when trying to guess passwords. If there is a default password on an internet-facing device or even internally. Change it ASAP!

       Avoid reusing passwords: Everyone hates remembering passwords; some great options are using the passphrase options. We can use it to create unique passwords that are easy to remember. Be wary of password managers; several have been hit recently, and some of them multiple times. But they can also be an option.

       Require password updates at set frequencies: This is a pain, but consider it the standard operating procedure for business risk reduction. It doesn’t take that long to do and helps secure the organization if a set of credentials is stolen or phished somehow.

       Use multi-factor authentication methods: If a password is stolen or guessed, no matter how hard you’ve tried to be unique, having other methods to confirm it is you trying to get to a resource or a web service you use is vital. Many different cloud, security, and operating system vendors have a multi-factor authentication app that you can install on your phone to link to almost every website that supports it.

By taking these steps, individuals and organizations can help improve their password security and protect their online accounts and personal information. Learn more about how to create a stronger cybersecurity posture with an intelligent, automated, artificial intelligence (AI)-driven security operations center by checking out Palo Alto Networks’ World Password Day webinar.


 

----------------------------------

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyber threats so that organizations can confidently embrace technology. We provide next-gen cybersecurity to thousands of customers globally across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC's Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

November 3, 2022

Don’t Get Fooled: Here’s How You Can Stay Safe Online Amid Scams and Frauds

Scams and frauds designed to gain access to your online profiles—including your digital banking accounts—have been around for years now. But they have noticeably been more frequent and aggressive lately. For instance, you have probably received SMS messages with suspicious-looking links. What’s scary is how these messages now have your name, making them look more legitimate. Others have gotten phishing emails that, at first glance, seem like formal communication from banks or other financial services. It’s becoming harder to distinguish what’s fake from what’s real.


And if you may think it’s easy to identify these schemes, you would be surprised to know that these scams are becoming more and more sophisticated everyday. For one, there are scams, specifically made to target you and your own online habits to better catch you off guard. As scammers evolve their tactics quickly, more and more people have fallen victim to these fraudulent online attacks. In this article, learn some tips and steps on how you can protect yourself from cyber fraud attacks.

Don’t give out personal info mindlessly
Cyber fraud attempts work by making you believe you are talking to a legitimate financial organization or a trusted institution. The email or messages they send will address you by name and often contain personal information no one else should be privy to aside from the companies and services you officially do business with. These scams collect your information beforehand by perusing your social media accounts and other public online forums. Sometimes, the attempts are more targeted: sending you supposed online forms you need to fill up or calling you directly to ask for your personal information in the guise of confirming it for a service or promo.

Treat your personal information as a valuable asset as it is the key that fraudsters use to trick you to unlock your account. Do not post your full name, birth date, address, and other information related to your digital accounts online. Be wary of strangers trying to add you as a contact on your social media accounts as well, as this could simply be a way to get information out of you for future, more specific fraud attempts. To be sure, financial organizations and trusted companies will not call to ask for your info. And they will not call you using an unofficial contact number unprompted.

Be cautious of who you talk to
Scams are made to make you lower your defenses and give out information that could allow fraudsters to access your financial accounts. Often, this is done through emails purportedly from official institutions designed to make you reveal important info such as bank account passwords, credit card details, and digital bank app details. And now, these frauds use SMS and video calls too.

You can detect a scam message by looking at some telltale signs. Scam emails, for instance, usually come from a public email domain account and not the official company email. Some fraud attacks have legitimate-looking email addresses but with a carefully placed misspelling to make it seem official. If you receive a supposed email from your bank that has some typographical errors, it’s a telltale sign.re more direct, asking for your password, card expiry date and CVV, or one-time password (OTP) via video call. A trusted company would never ask for such details via an email, SMS, phone, and video call.

Be mindful of your online—and offline—action and habits
The techniques today usually involve a link that scammers will entice you to click or visit through a promise of job offers or online shopping discounts, among others. These links can lead you to malicious websites that download viruses, ransomware, and other types of malware to your device. Malware is a software that can damage your device. At its worst, it can give scrupulous individuals unauthorized access to your device—and ultimately, all the information stored and saved there. Hence, you should be careful when you receive links from unknown or suspicious individuals. Don’t click links from unknown origins. With telecommunication services starting to ban links in SMS, scammers have used creative ways to include them in their text messages, such as playing with the typography or adding spaces in the website URL. It takes a bit more effort to access the link now, but it also means you still get disruptive spam messages.

