Enterprises warned on “cyber attacks”

CEBU, Philippines - Digital business solutions provider ePLDT has joined other industry activists on cyber-security, warning the public to be vigilant in protecting themselves against heightened cyber crime lurking in the worldwide web.

The company is specifically calling the attention of the enterprise segment, whose vulnerability to cyber criminals is always on the "red alert" lane.

ePLDT, the industry-leading provider of digital business solutions to enterprises in the Philippines, is reiterating its warning local companies that employing data security software and hardware  is not enough to combat cyber-threats. This is according to its newly appointed head of cybersecurity.

“Companies that focus on data security technology alone unfortunately do not understand cybersecurity,” said Angel Redoble, Chief Information Security Officer of ePLDT.

Due to the rise of the Internet of Things (IoT), information is being collected at an unprecedented rate, with much of it being highly personal and confidential. It is because of this that cybersecurity is of much greater importance today, he said.

Redoble added that a single attack can affect every department of a company, cybersecurity therefore should be approached holistically by integrating it in every aspect, not just in technology.

To do this, he explained that a company must first focus on having a strict protocol or process and must have the right people who are skilled to combat different kinds of threats. Once these are integrated with the appropriate technology, a company can achieve business resiliency.

This crucial insight follows on the heels of Ernst & Young’s Global Information Security Survey of 2016 and 2017 which reveals that 64 percent of 1,735 firms surveyed, which includes Philippine companies, admitted that they have zero or mere informal threat intelligence programs.

Moreover, 42 percent do not have an agreed communications strategy or plan in place in the event of a significant attack.

A security process or program provides the framework for keeping a company at a desired security level by assessing the risks, deciding how to mitigate them, and planning on how to keep programs and practices up to date. ePLDT notes that this is where most companies fail because they only treat cybersecurity as technology or software.

“The hundreds of thousands of vulnerabilities that are recorded every day plus the evolving hacking methods just goes to show that like a process, cybersecurity is a never-ending journey and should be evolved to mitigate & manage new threats,” said Redoble.

Data security skills on the other hand are also crucial since a skilled workforce can identify and therefore understand how to handle the vast majority of threats to data, like malware or hackers seeking confidential information.

Redoble recognizes that some institutions do not employ cybersecurity because of financial constraints but also notes that this should not stop them because the tradeoffs are more than beneficial for a company’s performance and existence. “

"Thanks to growing trends, not deploying cybersecurity is and will become more costly in the future. Companies who are serious about surviving must place it as a business imperative as a single attack can break any business," he stressed. (FREEMAN)