PHL firms lack skilled personnel to deal with cybersecurity risks
By Arjay L. Balinbin, Senior Reporter
Philippine firms still lack skilled personnel capable of handling cybersecurity risks, especially during the pandemic crisis where many companies have become more vulnerable to cyberattacks, industry leaders said.
“Organizations are already spending more on cybersecurity, but there is another problem. As we are already getting the support of business’s top management officials, the next question should be: is there someone in those organizations who can come up with an end-to-end strategy, not only inward-looking to their organizations but also outward-looking?” Angel T. Redoble, first vice-president and chief information security officer of ePLDT Group, PLDT Group, and Smart Communications, said at the BusinessWorld Virtual Economic Forum last week.
He noted a company should have cybersecurity personnel who can secure and protect the community, not just the business.
“Over the years, I’ve seen how organizations transformed from having a non-supportive top management to a very supportive, even the board, from putting less money on cybersecurity to putting more money, and that is why we have observed that budgets for cybersecurity have actually increased since 2016,” Mr. Redoble also said.
Andres Jomas Capellan, security services sales leader at IBM Philippines, said: “We are overwhelmed as cybersecurity professionals because when we talk to companies, one of the underlying difficulties has been to find personnel who can actually deal with these challenges.”
He said funding, although it has been increasing, also remains a challenge.
Mr. Capellan also said Filipinos need to become more aware about cyberthreats these days, as they are now more engaged in online activities because of the pandemic.
“Now, more than ever, we need to be cyber-aware. We need to be cognizant of the risks when we do our online activities,” he said.
“The cost of getting personal information averages to about $150 to $200, so there is really a market where bad actors try to harvest our personal information,” Mr. Capellan added.
National Privacy Commission Chairman Raymund E. Liboro said the government and the private sector should collaborate to address cybersecurity risks.
He said it is important for organizations to embed “privacy by design” principles into their digital transformation programs in order to be digitally resilient.
“Take a user-centric approach; avoid false dichotomies, like privacy versus revenue; be transparent with users; ensure full lifecycle protection; valuing privacy should be the default setting; be proactive to prevent breach rather than react to it; and embed privacy into design,” Mr. Liboro told business leaders.
“So finally, as you reboot, rethink, and reshape in your new business ventures, in the development of your new products and services, and in innovating digital tools, I urge you to make data privacy and cyber protection your cornerstone,” he added.
Mr. Redoble said everyone who is in cyberspace should be “paranoid.”
“If you are connected, just be paranoid. Always think that someone will acquire or extract your information and sell it somewhere else. So if you are not paranoid enough, you will become a victim, perhaps not today or tomorrow but maybe soon, and it will either be okay for you to become a victim or it will be fatal for you, especially if it already has something to do with financials,” he said.