But you need to be mindful of your offline actions, too. Scammers don’t just rely on online schemes to get your information. There have been reports, for instance, of scammers approaching you in public, asking to borrow your phone due to an emergency only to try to get your digital bank details and OTP. Others simply look over your shoulders when you make online transactions in public. The rule of thumb is to always keep sensitive information protected. Do not share it with anybody, and make sure your device is secured and out of the sight of other people when you make transactions online in a public place.

But cybersecurity is a shared responsibility between you and your financial service providers. As you take steps to make sure your financial accounts remain safe, your bank should take every step possible with its features, services, and even cyber security education to ensure your hard-earned money is secure and away from the hands of scrupulous online scammers.

RCBC’s fight against cyber fraud
As Rizal Commercial Corporation (RCBC) continues its thrust to accelerate digital adoption with secure and convenient digital services, it also carries on the fight against cybercrime. RCBC believes that the push for digital banking goes hand-in-hand with efforts to provide efficient and secure service.

During RCBC’s #DontGetFooled: Staying Safe Online webinar on security awareness held on October 12, 2022, RCBC Chief Information Security Officer Carlos Tengkiat reiterated how successful online fraud has been in targeting individuals, but has yet to successfully infiltrate organizations, particularly banks and other financial services. “The banking industry is constantly evolving, not only to cater to your needs but also to deliver these convenient services in a secure manner,” Tengkiat said, noting that RCBC is constantly working with other banking institutions, telecommunication companies, and government services to help provide this security. He reiterated RCBC’s digital banking app offers many security features such as two factor authentication, support of biometrics, mandatory change of password for online banking, card locking for lost and misplaced cards, and real-time SMS and email notification for banking transactions, among others. “This is part of our thrust as we aim to educate our customers on how to conduct electronic banking safely.”

He added, “Security, like banking, is a partnership. And we at RCBC are dedicated to be your partner in your journey.”


August 23, 2022

Learn the A-Z to stop cyberbullying; go to www.makeitsafe.ph

A is for apple? Think again. In cyber lingo, as these parents have experienced, the alphabet takes a whole new meaning, but not necessarily all good.
These cyber expressions could range from AMP, a shorter version of a Filipino cuss word, to other derogatory terms.

Or you might have heard someone say “Go KYS” or “Reincarnate.” These are simple but disturbing terms with the harmful intention of telling a person to “kill yourself.”

And sometimes, cyberbullying does not even use letters or words. Instead, people resort to emojis such as a pig face or snout to shame a person for being fat, or a clown to denote stupidity.

Offensive language and emojis, which often victimize users of social media and social messaging apps, do not stop at inflicting emotional pain. It may cause anxiety, fear, and depression that could prove damaging to mental health, especially among kids and young adults. Cyberbullying is also known to lead to negative self-talk and low self-esteem among children.

“To stop cyberbullying, we start with understanding how and where it happens. Parents can protect their children better if they know how young people communicate. Globe is sharing helpful tips on how parents can guide their kids in this new digital environment,” said Yoly Crisanto, Chief Sustainability and Corporate Communications Officer at Globe.

Explore the new language of the youth and learn the A-Z of cyberbullying prevention through Globe's new portal, www.makeitsafe.ph, accessible via mobile and desktop browsers. You can talk about the alphabet on the site and how each corresponds to lessons on cyberbullying.

You may even add words you may have heard used in cyberbullying to help expand the glossary.

The portal is part of Globe’s cyber safety advocacy, which runs parallel to its support for the United Nations Sustainable Development Goals, which fosters innovation towards economic development under SDG No. 9, and inclusive and equitable quality education under SDG No. 4.

The country’s leading digital solutions platform has various initiatives to protect people, particularly, minors and the youth, from cyberviolence, which includes bullying, and online sexual abuse and exploitation of children (OSAEC).

Globe also implements the Digital Thumbprint Program (DTP), a series of workshops and modules that teaches students, parents, and teachers about online responsibility and safety. It has been rolling out initiatives under the #makeITsafePH campaign to raise awareness about cybersecurity, partnering with various local and international organizations to block sites that promote OSAEC.

