A WOMAN in a remote meeting via videoconference works from her living room. — REUTERS

Small and medium-sized enterprises (SMEs) in the region should strengthen their cybersecurity measures amid the increased adoption of a hybrid work environment, according to experts.

One in three SMEs in Southeast Asia is not confident in its pursuit of cybersecurity breaches amid a hybrid work arrangement, cybersecurity company Palo Alto Networks said in its 2023 State of Cybersecurity ASEAN report.

Cloud infrastructure and processes for onsite and work-from-home setups account for 41% among SMEs in the region, the report said. 

Top concerns include password attacks (63%), malware attacks (56%), and account takeovers (53%).

The Philippines’ electronic security rank fell to 45th this year out of 121 countries, down from 44th last year, according to the latest edition of the Digital Quality of Life Index by virtual private network service provider Surfshark.

Electronic security factors in cybersecurity and data protection laws, the company said.

In its 2022 study, technology company Cisco found that only 27% of the Philippine companies it surveyed possess “mature” defenses against cyber threats.

Cisco also noted that 43% of the local companies are at the “beginner” or “formative” levels in cybersecurity.

Readiness must be upheld across the five key pillars, such as identity, devices, network security, application workloads, and data, the report said. 

“While organizations in the Philippines are faring better than the global average (15% of companies in the ‘mature’ stage), the number is still very low, given the risks,” Cisco said in an e-mailed press statement. 

Steven Scheurmann, ASEAN vice president at Palo Alto Networks, said that risks continue with unsecured home networks and personal devices, which lead both SME employees and customers to identity theft and unauthorized financial transactions. 

He also noted that non-negotiables, even in resource-constrained businesses, must be set in place to maintain a formidable security posture. 

“Holistic visibility, a zero-trust approach, and AI [artificial intelligence] integration will help ensure that SMEs can scale up their cloud security,” Mr. Scheurmann said in an e-mailed press statement on Wednesday. 

“Imagine your company’s network as a bustling airport, where employees work from different ‘terminals’ or physical locations, such as offices, homes, or remote sites,” he said regarding holistic visibility of network traffic. 

“The challenge resembles airport security—knowing who’s allowed to board ‘network flights’ and who’s not,” he added. “The airport needs to have visibility on every ‘passenger’ (devices and users) and verify their ‘boarding passes’ (access permissions).” 

“This holistic visibility ensures SMEs that only authorized users and devices get access to data and applications.” 

Mr. Scheurmann also said that SMEs must operate on the principle of ‘never trust, always verify,’ or a zero-trust network access that manages each entry to and exit from the corporate network.

He added that sophisticated, AI-driven firewalls equipped with machine learning can help SMEs analyze network traffic while predicting and preventing imminent threats. 

“Organizations must stop approaching defense with a mix of point tools and instead consider integrated platforms to achieve security resilience while reducing complexity,” said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco. 

“As people operate from multiple devices in multiple locations, connecting to multiple networks in a dynamic hybrid world today, it is crucial for organizations in the Philippines to adopt an integrated platform approach,” he added. — Miguel Hanz L. Antivola

RELATED ARTICLESMORE FROM AUTHOR