In the digital age, the significance of cybersecurity is crucial. With cyber threats becoming more sophisticated and pervasive, the role of third-party cybersecurity companies has become essential in protecting businesses and individuals from potential cyberattacks. These companies specialize in various security services, including risk assessments, threat intelligence, and incident response, offering a comprehensive approach to digital security that is often beyond the capabilities of internal IT teams.
One of the key advantages of engaging a third-party cybersecurity company is its expertise and focus on security. These companies are dedicated to staying at the forefront of cybersecurity trends and threats, enabling them to provide the most up-to-date protection. They also bring a fresh perspective to an organization's security posture, often identifying vulnerabilities that may be overlooked internally. Moreover, third-party providers can offer scalability and flexibility, allowing businesses to access advanced security services without the need for significant investment in in-house resources.
One Philippine-based organization, Soros, provides tailored cybersecurity solutions to address the market's unique needs. The company's co-founder and CEO, John Patrick Lita (JP), shares his experience and insights on the importance of proactive cybersecurity practices. Founded by JP and his co-founder, Victor Aliwalas, Soros was born out of a passion for digital security and a recognition of the cybersecurity gap in the country. Originally called HORUS, the duo renamed it SOROS for Systems Operations, Risk Assessment, Optimization and Security.
Soros stands out by focusing on the needs of small and medium enterprises (SMEs) in the Philippines through its cybersecurity enablement program. This initiative is designed to support businesses in developing robust cybersecurity frameworks from the ground up, reflecting Soros's commitment to making digital security accessible to all.
Technical curiosity and a desire to have a tangible impact on digital security were the driving forces behind JP's entry into cybersecurity. This personal motivation aligns with Soros's approach to cybersecurity, which prioritizes proactive measures over reactive responses. Unlike many of its competitors, Soros adopts a vendor-agnostic stance, ensuring that their recommendations are solely in the best interest of their clients without any conflict of interest.
Soros has identified specific gaps in the market, particularly the need for more awareness among SMEs about cybersecurity risks and how to address them. Their "Zero to Hero" approach guides businesses through identifying critical assets, prioritizing security investments, and developing a strategic plan to enhance their cybersecurity posture.
While Soros may not have thwarted direct cyberattacks, its focus on threat intelligence and brand protection has significantly contributed to informing organizations about potential vulnerabilities and reducing the risk of cyber incidents. This proactive stance is crucial in a landscape where cyber threats constantly evolve and become more sophisticated.
The challenges faced by Soros, including keeping up with evolving threats and managing resource constraints, reflect the broader challenges within the cybersecurity industry. However, these challenges have also provided valuable lessons, emphasizing the importance of viewing cybersecurity not just as a cost center but as a critical component of sustainable digital transformation.
Looking to the future, JP highlights the significance of emerging threats such as ransomware-as-a-service and the potential impacts of artificial intelligence on cybersecurity. He advocates for a balanced approach to AI, leveraging its potential while recognizing the irreplaceable value of human intelligence in cybersecurity.
For those considering a career in cybersecurity, JP emphasizes the importance of a holistic skill set that includes technical expertise, communication, collaboration, and leadership. He encourages aspiring cybersecurity professionals to cultivate a mindset of constant learning and innovation.
JP's advice to business leaders and individuals is clear: take cybersecurity seriously. Protecting customer information is not just about compliance or avoiding breaches; it's about earning trust and supporting the overall objectives of your business. Companies like Soros are leading the way in demonstrating how third-party cybersecurity expertise can provide protection and peace of mind in the digital world.
Here's my exclusive interview with JP Lita, co-founder of SOROS:
Art Samaniego (AS): "Soros" is a unique name. What's the inspiration behind it, and does it reflect a specific aspect of your company's philosophy?
John Patrick Lita (JP): Originally, the name of the company was HORUS, which comes from the Egyptian Sun God and notably means god or Kingship (Leadership), healing, and protection, but to make it relevant to our business, we decided to use SOROS, which stands for Systems Operations, Risk Assessment, Optimization and Security
The inspiration for our company stems from our deep passion and concern to protect and support companies and individuals with their digital security. We created this organization to enable businesses to develop strategies through our solutions to improve their cybersecurity posture with confidence and peace of mind. We aim to engage with companies of all sizes, but we see a specific opportunity to assist the Small and Medium Enterprises in the Philippines through our Cybersecurity Enablement Program. This is part of our philosophy of digital security and protection FOR ALL.
AS: Sir JP, many cybersecurity figures come from technical backgrounds. Can you tell us about your path and what fueled your passion for this field?
JP: It's safe to say I have a solid technical background, but initially, curiosity fueled my passion. I was drawn to cybersecurity because of the escalating number of data breaches and cyber-attacks affecting all platforms today. The pervasive threat to digital security and personal information has made the importance of robust cybersecurity measures clear to me. Witnessing these incidents piqued my curiosity and instilled a sense of urgency to act and contribute towards safeguarding digital assets. This awareness has fueled my desire to learn more and actively participate in creating a more secure online environment, recognizing that both individuals and organizations are vulnerable to these ubiquitous threats.