To learn more about Globe, visit www.globe.com.ph.

September 2, 2020

Bridging the Cybersecurity Skills Gap Through Artificial Intelligence

By Sandra Wheatley, Sr. Vice President, Marketing, Threat Intelligence and Influencer Communications, Fortinet 


Executive Perspectives 
Perhaps the most resource-intensive task required of security teams is the correlation and analysis of the massive volumes of data being produced by security devices and network sensors. This challenge is probably most apparent in the fact that network breaches often remain undetected for months, allowing cybercriminals to plant time-bombs, establish elaborate botnets, and slowly exfiltrate millions of records containing customer information and intellectual property. This challenge is compounded with the growing skills shortage the cybersecurity industry is facing globally, further adding to organizations’ risks. In fact, a recent Fortinet survey found that 73% of organizations had at least one intrusion or breach over the past year that can be partially attributed to a gap in cybersecurity skills.



Today’s Tools Only Begin to Close the Cybersecurity Skills Gap 

There are steps organizations can take to close the cyber skills gap. The first is to ensure that security tools don’t operate in isolation. If a security tool or sensor detects an anomalous behavior, it needs to be able to share that with other tools so that data can be correlated and compared against other data, as well as be cross-referenced against external threat intelligence feeds. This process is accelerated and suspicious activity can be detected faster when these tools are, by design, tightly integrated together. 
Of course, data also needs to be gathered from network devices, access control points, and other sensors to see the bigger picture. SIEM and SOAR solutions are designed to bridge the gap between these non-integrated solutions, helping to identify indicators of compromise and respond to identified threats. Behavioral analytics can baseline normal traffic to identify abnormal activities, such as data moving upstream out of the data center, or devices or applications probing the network looking for ways to connect to other devices or services that are not part of their usual domain of activity. 


While these solutions can help assess large volumes of data from a variety of locations, they still have their limitations. This is because today’s networks are in a state of constant flux. Dynamic cloud environments, remote offices, mobile workers, SaaS applications, DevOps projects, and shadow IT complicates the ability to monitor and process data. The network is not only constantly reconfiguring itself to optimize connectivity or support complex workflows, many of those connections – especially in hyperscale environments – are temporary, which means there isn’t enough time to baseline traffic and behavior or provide deep SIEM and SOAR analysis.

And none of this eliminates the need for having human analysts to supervise, review, manage, and respond to events detected by this collection of distributed solutions. The cybersecurity skills gap is part of the problem. There simply aren’t enough cybersecurity professionals to fill critical roles.  

Using AI to Build a Virtual Security Analyst 

Fortunately, artificial intelligence (AI) and machine learning (ML) are poised to help resolve these issues. ML already supports things like behavioral analytics, the detection of zero day threats, and the detection of threats hidden inside correlated data. The advent of deep neural networks has improved the detection of threats comprised of billions of nodes with its mature AI capabilities. Fortinet’s FortiGuard Labs threat research team has been leveraging mature AI for years to not only detect threats in the wild, but also provide deep insights into its origins and threat vectors. 

As organizations are forced to operate exclusively in reactive mode, they position broad-brush security tools to close the most common avenues of known attacks. Sometimes having to wait until an attack was actively targeting their devices and systems in order to repel them, or far too often, clean up the mess after a stealthy attack was able to break into their system and get out with the data it was looking for.  

Address Your Skills Gap Challenges Now While Preparing for the Future 

The skills gap remains a growing challenge for organizations. One way organizations are tackling this is by having all employees, not just IT professionals, take cybersecurity training. It’s important for everyone to have cybersecurity awareness and understand the threat landscape to minimize risks. 

In addition to having a trained and knowledgeable workforce, AI-based security stands to play an increasingly critical role in supporting the skills required by digital innovation efforts. The smart businesses, cities, and infrastructures of tomorrow will all require AI-based security analysis and response to fend off the speed and sophistication of the threats of tomorrow.  

July 10, 2018

Cybersecurity in APAC: The art of simplicity and being on the right side of history - Michael Montoya, Chief Cybersecurity Officer, Microsoft Asia


We all have “a-ha” moments when that lightbulb above our heads is just too bright to ignore. One came to me when I was in a previous IT operations role. It happened on a day when I had two meetings: first with an endpoint agent team and another with a security operations team.

