The PLDT Group, a leading telecommunications provider in the Philippines, has made significant strides in cybersecurity by becoming the first and only Philippine organization to join the Forum of Incident Response and Security Teams (FIRST). This prestigious global body is dedicated to improving security incident response worldwide.

Angel Redoble, Chief Information Security Officer at PLDT, Smart, and ePLDT, emphasized the importance of this membership, stating, "FIRST offers a treasure trove of information shared by over 700 teams from more than 100 countries. This enables us to better protect our customers and their data." PLDT Group's Cyber Security Incident Response Team (CSIRT) will now have access to valuable data and tools for combating cyber threats.

Founded in 1990, FIRST was convened to exchange information and foster cooperation on issues of mutual interest like new vulnerabilities or wide-ranging attacks following the computer security incidents known as the "Internet worm" that ground computers worldwide to a halt and the "WANK worm" that trolled computers with random pop-up messages. While different organizations responded to contain the infection, their actions were isolated and uncoordinated, resulting in duplicated or conflicting solutions.  

FIRST was convened to address these issues by providing a platform for stakeholders to share their best practices and experiences. It encourages cooperation and coordination among members in incident prevention, stimulating rapid reaction to incidents and promoting information sharing, especially in the global community.

In 2023, the PLDT Group successfully thwarted over 16 billion cyber-attacks and blocked more than 18 billion attempts to access malicious domains. This achievement underscores their commitment to customer-centric security measures, focusing on protecting users from cyber threats and malicious online activities.

Redoble outlined various ways the PLDT Group plans to contribute to and benefit from FIRST:

Enhanced Strategic Cybersecurity Capabilities: Joining FIRST will allow PLDT to share and gain insights on emerging threats, enhancing their ability to respond to cyber incidents.

Global Community Contribution: PLDT plans to share its experiences in handling cybersecurity in the ASEAN region, contributing to policy development and global cybersecurity resilience.

Strengthened Preventive Measures: Collaboration with FIRST will lead to improved threat intelligence, vulnerability management, and security analytics for the PLDT Group.

Improved Incident Response: Membership in FIRST is expected to enhance PLDT Group's incident response times and effectiveness through access to global threat intelligence and collaborative efforts.

Direct Customer Benefits: PLDT's participation in FIRST will translate into improved data security and privacy for its customers, with better threat detection, quicker incident response, and a robust security infrastructure.

Preparing for Global Cybersecurity Trends: PLDT is gearing up to tackle emerging global cybersecurity trends such as AI-driven threats, ransomware, and IoT vulnerabilities.

Leveraging Collaborative Learning: PLDT aims to utilize the collaborative environment of FIRST to gain and share insights on tackling cyber threats effectively.

Predictive Cyber Threat Response: Access to FIRST's shared information will aid PLDT in predicting and responding to new types of cyber threats.

Unique Philippine Perspective: PLDT brings unique insights from the Philippine cybersecurity landscape to FIRST, enriching the global understanding of cyber threats.

Future Collaborative Initiatives: PLDT is exploring potential collaborative projects with FIRST and its members to further enhance cybersecurity infrastructure and resilience.

The PLDT Group's admission into FIRST marks a significant milestone in the Philippines' journey towards enhanced cybersecurity and demonstrates its commitment to protecting digital infrastructure and customer data on a global scale.

I asked Angel Redoble about this and here's the transcript of our conversation:

Art Samaniego (AS): How do you envision the admission of the PLDT Group's CSIRT into FIRST enhancing your strategic capabilities in cybersecurity? 

Angel Redoble (AR): The admission of PLDT Group's Computer Security Incident Response Team (CSIRT) into FIRST (Forum of Incident Response and Security Teams) would significantly enhance our strategic capabilities in cybersecurity.  

Being part of FIRST would allow PLDT Group's CSIRT to access a global network of top security teams, enabling us to share information and best practices about emerging threats and incidents. This collaboration can lead to faster and more effective responses to cyber threats, enhance the PLDT Group's threat intelligence and its ability to stay ahead of evolving cybersecurity challenges. 

Additionally, it would provide opportunities for training and development on the latest security technologies and methodologies, further strengthening our ability to safeguard the networks, systems and assets. 

