By Ann Cuisia
Two years ago, my IT company was targeted by online rogue actors. Dealing with the business impact of such intrusion was not a cakewalk. It was painful and stressful, but we survived the crisis, thanks to the insights and guidance of professionals and peers who knew more than a thing or two about the workings of threat actors.
My bad experience with cyberattacks is not an isolated case. For instance, the 2021 statistics provided by cybersecurity firm Sophos revealed that 69% of the 150 respondents surveyed in the Philippines experienced attacks that encrypt systems and files for ransom.
Moreover, the impact of these attacks is not confined to corporations alone. Recall that in 2021, a hacking incident affected 700 account holders of a well-known bank in the country.
The Code of Silence
In the FinTech world, I believe all law-abiding entrepreneurs loath these online thieves of data identity and money as much as I do.
But let me be clear: My beef is not with cyber attackers only.
I am also disappointed in businesses that are reluctant to share what they know and experienced as victims of these cyberattacks. While there are companies that follow the Bangko Sentral ng Pilipinas’ (BSP’s) directive to report all cybersecurity incidents within two hours of detection, others prefer to remain tightlipped whenever they can.
I had thought that in the company of industry peers, corporations would easily look at these incidents in retrospect and share lessons with a bit of candor. That was not usually the case, I learned later.
Fear-Driven Mindset?
Many FinTech leaders have been pushing for the digital transformation of the country. We talk about e-wallets and cryptocurrencies, about how to upskill Filipinos for online jobs, and about how to give unbanked Filipinos access to financial services.
However, how can we sustainably implement all these objectives when there is a certain mindset toward cyber security that still needs fixing?
As a business person, I partly understand why some companies are wary of sharing information about their cyber incidents. After all, there are potential legal, regulatory, and reputational consequences in publicly admitting a breach or infrastructure disruption.
Staying silent, however, comes at a price. No one can deny that scamming, phishing, and hacking methods have become more complex and sophisticated in recent years. To be able to outwit the attackers, legitimate businesses cannot continue working in silos when it comes to cybersecurity.
Creating a Community of Trust
This secrecy also stems from a trust issue: There is fear that whatever information businesses share will fall in the wrong hands and leave them vulnerable to more attacks.
How then can companies overcome this crippling secrecy, without leaving them vulnerable to more attacks? Here are five steps to consider:
- Build the trust. To gain peers’ trust, transparency is key. Even the biggest companies such as Google, which was a victim of a major cyberattack in 2009, have learned the importance of “talking about the attack–to tell the world about its impact, the methods of the hackers, and the sectors at risk” to “eventually find a way to raise the security bar” for other organizations.
- Create a shared experience. Industry players can find strength in numbers by sharing threat intelligence, creating joint security solutions, and conducting joint training and awareness campaigns. Alliances may be forged for varied reasons such as to access new technologies, or to reduce risks and costs when beefing up defenses against hackers.
- Establish a Quick Response Team (QRT) and an effective escalation process. While government agencies such as the Criminal Investigation and Detection Group, Department of Information and Communications Technology, and National Privacy Commission have their QRTs, private businesses must also have one, each with its clear escalation process. In a B2B reporting of incidents, how fast the report is escalated by the receiving organization is partly defined by the trust already built with the reporting company.
Grounded in this trust, organizations’ QRTs should create a virtual priority lane for hacking and identify theft incident reports. This way, when a business seeks the help of banks and e-wallet providers in an alliance, a fix can commence sooner since the priority lane cuts the chances of being given the runaround. Alliances are also a good venue to establish a centralized directory of QRT contact persons/groups.
- Act immediately to stop the bleeding. Oftentimes, before a bank can freeze a suspicious account, the chain-of-command in itscommunication line would involve multiple departments. A long communication line, however, can delay the implementation of the incident response. Banks/e-wallet providers that have received an alert from an institution-victim of a cyberattack should, thus, trust the latter’s report—especially when it had already sent the same notice to the BSP and the National Privacy Commission—and take this as their cue to take legal steps to temporarily freeze any suspicious accounts for immediate investigation.
- Strengthen cybercrime laws against hackers.When online criminals leave trails of their wrongdoing, law enforcement should kick in. However, most law enforcers are more familiar with physical crimes committed in a physical world, where an investigation takes days or weeks. In the world of cybersecurity, this speed is unacceptable.
In my experience, even after we had provided mounting proofs of the identity of the hacker, some prohibitive guidelines followed by law enforcement agencies hindered justice from being served promptly. These guidelines may need to be reviewed; otherwise, how can law enforcers stop online attackers from victimizing more corporations in near real-time, particularly when multiple attack methods are involved?
Ann Cuisia is the CEO of Traxion Tech, a provider of technology solutions, including services in digital transformation, cybersecurity, and blockchain, in the Philippines. In partnership with the Israel-based cybersecurity firm I+Cyber, Traxion Tech will be launching the Threat Operations Center (TOC) services in the Philippine market this year.
A TOC is a centralized hub that collects intelligence about advanced persistent threats, botnets, and crimeware, monitors these, and delivers critical security alerts to clients.