The endpoint team gave me detailed guidance on the possible performance degradation and alerts we could expect from another agent we were placing on user devices in the pursuit of greater security. Later, the security operations team asked for more resources to address an increasing number of incoming alerts caused by our large security footprint.

The irony raised by these back-to-back meetings struck me, and so I asked myself: “How many security tools do we have to protect our environment?”

Finding the answer was not as simple as I had hoped. But when I was eventually told the approximate number, it was clear to me that we had a problem – and I was part of that problem. People like me have been in the industry long enough to have dealt with server sprawl and application sprawl. Now, we were witnessing security sprawl.

It seems very logical in this world of rapid digital transformation – where businesses and organizations face constant and evolving digital threats – to deploy as many defenses as possible to ward off cyberattacks. The more barriers in place, the more protected you are, right?

Well, I don’t believe I am alone when I say that it is a logical fallacy to think that having more security tools means better security. In fact, they could have the opposite effect, according to new research by IT analyst firm, Frost & Sullivan.

“Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” surveyed 1,300 respondents from 13 countries. This Microsoft-commissioned study drilled down into how organizations in our region view, approach, and practice cybersecurity.

One facet of the Study examined the experiences of organizations with different levels of security in place. What it found might, at first glance, seem counter-intuitive: Those that had gone to a lot of expense and trouble to put a wide array of security measures in place often encountered more security incidents than those with fewer defenses.


Moreover, they often took longer to recover from attacks. Of the surveyed organizations set up with more than 50 cybersecurity solutions, only 23% said they had been able to bounce back within an hour of a breach. For the organizations with less than 10 cybersecurity solutions, the figure was 40%.

The truth of the matter is simple: The number of security solutions you have won’t necessarily guarantee the safety of your data or protect your business reputation. The reasons can vary, but often over-complicated layers of complexity can make cybersecurity issues too hard for some companies to handle effectively.

These are just a few of the things that can open the door to threats, including the four this Study identified as being high-impact in Asia Pacific: 
  • fraudulent wire transfers; 
  • data corruption; 
  • online brand impersonation, which is when a cyber fraudster creates a bogus webpage or a social media account, either to harm your brand or simply to gain the confidence of your trusting customers; 
  • and data exfiltration, whereby cybercriminals use various malicious ways to copy, transfer, or retrieve data from computers or servers. 
Most of the Study’s respondents knew about the dangers out there and regarded them as real threats – with 59% saying cybercrime threats had hindered them on their digital transformation journeys. But it is problematic to learn what many were doing, or not doing, to manage the risks and why.

Firstly, let’s look at the reasons why the organizations surveyed thought it was a good idea to have a cybersecurity strategy in place. Only 20% regarded cybersecurity as a powerful enabler of digital transformation and the key to future business growth and success. In contrast, 41% simply cited traditional and tactical reasons, like protection from attacks and differentiating themselves from their competitors.

Most also said that when it came to creating new projects, security issues were usually considered after – not before – launch.

In this regard, the Study supports an uncomfortable notion that many of us know to be true: Many business decision-makers in our region still cling to outmoded ways of managing risks, and this is leaving them ill-informed and unprepared for mounting cybersecurity challenges that can ultimately erode their growth prospects.

Digital transformation has made the need for safe and trusted technology a front-and-center factor for business success. But too many organizations still regard security as an add-on, or even an afterthought. Some businesses resist the need to tackle security issues – even as cybercriminals become more sophisticated and as traditional IT boundaries disappear with new devices, apps, and data entering the workplace.

To succeed and thrive as digital enterprises in the years to come, organizations must make security part of the natural flow of their business processes and cycles. And, to ensure security, privacy, and compliance, the protection of company data requires a new approach.

That is why Microsoft has a platform that looks holistically across all the critical end-points of today’s cloud and mobile world. It acts on the intelligence that comes from our security-related global threat monitoring and insights. And, we have a vibrant ecosystem of partners who help us raise the bar across the industry – helping to securely enable our customers’ digital transformations.

