The first and only cybersecurity testing platform in the Philippines, Secuna with its proactive approach protects government and private organizations from potential millions of pesos in losses caused by data leaks and system flaws. Their ability to spot vulnerabilities in an IT structure is a wake-up call to many Filipino executives who, according to results of a survey conducted by global cybersecurity firm Palo Alto Networks, still regard cybersecurity breaches as “low” to “moderate” risks.
In dealing with cybersecurity, “we should be proactive and not reactive,” maintains Secuna Chairman and President Jay Ricky Villarante as he elaborates on the distinction between the two responses. “Being reactive is responding to malware as it enters your network and corrupts your business databases. However, proactive cybersecurity means you prevent cyber-attacks from happening by locating the system’s potential vulnerabilities before they can be exploited by criminals.”
Secuna also connects companies, organizations, and businesses with the most advanced and highly vetted cybersecurity professionals in the world who find security flaws before these can be exploited by real-world malicious hackers. The Department of Information Communications Technology (DICT) has recognized Secuna as a CyberSecurity Service Provider for Vulnerability Assessment and Penetration Testing.
Having the company’s IT system tested by third-party cybersecurity experts can point out and plug its holes long before a cyber-attack is launched through it. Secuna’s more-than-1000-strong community of ethical hackers “can find the flaws before the bad guys do, and then create a system that would be more efficient in protecting the company’s data,” says Villarante.
“Companies need to be prepared but they cannot really tell their vulnerability by themselves,” Villarante continues. “When they ask us to check their systems, we find all sorts of problems like database leaks. The problem comes from human error or configuration problems with the systems. I've seen a lot of startups leak their full source code into the internet. Once we gain access to the client’s database, we assess immediately the level of the vulnerability of the client to an attack of a cybercriminal who is drawn to their system flaws.”
For each IT system vulnerability or flaw that is discovered, reported, and verified, a company can reward the reporter a bounty as low as P2500 ($50) or as high as P50,000 ($1000) or more depending on the severity of the bug discovered. Villarante regards it as a worthwhile investment in a greater cybersecurity structure. “Just allowing those vulnerabilities to remain in your system is a high risk,” he says. “Because if the bad guys do find those unpatched holes, their attack can cost the company millions of pesos in damages.”
Retesting after a flawed IT system has been remediated is another of Secuna’s strengths. “In our VAPT service, we offer unlimited retesting for all the bugs that we’ve reported after the client fixes them. This means that we have this feedback loop with our clients that keeps on going until we are sure that each bug we’ve discovered is completely fixed,” says Villarante. “This lessens the attack surface or points of weaknesses in our client’s IT system. So, when cybercriminals do attack, they will have a very hard time looking for any point of entry.”
Cybercriminals are known to be persistent: they will keep attacking your systems until they find a vulnerability that they can exploit. As such, companies need to treat cybersecurity not as an add-on, but as a critical part of the foundation of their online business to be secure. For example, if they are investing in social media for their marketing, they should also invest in cybersecurity even more.
Recent developments have made the strengthening of the country’s cybersecurity more urgent. According to Kaspersky's 2020 Security Network report, the Philippines has been one of the most vulnerable countries exposed to cyberthreats for two years in a row. The 2016 leakage of private information of 55 million voters from the Commission on Election database by a cyber terrorist group is one of the more notorious examples. In the private sector, Philippine remittance center Cebuana Lhullier experienced a data breach in 2019 that exposed the personal data of 900,000 clients.
Villarante points out, “Cybersecurity is very much like life insurance; you don’t feel right away that the attack is coming. But when the attack does come, it’s going to cost the company not just in terms of money, but also damage to their reputation.”