‘Philippines an attractive target for cyberattacks’

Digital payments shift, heavy social media use

MANILA, Philippines — The Philippines’ rapid shift to digital payments and heavy social media use have made it an “attractive target” for global threat actors, according to cyber defense company BlueVoyant.

In an interview with The STAR, BlueVoyant COO Michael Montoya warned that hackers are exploiting the country’s booming digital adoption, putting internet-savvy Filipinos at immediate risk.

“So there’s just a great opportunity for a threat actor to actually make some money out of this country because of your high adoption of technology and your digital payments,” said Montoya, who has an intrinsic background in information technology and cybersecurity.

He said the Philippines ranks among the highest in fraud incidents, with 74 percent reported.

Digital transactions made up more than half or 57.4 percent of the country’s total monthly retail payments in 2023, according to data from Bangko Sentral ng Pilipinas.

This figure was higher than the 52.8 percent share reported in 2023.

The rise in digital payments was attributed to a surge in merchant payments, person-to-person transfers and business-to-business supplier payments.

Montoya, however, said this progress has opened the door to cybercriminal activity, with 13.4 percent of digital transactions flagged as fraudulent — the second highest rate globally.

“There needs to be a bigger drive to increase the awareness across enterprises (and) across the greater citizen population,” he said.

On the corporate front, Montoya said at least eight in every 10 Philippine businesses reported multiple cybersecurity breaches that impacted their operations last year.

Around 32 percent of Filipino respondents, meanwhile, had “no way” of detecting cybersecurity incidents within their supply chains, exceeding the global average of 30 percent, a BlueVoyant survey showed.

Among industries, Montoya said energy is one of the most heavily targeted by cyber attacks, with threat actors going after critical infrastructure like power plants.

This highlights the need to implement and adopt stronger monitoring, automated risk scoring and timely response to supply chain vulnerabilities.

To stay reasonably secure, Montoya said an organization should invest “somewhere between 0.6 percent and 0.8 percent” of total revenues in cybersecurity.

As a global cybersecurity firm, BlueVoyant serves over 1,000 customers from various sectors across 45 countries. It currently operates across North America, Europe, Africa and the Middle East.

In the Philippines, the company plays a vital role in strengthening the cybersecurity posture of both private enterprises and government-affiliated organizations.

Its key services include detection and response management, supply chain defense and digital risk protection.

“We can protect (businesses) against third-party (risks), but I think the biggest piece is our platform and the capabilities of our intelligence around our platform are some of the best in the world,” Montoya said.

Looking ahead, BlueVoyant aims to scale up its Philippine operations, including local talent development.

The company plans to improve third-party risk management services for local enterprises and expand regional intelligence capabilities against emerging threats in Southeast Asia.