AS: With access to FIRST's vast resources, how does PLDT plan to contribute its own insights and experiences in cyber security to the global community? 

AR: As a member of FIRST, PLDT can share with the global cybersecurity community its own unique insights and experiences, particularly those gained from its day-to-day operations in the complex and dynamic digital landscape of Philippine cyberspace.  
 
Regional Expertise: PLDT can offer valuable perspectives on cybersecurity challenges and trends specific to the unique digital infrastructure and cyber threat landscapes in the ASEAN region. 
 
Case Studies and Incident Reports: By sharing detailed analyses of cyber incidents they have encountered, PLDT can help other organizations prepare for and mitigate similar threats. 

Policy Development: The PLDT Group has actively participated in legislation that seeks to strengthen laws on cybercrimes. It has served as subject matter experts on efforts by communities to pass local ordinances on securing their citizens' digital experience. As participants in discussions and development of global cybersecurity policies and best practices, the PLDT Group can share insights on crafting policies that are inclusive and applicable to diverse digital ecosystems. 

These efforts show that the PLDT Group is an active participant in strengthening global cybersecurity resilience. 

AS: Can you elaborate on the specific preventive measures that will be strengthened as a result of your collaboration with FIRST? 

AR: Banking on the wealth of knowledge and experience shared by fellow FIRST members, the PLDT Group's collaboration with the global organization will significantly enhance its preventive cybersecurity measures. Some of these specific preventive measures include: 
 
Enhanced Threat Intelligence: Access to FIRST's global network allows the PLDT Group to receive timely and detailed threat intelligence. This includes information about new types of malware, attack vectors, vulnerabilities, and tactics being employed by cybercriminals. This intelligence is crucial in the PLDT Group's efforts to proactively identify and mitigate potential threats before they impact the network. 
 
Improved Vulnerability Management: With information shared within FIRST, the PLDT Group can better identify and patch vulnerabilities in its own systems. This proactive approach to vulnerability management helps in preventing exploits and reducing the attack surface. 
 
Advanced Security Analytics: Leveraging shared data and analytics tools from FIRST, the PLDT Group can enhance its security analytics capabilities. This means that the PLDT Group can more effectively monitor network activities and detect anomalies and potential threats with greater accuracy. 
 
Incident Response Preparedness: Collaboration with FIRST provides insights into best practices for incident response. Learning from the experiences of and information shared by other members, the PLDT Group can adopt some of these strategies to help it respond more effectively to cyber incidents, thereby minimizing damage and recovery time. 
 
Employee Education and Awareness: With the abundance of information and training resources available for FIRST members, the PLDT Group can develop more comprehensive cybersecurity awareness programs for employees. Considered as the Group's critical line of defense, a well-prepared workforce can reinforce vulnerable points and fend off cybercriminals' attempts to breach the network through employees.  
 
Collaborative Defense Strategies: Engaging with other FIRST members in joint defense initiatives allows the PLDT Group to be a part of a coordinated response against large-scale cyber threats, enhancing overall cybersecurity resilience. 

AS: How does being a member of FIRST improve PLDT Group's incident response times and effectiveness? 

AR: Being a member of FIRST will significantly improve the PLDT Group's incident response times and effectiveness in several ways: 
 
Rapid Access to Global Threat Intelligence: FIRST membership provides the PLDT Group with access to a wealth of real-time threat intelligence from around the world. This information helps in quickly identifying and understanding new threats, thereby reducing effective response time. 
 
Best Practice and Strategy Sharing: By leveraging on these compiled strategies, the PLDT Group can streamline and enhance its own response procedures, leading to quicker and more efficient actions during a cybersecurity incident. 
 
Advanced Tools and Resources: FIRST often provides its members with tools and resources that are at the forefront of cybersecurity technology. Access to these advanced tools can significantly improve the speed and efficiency of the PLDT Group's incident response efforts. 
 
Collaborative Response Efforts: In the event of a major incident, the PLDT Group can collaborate with other FIRST members for a coordinated response. This collaboration can lead to pooling of resources and expertise, significantly improving the response time and effectiveness. 
 
Training and Skill Development: FIRST offers training and educational resources which can be instrumental in upskilling the PLDT Group's own incident response team. A more skilled team can respond to incidents more quickly and effectively. 
 
