Many PH firms unprepared for cyber attacks – SGV
MANILA, Philippines – A vast number of Philippine firms are unprepared for cyber attacks, according to a new survey by Professional services firm SGV & Co (SGV).
At least 60% of firms surveyed in the Philippines said they do not have a security operation center and have zero or just informal threat intelligence programs, according to the latest Global Information Security Survey released last week by EY Global, SGV’s global parent.
SGV said a significant majority of local firms consider careless employees and criminal syndicates to be the most likely source of an attack.
In addition, more than 50% of the survey participants said they have not experienced a major attack while 25% of those that have experienced attacks said they were not aware of the extent of the financial damage to their organizations.
The survey of 1,735 organizations, including those in the Philippines, globally examines pressing cybersecurity issues facing businesses today in the digital ecosystem
Rossana Fajardo, head SGV’s Advisory practice, pointed out that it also includes insights into how organizations can deploy effective cyber-security strategies.
“Many Philippine companies are still in the process of developing and deploying their own cybersecurity programs. It is important for us all to remember, however, that cybersecurity is not just an IT concern. It needs to become part of an organization’s corporate culture, permeating from the management down to the staff,” she said in a statement on Friday, March 17.
Cybersecurity is particularly relevant given that two high-profile incidents last year, the Bangladesh bank heist and the hacking of the Philippine election data, demonstrated the weakness of the country’s network security infrastructure.
Another indication of the heightened threat facing the country is the recent establishment of a new security center by Globe Telecom, which the telco will also offer as a service to other firms.
Inline with global results
The report said that globally, 64% of organizations surveyed also said they do not have a formal threat intelligence program or only have an informal one.
Despite this, SGV noted that 50% of those surveyed said they could detect a sophisticated cyber-attack – the highest level of confidence since 2013.
The firm attributed this confidence to investments in cyber threat intelligence to predict what companies can expect from an attack, continuous monitoring mechanisms, security operations centers and active defense mechanisms.
The report also found that business continuity, disaster recovery, along with data leakage and data loss prevention were rated as the top priorities of companies globally, cornering 57% of respondents.
“This highlights the need for quick, automated damage assessment and rapid responses to halt or limit the spread of cyber-attacks. None of us can afford to be caught by surprise,” Fajardo said.— Rappler.com