Cisco: Most PH SMBs suffer cyber attacks in past 12 months


Most Small and medium-sized businesses (SMBs) in the Philippines, 57 percent, suffered cyber attacks in the past 12 months, each losing from over P25 million ($500,000) to over P50 million ($1 million), a study by an American technology firm showed.

The Cisco "Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense" reported in a virtual presscon Thursday, Oct. 14, 2021, that 73 percent of companies also lost customer information to cybercriminals.

Cisco's latest report said that SMBs are more apprehensive now about cybersecurity risks, with 82 percent more worried about cybersecurity now than they were 12 months ago and 89 percent feeling exposed to cyber threats.

The Cisco study was based on an independent, double-blinded survey of over 3,700 business across 14 markets in Asia Pacific, including 158 respondents in the Philippines.

Malware attacks, which affected 81% of SMBs in Philippines, topped the threat charts, followed by phishing, with 78% experiencing such attacks in the past year.

Significantly, almost one in two (49%) local SMBs discovered that cybersecurity solutions are not adequate to detect or prevent attacks.

In contrast, 13% attributed not having cybersecurity solutions in place as the cause for their vulnerability.

Furthermore, 28 percent of affected local SMBs quantified the cost of the attack at the US$500,000 or more, with 10% saying it cost them US$1 million and more.

Ironically, SMBs have to fast-track their digitalization to do business during the pandemic.

"As SMBs become more digital, they also become a more attractive a target for malicious actors, not least because digitalized businesses have an expanded attach surface that hackers can target," Robin Llamas, Cisco Philippines Officer in-charge, Managing Director, acknowledged.

In addition, digitalized SMBs generate more data, which cybercriminals prize.

Besides losing customer data to attacks, local SMBs also lost employee data (66 percent), sensitive business information (66 percent), internal emails (56 percent), financial information (53 percent), and intellectual property (53 percent).

Worse, 65 percent admitted the cyber attacks had a negative impact on their reputation.

Disruptions caused by cyber incidents have serious implications for SMBs.

Even a downtime of less than an hour results in severe operational disruption, 16 percent of local SMBs pointed out, along with severe impact on revenues, according to 15 percent.

A downtime of one day would result in a permanent closure of their business, according to 16%.

What made it more challenging was only 9 percent of respondents in the Philippines were able to detect and remediate a cyber incident within an hour.

“We are living in a world where customers seek instant gratification. They no longer have the patience for lengthy downtimes," warned Juan Huat Koo, Cisco ASEAN Director Cybersecurity.

"It is critical for SMBs to be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible," he stressed.

But while SMBs in Philippines are more worried about cybersecurity risks and challenges, they are also taking a planned approach to improve their systems.

According to the study, 77 percent of Philippines SMBs have completed scenario planning and simulations for potential cybersecurity incidents in the past 12 months.

Majority, ninety-five percent of those who did so, uncovered weak points in their cyber defenses.

Of those who identified weaknesses, 97 percent detected an attack but did not have the right technologies to block it or mitigate its impact.

Also, 96 percent had too many technologies and struggled to integrate them together, while 94% discovered they did not have clear processes in place to respond to a cyber-attack.

However, SMBs are increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (50% ranked #1) is seen as the top threat by SMBs in Philippines.

Other top threats include targeted attacks by malicious actors (20% ranked #1), and unsecured personal devices of employees (17% ranked #1).

The good news is, local SMBs generally invest well in cybersecurity, with 82% increasing their cybersecurity solutions investments since the start of the pandemic.

Some 37% invested more than 5%. SMBs are likewise putting more money in areas like compliance or monitoring tools, talent, training, and insurance.

“Cybersecurity is evolving rapidly. This is being driven by trends like the expanding attack surface, move to multi-cloud, rise of hybrid work, as well as new security requirements and regulations," noted Kerry Singleton, Cisco Managing Director, Cybersecurity, Asia Pacific, Japan and China.

Finally, the study recommends five ways to improve a business concern's cybersecurity in the ever-changing landscape.

These include having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, as well as working with the right technology partner.