2023 was a year of heightened cybersecurity risks, marked by high-profile incidents where government agencies became the targets of hacker groups.
In late September, the Philippine Health Insurance Corporation (PhilHealth) was at the center of the largest cybersecurity breach in years, where the private information of at least 13 million of its members were affected.
Meanwhile, the Philippine National Police (PNP) and the National Bureau of Investigation (NBI) also weren’t safe from cyberattacks, with 1.2 million personal records at risk from a breach.
Both the Department of Science and Technology (DOST) and the Philippine Statistics Authority (PSA) also had its share of data breaches in 2023, wherein agency information may have been compromised.
Apart from these attacks on government agencies, unsuspecting organizations in and out of the country also fell victim to different hacking incidents.
Across the cybersecurity landscape, trends are pointing to the prevalence of ransomware attacks and phishing and smishing (SMS or text message phishing) scams.
According to one cybersecurity publication, the frequency of ransomware in 2023 surpassed the combined numbers of 2021 and 2022. Additionally, as much as 72% of businesses worldwide faced this type of cyberattack.
For phishing and smishing attacks, cybersecurity professionals are becoming a common target, as keepers to vital points of access themselves to the IT infrastructure of a business. In 2023, more than 70% were reportedly targeted by attempts, with 28% via text messages.
Jon Clairmond Siy, Chief Security Officer of Shellsoft Technology Corporation, one of the top cybersecurity solutions consultants in the Philippines, pointed out that attacks will continue to rise in prevalence as hackers find more supply chain vulnerabilities in an increasingly interconnected digital environment.
“It can take just one third-party supplier or service provider with a weakness in their IT infrastructure,” he cautioned. “Some threat actors can take advantage of these exposed systems as an opportunity to infiltrate more critical infrastructures.”
He extended the warning to micro, small, and medium enterprises (MSME) which according to him lack a more robust cybersecurity system, due to their size and capabilities. “And with minimal cybersecurity awareness, they are also more vulnerable to phishing or smishing.”
As businesses put their finishing touches on their plans for the year, Siy expressed his hopes that increased efforts on cybersecurity was on the agenda. His call resonated with President Ferdinand Marcos Jr.’s directive for the government, the Department of Information and Communication in particular, to strengthen cybersecurity efforts for public agencies.
“Beyond just awareness, we should all continue to augment cybersecurity capabilities when we can, with the objective to always be one step ahead of threat actors,” he added.
One of the best places to start, Siy explained, “is by assessing your organization’s digital infrastructure and the potential threats that your business is facing, and promoting a stringent Cybersecurity culture in the workplace.”
“It’s important to regularly take stock of your capabilities to avoid being exposed and exploited,” he concluded.