Cybersecurity – Cybercrime/Hackers – the good, the bad and the in-between

Cyber-threats continue to grow in both scope and severity. The number of recurring high profile security breaches continue to grow.

In Germany, for instance, the police recorded a growing number of cybercrime cases:

Year Cases

o 2000 0

o 200522,000

o 200840,000

o 201060,000

o 201880,000

There are several implications for cyber security leaders:

* The digital footprint of businesses and individuals continues to expand dramatically; nearly every device is a target and virtually everything can be used to instigate a cyberattack.

* Threats are becoming more intelligent and attacks are increasingly automated, making them extremely difficult to detect.

Looking at the major data breaches in recent months /years, from Panama Papers to Paradise Papers (positive hacking?), from Yahoo hack to US Equifax, from Philippine Comelec to Sony sabotage to Wannacry (bad boys)it is obvious that organizations – in government, in the private sector and in civil service – have no choice but to focus on data protection.

Besides the damage in terms of money and reputation data breaches incur, companies around the world – including the Philippines – are forced by regulations to protect the data they collect. The fines for failing to comply are high, both in terms of money to pay and time to spend in jail.

For the Philippines, cybersecurity and cybercrime protection are especially important, given the fact that the country wants to be seen as one of the major countries in the digitalizing world that receives and analyzes data for clients around the world. This business interest isaggravated by the new Data Privacy Law that severely punishes managers of organizations in cases of data breaches, especially when negligence in data privacy and data security protection are found in the investigations.

Given the need to train organizations and its people involved in data handling and control, it is essential that workshops are attended or experts are invited to train staff in-house after a gap analysis has been undertaken. The European Innovation, Technology and Science Center (EITSC) will run its first cybersecurity and cybercrime workshop in Makati on 27 November. The workshopis serving as an introductory course as well as a refresher course on the current and emerging legal, regulatory and technological landscape on digital protection and the remedies for breaches and hacks. This module serves as prerequisite for next level intermediate and advance training programs. The next programs will work on creating a cyber-savvy work force in your organization, involving the training of key people, for them to understand cyber risks and the needed responses, including a possible upgrading of the IT infrastructure. It is essential that the people in the IT department have the right skills to effectively handle emerging cyber threats.

Finally, let me just reiterate that the EU will implement its cybersecurity regulations by May next year; in the Philippines, the law is in place and is effectively implemented by the National Privacy Commission (as far as data privacy protection is concerned) and by the DICT with regard to cybercrime. However, we need to be aware that data privacy protection without cybersecurity is not possible.

Comments are welcome; email [email protected].