Automated Data Exchange Mechanisms: FIRST encourages and facilitates automated exchange of cybersecurity information among its members. This can lead to quicker detection and response to threats that have been identified elsewhere. 
 
Community Support: In times of major incidents, PLDT can lean on the global FIRST community for support and guidance, helping to navigate complex situations more effectively. 
 
Overall, membership in FIRST equips the PLDT Group with a comprehensive set of resources, knowledge, and collaborative opportunities, all of which are vital in enhancing its own incident response times and effectiveness. 

AS: In what ways will PLDT's membership in FIRST directly benefit your customers in terms of enhanced data security and privacy? 

AR: The PLDT Group's membership in FIRST directly benefits its customers as it enhances data security and privacy in several ways: 
 
Improved Threat Detection and Prevention: Access to global threat intelligence and best practices allows the PLDT Group to better anticipate and prevent potential cyber threats. This proactive approach ensures that customer data is safeguarded against emerging and evolving cyber risks. 
 
Quicker Incident Response: Enhanced incident response capabilities allow the PLDT Group to address any breach or security incident that has the potential to impact customer data more quickly and efficiently, thereby minimizing potential harm. 
 
Robust Security Infrastructure: The insights and tools gained from FIRST enable the PLDT Group to strengthen its security infrastructure. This includes better firewall protections, intrusion detection systems, and secure data storage practices, all contributing to the safety of customer data. 
 
Regular Security Updates and Patches: With timely information on vulnerabilities and threats, the PLDT Group can implement security patches and updates more promptly, ensuring that customer data is protected against known exploits. 
 
Increased Trust and Reliability: Membership in a prestigious global network like FIRST enhances the PLDT Group's reputation as a reliable and secure service provider. This helps customers who are increasingly concerned about data security and privacy trust the PLDT Group. 
 
In summary, the PLDT Group's membership in FIRST enhances its ability to protect customer data from cyber threats, respond rapidly to incidents, and uphold high standards of data security and privacy. This results in a more secure and trustworthy environment for their customers. 

AS: What major global cybersecurity trends do you anticipate will be the focus in the coming years, and how is PLDT preparing for these? 

AR: In the coming years, several major global cybersecurity trends are anticipated to take center stage, and the PLDT Group is preparing for these in various ways: 
 
•    Rise of AI and Machine Learning in Cybersecurity 
•    Growing Threat of Ransomware and Phishing Attacks 
•    IoT and Smart Device Vulnerabilities 
•    Increased Emphasis on Cloud Security 
•    Compliance with Global Privacy Regulations 
•    Supply Chain Attacks 
•    5G Network Security 
•    Endpoint Security for Remote Workforces 
 
To prepare for these events, the PLDT Group will continue to invest in advanced technology, employee training, comprehensive security policies, and collaborations with global cybersecurity entities like FIRST. The Group also exerts to stay ahead of threat actors in the rapidly evolving cybersecurity landscape by aiming to continuously achieve 100% visibility on all its assets, processes and traffic with close monitoring, research, and adaptation. 

AS: How does PLDT plan to utilize the collaborative environment of FIRST to learn from other members' experiences in tackling cyber threats? 

AR: The PLDT Group commits to be a proactive and collaborative member of FIRST through these strategic approaches: 
 
•    Information Sharing 
•    Joint Cybersecurity Exercises 
•    Participation in Forums and Meetings 
•    Working Groups and Special Interest Groups 
•    Benchmarking and Best Practices 
•    Mentorship and Peer Support 
•    Collaborative Research and Development 
•    Training and Capacity Building 
 
By engaging in these activities, the PLDT Group can effectively utilize the collaborative environment of FIRST to learn from global peers, improve its cybersecurity posture, and contribute to the collective cyber resilience of the network. 

AS: Could you share insights on how access to FIRST's shared information will help in predicting and responding to new types of cyber threats? 

AR: Access to FIRST's shared information plays a crucial role in predicting and responding to new types of cyber threats in several ways: 
 
Early Warning and Threat Intelligence: FIRST provides a platform where members share real-time intelligence about emerging threats and vulnerabilities. This early warning system allows organizations like the PLDT Group to be aware of new threats as soon as they are identified globally, enabling a more proactive defense. 
 