Finally, there is the need for cultural change. The boards of too many companies still pick up most of their information about what is happening in cyber from what they read in the media. That’s just not detailed enough to inform them of their specific risks and the mitigation strategies they should be supporting. Increasing the dialogue on this topic amongst board members and IT executives is critical for businesses to thrive in the era of digital transformation and the inevitable consequences of cyberattacks.

The value proposition of cyber defense is changing. Traditionally, it has been regarded as a cost. Now it should be seen as an asset, simply because customers are demanding a level of security and trust. The more companies digitize, and the more an economy becomes digitally led, the more cybersecurity becomes a business enabler.

As security professionals, our jobs continue to get more complicated and vital to our company’s survival. Use this study as a reminder to ask you yourself two questions: How many security tools do I have to protect my company? And, what role should security play in my company’s digital transformation?

As Microsoft CEO Satya Nadella so eloquently states: “right now Microsoft is probably on the right side of history”. Well, I believe we security and IT professionals are also on the right side of history.

April 29, 2017

Technology alone can’t protect your business against cyber threats – ePLDT

Due to the rise of the Internet of Things (IoT), information is being collected at an unprecedented rate, with much of it being highly personal and confidential. It is because of this that cybersecurity is of much greater importance today.

ePLDT, an industry-leading provider of digital business solutions to enterprises in the Philippines, is warning local companies that employing data security software and hardware is not enough to combat cyber-threats. This is according to its newly appointed head of cybersecurity.

Angel Redoble
“Companies that focus on data security technology alone unfortunately do not understand cybersecurity,” said Angel Redoble, Chief Information Security Officer of ePLDT. 

“Because a single attack can affect every department of a company, cybersecurity therefore should be approached holistically by integrating it in every aspect, not just in technology. To do this, a company must first focus on having a strict protocol or process and must have the right people who are skilled to combat different kinds of threats. Once these are integrated with the appropriate technology, a company can achieve business resiliency.”

This crucial insight follows on the heels of Ernst & Young’s Global Information Security Survey of 2016 and 2017 which reveals that 64% of 1,735 firms surveyed, which includes Philippine companies, admitted that they have zero or mere informal threat intelligence programs. Moreover, 42% do not have an agreed communications strategy or plan in place in the event of a significant attack.

A security process or program provides the framework for keeping a company at a desired security level by assessing the risks, deciding how to mitigate them, and planning on how to keep programs and practices up to date. ePLDT notes that this is where most companies fail because they only treat cybersecurity as technology or software.

“The hundreds of thousands of vulnerabilities that are recorded every day plus the evolving hacking methods just goes to show that like a process, cybersecurity is a never-ending journey and should be evolved to mitigate & manage new threats,” said Redoble.

Data security skills on the other hand are also crucial since a skilled workforce can identify and therefore understand how to handle the vast majority of threats to data, like malware or hackers seeking confidential information.

Redoble recognizes that some institutions do not employ cybersecurity because of financial constraints but also notes that this should not stop them because the tradeoffs are more than beneficial for a company’s performance and existence. 
“Thanks to growing trends, not deploying cybersecurity is and will become more costly in the future. Companies who are serious about surviving must place it as a business imperative as a single attack can break any business.”
Fortunately due to the current trends and developments in cybersecurity, businesses can now achieve the process, technology, and skills to uphold security through inexpensive means. By administering an assessment of their current capabilities, a company can already set certain protocols while the lack of skills problem can be addressed by teaching the staff how to recognize an attack.

With regards to technology, Redoble notes that there are various data security measures that are being offered subscription-based. However, applying these three may leave a company’s in-house I.T. department drained and will lead them to focus on security rather than boosting productivity. As a solution, Redoble recommends to partner with an end-to-end data security provider.

As a leader in data security services in the country, ePLDT’s Cyber Security portfolio is a suite of services that cover devices, systems, processes, and expertise, designed to defend enterprises from multiple security risks, evolving threats, and malicious software attacks. The portfolio is further boosted by ePLDT’s vast infrastructure network due to its 9 state-of-the art data centers and is recognized internationally through its ISO 27001:2005 Information Security Management System (ISMS) certification.

To know more about ePLDT’s cybersecurity offerings, visit www.epldt.com/solutions/cyber-security/.

LinkWithin

Related Posts Plugin for WordPress, Blogger...
enjoying wonderful world