Enterprises should always be on guard against cyberattacks and operate on an “assumed breach mode" as if their systems have already been infiltrated, according to telco giant PLDT.

"That should be the operating mode so that you would always stay vigilant that something might happen and you might be vulnerable to any cyberattack," said PLDT Enterprise AVP and Head of Cybersecurity Business Consulting, Alexis Bernardino.

"It is also important to fortify your predictive and responsive capabilities and approach,” he added.

In terms of the current cyber security landscape, he said "it's no longer a question of ‘if’ or ‘how’ companies will be breached or attacked but it is a matter of ‘when'.”

Last year, 69 percent of Philippine businesses surveyed by cybersecurity firm Sophos experienced ransomware attacks.

This form of cyberattack encrypts systems in exchange for a ransom.

The average ransomware payment which local companies paid was $1.6 million, more than double the global average of $812,000.

It cost Philippine organizations an average of $1.34 million to recover from the attack, ranging from downtime, people time, device cost, and network cost, to lost opportunity, among others.

Partnership between public and private companies is critical to ensuring a safer Philippine cyberspace, according to Bernardino.

“There should be strong legislation pertaining to cybersecurity so that we can establish a framework and roadmap for the Philippines," he explained. "The private sector can come in to share their best practices, threat intelligence, and cybersecurity expertise to help the government, which is leading the pack to create a safer and secured Philippine cyberspace,” he added.

Problem is, local cybersecurity talents are hard to come by, Bernardino acknowledged.

The most important consideration is to employ cybersecurity professionals who have “the right mindset, the right attitude and should be trainable in cybersecurity”, he concluded.