The recent alarming developments and incidents are showing that even the formidable, long-established companies like Domestic Systemically Important Banks (DSIBs) are not exempt from hacking and data breaches which can cost tremendous financial loss and reputational damage to these organizations.
Only in March of this year, Philippine business associations estimated that, if these attacks were to remain unabated, their adverse effects on the economy could reach up to $10.5 trillion annually by 2025.
A powerful deterrent to reducing this cybercrime is strong collaborative cyber defense between stakeholders in the industry itself, such as government agencies, banks, fintechs, industrial groups and consumer communities.
Former Commissioner Raymund Liboro of the National Privacy Commission (NPC) gave a sober overview of the situation that banks and other financial institutions face when it comes to cyber-attacks: “Highly technological heists and systematic attacks exploit vulnerabilities in human beings and the banking systems. It is not a question of whether a breach is possible---but rather when it will happen.” At the same time, he maintains that “cybercrimes are man-made, so they can be prevented and mitigated. The NPC has a responsive regulatory framework and provides data privacy resilience by giving correct advice, engaging stakeholders, and mitigating risk.”
The critical issues regarding cybersecurity and data protection were discussed in the recently held webinar, “Cybercrime: a Collective Defense,” which was organized by MB Tech News, the top news site which highlights the latest developments on technology. Art Samaniego, Cyber Security Advocate and Manila Bulletin’s Technology Editor moderated the discussion. The webinar’s other partners were Digital Pilipinas, a movement that seeks to address long-standing socio-economic challenges through technological adoption; and Fintech Philippines Association, the leading independent industry association representing the interests and growth of the fintech community in the Philippines.
Amor Maclang, Digital Pilipinas Convenor, also pointed out that creating strong cybersecurity that can protect the business community from hackers, who tend to band together in groups, is no longer an individual initiative. She said, “One thing is absolutely clear: we will only be stronger if we work together. Sharing our security issues will allow us to learn and adapt much faster. When one of us is victimized by cybercrimes, all of us are victimized. Collective security is not a field for competition, but for collaboration.”
Maclang also named the “new allies” of the financial system once its players start conducting counter-cybercriminal dialogues: “The White Hat Hackers---” referring to cybersecurity professionals who employ the methods of online terrorists to find flaws in a company system and then fix them---“advocates of Open Finance, the academe, and media.”
Atty. Arvin Razon, Director for Legal Compliance and Regulatory Affairs of Open Finance Technology Company Brankas, agrees that the increasing threats posed by cybercriminals require an open environment where the industry players and their partners can discuss issues and come up with ways to solve them together. He commented, “All of us can adapt quickly and work collectively to close holes in the system that cyber criminals can exploit. We need to advocate for interoperability and collaborative partnerships in data protection.”
Razon also recommended Open Finance as a way to jumpstart these industry conversations: “Businesses use technologies to talk to each other using a common language. Tech has made it easy for us to do banking. Because we are more connected than ever, we have to work together.”
Nichel Gaba, CEO and Founder of homegrown cryptocurrency exchange PDAX, explained how nascent technology can further develop industry transparency which can keep the cybercriminals at bay. He said that currently “we have the tech to have products much more accessible. Crypto currency and blockchain are integral in helping make these products accessible and safe.” Fintech systems like Open Banking and Open Finance can also help see to it that “finance institutions have a standard security measure.”
Building confidence
"The overall thrust of any law is to build resilience. Resilience for industry so that they can be trusted. Resilience for industry so they can withstand assaults and attacks. We have the legal policies amd frameworks in place. The NPC already crafted a responsive regulatory framework that keeps us awake during the night and even on weekends. But foremost is we are building digital resilience for the companies and our stakeholders by providing the right policies, providing correct advice, giving timely information, guidelines, engaging with stakeholders, and coming up with standards," added Liboro in reaction to a question which Samaniego relayed to him regarding the people's confidence with NPC.
Regaining trust
"Digital banking is here to stay and the important thing to take note of is how do we continue to do it in a safe manner. I'll take a nod to what the former Commissioner mentioned about the importance of accountability on the part of these institutions. We actually have regulations. We have proactive regulators to ensure we don't just have the baseline protection but also on top of that, what are the best industry practices. The call for now, for everyone, is how do we comply with these best industry practices and how do we standardize them to become applicable for everyone," shared Atty. Razon when it comes to strengthening bank customers' trusts in regards with the ongoing bank breaches in the Philippines.
"Obviously, customers must protect their personal information but at the end of the day, it does really falls on the controllers, the banks, and on the processors to make sure that we do what we can based on the highest technical security standards to ensure that consumers' trust is retained and developed," Atty. Razon's response to our question on how will the banks regain customers' trust after what just happened to the rampant hacking on BDO.
All the panelists concurred that the industry must step up when it comes to their cybersecurity efforts in order to protect themselves and their customers who own tons of valuable data that is attractive to identity thieves and other digital invaders.
"We took a risk management approach. We are really for the promotion of preventing and mitigation," added Liboro.
The urgency of the situation was captured by Maclang’s final words in the webinar: “Cybersecurity and cyber defense is a whole-of-nation, whole-of-society concern. Black hackers work in groups---can we survive their attacks as individual actors? But sharing security issues will allow us to learn and adapt faster. We will never be done when it comes to security as the world will change in increasing speed. We have to admit that we can’t do it alone.”