Global Perspective on Cyber Threats: FIRST's diverse membership offers a broad perspective on cyber threats faced in different regions and industries. This global viewpoint helps in understanding and anticipating threats that may not yet be prevalent in one's own region but have the potential to spread. 
 
Trend Analysis and Predictive Insights: The aggregated data and analysis available through FIRST can be used for trend analysis, helping in predicting future cyber threats based on current patterns and behaviors observed across the network. 
 
Best Practices and Response Strategies: FIRST members share their experiences and strategies for dealing with specific types of cyber threats. Access to this repository of knowledge allows for learning from others' successes and failures, enabling the development of effective response strategies. 
 
Collaborative Problem-Solving: In situations where new types of cyber threats emerge, FIRST members can collaborate to understand and mitigate these threats. This collective problem-solving approach often leads to quicker and more effective responses. 
 
Advanced Research and Tools: FIRST often facilitates access to cutting-edge research and tools in cybersecurity. Utilizing these resources can enhance an organization's ability to detect, analyze, and respond to new threats. 
 
Customized Alerts and Notifications: Many times, FIRST provides customized alerts and notifications about threats that are relevant to specific sectors or technologies. This tailored information helps in focusing resources on the most pertinent and emerging risks. 
 
Training and Workshops: FIRST conducts training sessions and workshops on various aspects of cybersecurity, including how to handle new and emerging threats. Participation in these educational opportunities equips cybersecurity professionals with the latest skills and knowledge. 
 
Overall, access to FIRST's shared information enables the PLDT Group to stay ahead in the constantly evolving landscape of cyber threats, not just reactively, but with a predictive and informed approach. 

AS: As the first Philippine-based organization in FIRST, what unique experiences and perspectives does PLDT bring to the table? 

AR: As the first Philippine-based organization in FIRST, the PLDT Group brings a set of unique experiences and perspectives to the table, which are valuable in the global cybersecurity community: 
 
Regional Cybersecurity Insights: The Philippines, being an emerging digital economy with unique cybersecurity challenges, offers insights into how cyber threats manifest and evolve in Southeast Asia. The PLDT Group's experience in this environment is valuable for understanding regional threat landscapes. 
 
Experience with Local Threat Actors and Tactics: The PLDT Group can share knowledge about specific threat actors and cybercrime tactics prevalent in the Philippines, which might differ from those in other regions. This information can aid in developing more globally comprehensive threat intelligence. 
 
Adaptation to Developing Market Challenges: Operating in a developing market, the PLDT Group has experience in implementing advanced cybersecurity measures in an environment with unique constraints like limited resources, varying levels of digital literacy, and rapid digital transformation. 
 
Strategies for Broad Customer Base: Given the diverse customer base in the Philippines, including a significant number of small and medium-sized enterprises (SMEs), the PLDT Group's strategies for providing scalable and accessible cybersecurity solutions can offer valuable insights for similar markets globally. 
 
Response to High-Volume Cyber Attacks: The Philippines often faces a high volume of cyber-attacks including phishing, ransomware, and fraud. The PLDT Group's experience in handling these frequent threats at scale can provide practical insights into efficient incident response and prevention strategies. 
 
Cultural and Linguistic Aspects in Cybersecurity: The PLDT Group can contribute understanding of how cultural and linguistic aspects affect cybersecurity practices and user behavior, which is crucial for developing effective user education and awareness programs. 
 
Compliance with Local and International Regulations: The PLDT Group's experience in navigating both local regulations and international standards like the General Data Protection Regulation (GDPR) can offer valuable perspectives on regulatory compliance in a diverse legal landscape. 
 
Innovative Solutions in Limited Infrastructure Settings: Operating in a country where digital infrastructure is still developing, the PLDT Group's innovative approaches to cybersecurity challenges in such settings can offer lessons for similar environments worldwide. 
 
The PLDT Group's membership enriches the FIRST community with these diverse experiences and perspectives, contributing to a more holistic understanding of global cybersecurity challenges and solutions. 

AS: Are there any specific projects or initiatives that PLDT is planning in collaboration with FIRST or its members? 

AR: This is an area of collaboration that the PLDT Group is interested in pursuing. We are exploring initiatives or programs that we can collaborate with the organization or with other members to better secure our infrastructure and resilience.