Increased connectivity, convenient accessibility to crimeware, and gaps in security maturity–these are some of the reasons why the Philippines is among the top four countries targeted by cybercriminals in Southeast Asia, according to a cybersecurity expert from Inspira Enterprise, a global cybersecurity risk management service provider.
Kenneth Ho, ASEAN consulting and sales director at Inspira Enterprise.
In an exclusive interview with Manila Bulletin, Kenneth Ho, ASEAN Consulting at Inspira, began the discussion by providing the big picture since the COVID-19 pandemic started in 2020. “Many people are now working from home. However, because they do not have that kind of secure infrastructure in the office, they become more vulnerable to attacks,” he said.
Today, homes are becoming more connected because of internet-of things (IoT) devices. Unfortunately, security is not always a priority for manufacturers and consumers of these devices. “When we do reverse engineering on the firmware of these devices, we discovered that there are hard coded passwords. Attackers can use these CCTV or smart TV passwords to penetrate network infrastructures,” Ho added.
This is where Inspira comes in. The company helps by making some customizations, putting in some measures to prepare customers, and teaching how to respond and recover.
“If a user is working from home and using a laptop or a desktop, we put in sensors to monitor those devices with artificial intelligence and machine learning. If something suspicious in a device, we flag it up and have it automatically removed,” he explained.
In organizations with pantries and video conference rooms, Inspira uses a device platform for secure incident and event management. Traditionally, organizations collect data from the firewall server. However, if an office has IoT devices, Inspira can gather data from them.
An event can be a situation such as high CPU usage. An event becomes an incident if there are malicious processes attacking the server or malware installation, and it does not matter whether the attack is successful or not.
Jose Maria Palanca, Inspira sales director for the Philippines; Josef Figueroa, ASEAN president of Inspira; Gaurav Deshpande, practice head of Enterprise Integrated Cyber Threat Management at Inspira; and Kevin Nazareth, senior technology consultant at Inspira during the introduction of the company’s fifth Cyber Fusion Center (CFC) in the Philippines.
Easy access to hacking tools
Currently, many cybersecurity attacks are related to easy access to hacking tools like crimeware and dark web, where cybercriminals can get weaponized arsenal.
“Cybercriminals no longer require using the tools. Instead, they can buy services. For example, I encountered an incident where a rogue or an unhappy employee left the organization, bought a DDoS-as-a-service, and attacked the company. You do not have to know the skills. Today, it is simply buying a service,” Ho said.
With this convenient accessibility of hacking tools, the Philippines is among the top cybercrime target in the region. Ho cited other reasons why it is so.
“I think it is because the government is expanding Internet broadband connectivity. Filipinos are also spending many hours on Internet, about nine to ten hours a day. Unfortunately, the level of security maturity is still not very mature, and users are exposing a lot. If you spend a lot of time on the Internet, it becomes a big avenue for attackers,” he said.
“We are also seeing a lot of investment in security. However, in terms of maturity, we are still seeing that there is a gap in terms of investment into the security infrastructure. It is one of the reasons the country becomes a target,” he continued.
Inspira is helping to address the situation by setting up its fifth Cyber Fusion Center (CFC) in the country and trying to automate its response amid scarce security resources. The next-generation CFC is part of the Inspira’s growing investment in the country with an aim of honing skills sets and talents.
Based in Singapore, Ho shared that he will frequently visit the Philippines to train the interns in the next few months to facilitate knowledge transfer.
Deshpande demonstrates the capabilities of CFC.
Addressing the gaps in security maturity
Many organizations probably focus a lot on the initial phase of attacks, which consists of detection, discovery, and protection. However, organizations miss the gap on response and recovery.
“Customers claim they have the best firewall, and their teams are well fortified. However, when we ask them the question: ‘what happens if there is a data breach today, how would you respond?’. Many executives turn their backs on each other, and nobody has an answer,” Ho said.
Thus, Inspira comes in to help organizations in the recovery and response part. When there is an incident data breach, the company comes in to do the forensics and investigation. Inspira helps the affected organizations to bring the business back.
Ho added that despite the growing trend of ransomware attacks, phishing is still a top cybersecurity concern. It is the simplest, least costly, and most effective among all cybersecurity attacks. That is why Inspira is also conducting awareness training, phishing simulations, and assessments to identify security gaps in organizations. Inspira works in finding where the entry of the attack is, closing the entry of the attack, and updating the security policy.
“Sometimes it is not just technology, it could be the policy. For example, if an organization tries to migrate all their servers to the cloud but if they do not have a policy to mandate what data you can move to the cloud, that could be the root cause of a data breach because nobody had the visibility and people in the organization do not know what they are leaking out,” he explained, adding that members of an organization are also crucial in the success or failure of a cybersecurity strategy.
“I think human is still the weakest link. Because of that, we also do cyber awareness training and phishing attack simulations. We conduct mock simulations to see who would click the links then every month or quarter, we flag up the top ten users who clicked the links. Trend shows that a lot of senior executives clicked them, maybe because they are busy or unaware. We drive the message back to the organization that whichever is the most vulnerable group, we give them more education,” he concluded.