Cybersecurity risk denials

At the ongoing World Economic Forum (WEF), held virtually for the second year instead of in Davos, Switzerland because of the pandemic, one of the more pressing concerns raised was the unavailability of internet access for a third of the world’s population either because they could not afford it or did not have the connectivity service.

Guided by the belief that connectivity is a human right, the forum continues to pursue the goal of bringing accessible and affordable internet services to more people, thereby enhancing digital inclusion through healthcare, education, and financial services.

Ironically, though, the forum is highlighting the growing incidence of cybercrime fuelled by the accelerated pace of digitalization brought about by this pandemic. According to the “Global Security Outlook 2022” released earlier this week during the forum, every organization in the digital economy faced 270 cyberattacks on average in 2021, and each successful breach cost the company $3.6 million.

The survey underpinning the report was conducted by the WEF Center for Cybersecurity and involved 120 cyber leaders in 20 countries, as well as “Cyber Outlook” sessions, interviews and bilateral meetings, and data from WEF research and reports, and third parties.

Also in the Philippines

Cyber attacks and cybercrime are no strangers in the Philippine setting, and these too have reached staggering proportions from 2019 to 2021, according to the recent statement of Bangko Sentral ng Pilipinas Governor Benjamin Diokno before members of the Senate Committee on Banks, Financial Institutions, and Currencies.

Malware and hacking attacks have surged by a stunning 2,324 percent in 2020 from 2019, while phishing and other social engineering ploys rose threefold.

While the apparent purpose of the BSP Governor’s reporting was to push for the passage of the proposed Financial Consumer Protection Act to provide Filipinos an increased level of protection when making financial transactions and at the same time empowering financial regulators to mitigate business standards that would deter frauds and scams, the reality may be a bit more challenging.

For one, cyber criminals have always managed to keep up their mischievous attacks way ahead of the capability of businesses to anticipate and ward these off. A dearth of qualified personnel in the information and technology (IT) department or even of cyber security consultants, aggravates the situation.

Huge perception gap

More damaging, though, is the huge gap in views between business and cyber leaders on just how secure their operations are from cyber attacks. No matter how much companies hike their investments in cyber security, this does not seem to be enough when faced with a deadly and successful breach of cybercriminals.

Newly published attacks have increasingly shifted the burden of vulnerability away from consumers, who fall prey due to their financial security lapses, to the companies for failing to upgrade their digital systems’ security protection.

Building resiliency

Businesses take from six to nine months to resolve and fully contain security attacks, according to the WEF security outlook report, an indication of how painful the problem has become for companies that are building up their digital capabilities.

The concept of cyber resiliency, as integrated in the company’s business risk-management strategies, is very much under debate given the threats posed by seemingly powerful crime syndicates that display heightened agility in ramping up attacks and evading capture.

Many businesses are resorting to cyber insurance in the absence of a more effective countermeasure to cyber attacks, an understandable go-to solution to limit financial liability and exposure, even if it means having to pay double or more in premiums.

Cyber security experts, on the other hand, are pushing for increased importance of the IT role in companies’ managements, especially if the business already has a significant exposure in digital commerce where interaction of smaller companies is needed.

Weak links

In the growing number of ransomware cases last year, studies showed the weak link that small and medium-sized enterprises (SMEs) pose when their often-antiquated digital systems are inadequately protected from hacking and data pilferage.

The IT security industry is calling on businesses to subject their systems to a more thorough risk review to determine and prioritize weak links, and to act with urgency in remediating solutions. Of course, given the manpower restraints, as well as additional financial investments, this may be easier said than done.

For example, it took years for banks to migrate to the safer EMV chip technology for ATM cards to combat skimming and other ATM-related crimes. The shift has resulted in lower reports of victimization. However, crimes in other areas have risen at much higher rates.

Cyber security experts have assessed local laws to be adequate, but warn that compliance is what gives them nightmares. A more open environment of problem sharing is being urged, but this may be something that companies are unlikely to consider.

For the moment, we can only pray and fervently hope that businesses will be able to quickly respond to cybercrime threats as more people across the globe are connected to the digital world. For now, business’ readiness is all that’s available to gauge how safe our money is.

Facebook and Twitter

We are actively using two social networking websites to reach out more often and even interact with and engage our readers, friends and colleagues in the various areas of interest that I tackle in my column. Please like us on www.facebook.com/ReyGamboa and follow us on www.twitter.com/ReyGamboa.

Should you wish to share any insights, write me at Link Edge, 25th Floor, 139 Corporate Center, Valero Street, Salcedo Village, 1227 Makati City. Or e-mail me at [email protected]. For a compilation of previous articles, visit www.BizlinksPhilippines.net.