Lack of IT security professionals makes Philippines prone to cyber crime

MANILA, Philippines - An external informational technology (IT) professional, not the in-house IT professional often discover majority of hacking, according to a global threat intelligence organization.

NTT’s Security Assessment Services, one of the largest threat intelligence gathering and security consulting organizations in the world, said 69-percent of cyber crime breaches are discovered by an external party.

Chris Camejo, director of NTT’s Security Assessment Services, said there is a security skills deficit worldwide, but especially so in the Philippines seeing that the country ranks high in several cyber vulnerability reports.

“The Certified Information Systems Security Professional (CISSP) is one of the most recognized certifications in the industry, yet the number of certified Filipino professionals’ pales in comparison to their ASEAN neighbors,” he said.

It was reported the Philippines has only 84 CISSP certified IT people compared with 107 in Indonesia, 189 in Thailand and 275 in Malaysia.

In other Asia Pacific countries like Singapore, Japan and Australia, there are over 1,000 certified professionals per country, yet these numbers dwarf in comparison to that of the US, which has around 67,000 certified security professionals.

CISSP certification is ideal for sophisticated IT Security positions such as security architects, security analysts, security systems engineer, network architects, and IT leadership positions such as chief information officer and director of security.

These positions are usually at the forefront of loss control and IT risk mitigation efforts of a company.

Camejo was in town upon the invitation of AIG Philippines to raise awareness on the cyber vulnerability landscape and brought the issue of cyber security to the c-suite audience.

To illustrate the point on how pervasive the cyber threat has grown, Camejo showcased a few examples of how hackers intercept data over Wi-Fi using readily-available software from the Internet. This highlights how companies should have a proper risk assessment method to accurately make a decision on their security investments.

“A risk assessment isn’t a checklist, a vulnerability scan, or a penetration test. A risk assessment is knowing what information you have that needs protection, where it is placed, what the threats are to this information, and how much it would cost you if the threats would be successful,” Camejo said.

AIG Philippines general manager Mark Lwin also said that cyber risks expose company’s directors and officers to a range of liabilities particularly on three main points: Liability to Shareholders, Liability to Customers, and Liability to Regulators.

“C-suite executives should have an active part in the risk management process so that they could make an informed decision on the best risk-handling method and guide management through this growing risk concern,” Lwin said.

The 2014-2015 Philippine Cybercrime report said there had been a 42-percent surge in cyber espionage attacks and intellectual property theft in 2012 compared to those reported in 2011. The report states that there has been an increasing threat in the manufacturing sector as well as in small businesses.

Contrary to popular belief that this is only a problem for big companies, the lack of awareness in the importance of cyber security management and not having proper loss control defenses in place makes SMEs, aside from big corporates highly vulnerable.

“This makes them a favorite target for cyber criminals as SMEs are considered low-hanging fruit or easy targets,” the AIG official said.

Globally, the average malware encounter rate (the percentage of computers that report a detection of malicious software) was 14.8 percent in the second quarter of 2015, according to a Microsoft Security report.

The Philippines’ malware encounter rate is nearly double the global average at 29.1 percent.  This ranks the country at 21 out of 123 countries in the report in terms of malware encounter. The actual malware infection rate in the same quarter was 0.84 percent on average globally, but was 3.76 percent in the Philippines, making it the 17th highest on the list.