Added to such, and frankly speaking, another motivation was to earn a sustainable income for my family's welfare while doing something I enjoy, which most of us will agree is the reason why we work. As they say, "Choose a job you love, and you will never work a day in your life."
More importantly, it was the need to protect and serve. My Co-founder, Victor Aliwalas, and I felt that we needed to address a big gap in the country's capabilities, practices, and knowledge of cybersecurity. We wanted to ensure that I could leverage my skills and help companies, individuals, and the country become more protected, compliant and safe.
Throughout my journey in this field, I noticed a lot that needs to be done with cybersecurity in the Philippines, including widespread threats, lack of awareness and some neglect of its importance. Hence, we came up with the idea that it can be an opportunity to solve and offer solutions to these problems. There are a lot of cybersecurity companies here in the Philippines, but most of them are foreign, and rarely do you see homegrown cybersecurity companies. There are few, but you can only count them on one hand. Soros, a Filipino company, takes that risk and willingness to compete with the global market to be one of the Local Organizations (homegrown) cybersecurity organizations.
AS: The cybersecurity landscape is crowded. What specific gaps or needs did you identify that drove the creation of Soros?
JP: The lack of awareness of SME businesses; most of them do not have any idea on how to start protecting their businesses and customers, not having any idea what the possible risks and threats and their effects are if they do not fall within the basic standards imposed for cybersecurity. We ought to be a part of our client's journey from Zero to Hero approach. However, it's worth noting that everyone is selling products and solutions, but how many local organizations offer services?
That's the opportunity we see here. We have our own solutions, but if you work with us as your consulting partner, we ensure that we are vendor agnostic, and our partners will decide what product or solution they want, ensuring we avoid any conflict of interest. This gives more opportunities to those businesses that sell products and solutions. What we provide to our clients is the following assistance through our Zero to Hero Approach.
- What is the current status or posture of the organization in terms of cybersecurity
- What are the critical assets they want to protect
- We help them identify prioritization by understanding the organization's business objectives.
- What is the current budget allotted and help them strategies their investments to reduce their risk
- Develop Roadmapping and Plan
- Help them maintain it until they are mature enough to manage it on their own
Our vision is to be a partner of every business and organization that needs support to drive their cybersecurity capabilities to a stronger position and to have a better understanding of what, when, and where they can start.
AS: What makes Soros stand out from its competitors? Is it a cutting-edge technology, a unique approach, or something else entirely?
JP: We don't see the market for competition but to be the equalizer or the balance in the market. Every product and solution provides cutting-edge technology, but our approach is different from the others. The uniqueness of our business is that We help you to improve your system operations to see the value of your investment in technology; our partners understand their risk and reduce it from an acceptable level to Optimize their operations to boost productivity, profitability and efficiency with security aligned with the organization business objectives. We spend a significant amount of time vetting global players and partnering with the tech we feel is best suited for the Philippine market.
AS: Could you share a success story where Soros played a critical role in thwarting a major cyberattack? This helps readers understand the real-world impact.
JP: As of now, there is no direct operational-related attack we have stopped, but we are more focused on informing an organization about possible cyber attacks and vulnerabilities in their current practices that they should address, lessening the chance of an attack. We have been able to share other related Threat Intelligence with well-respected media like you, Manong Art and trusted outlets as things have been impacted in real-time. The reason is that one of our services is Threat Intelligence and Brand Protection.
In reality, we can't necessarily protect against all types of attacks; no one can, as cyber-attacks are constantly evolving, highly sophisticated and inevitable. What we can do is reduce the impact of an attack and mitigate as much damage as possible, which we helped with after the Phil Health security issue and several other incidents we can't discuss due to confidentiality. The key here is proactivity and proper preparation.
One of our key services is helping developing companies set up the proper framework and processes to prevent attacks. We prefer the PROActive approach as opposed to reactive, which most companies locally, unfortunately, are not adapting to. Lots of times, organizations can justify budgets or ROIs when it comes to allocating funding and resources to cybersecurity; this is where we can help.
AS: What challenges or failures have you faced along the way, and what were the most important lessons learned?
JP: I think the common challenges experienced are keeping up with the evolving threats and the by-products of having resource constraints (financial or talent), which most organizations struggle with, and managing the complexity of the IT system, which organizations commonly oversee as one of the baseline requirements when protecting Systems and Information.
One of the lessons learned is seeing cybersecurity as only a cost center and a show stopper in terms of digitalization and automation. We're in the digital era, and everyone is aiming to shift every process to which tasks and other matters would require minimal interventions and to convert all information into digital format, which primarily intends to provide efficiency. However, every piece of technology and digital product that has no security in place or has not undergone processes to ensure that it is foolproof is an opportunity to threat and does not offer efficiency and sustainability. It becomes more of a liability without spending for or supporting a cybersecurity practice.
We only automate and digitalize our problem to the extent that we cannot manage it anymore.
Once it's on the internet, it stays on the internet, and that opens the door to any kind of risk.
AS: Looking ahead, what do you see as the most significant emerging threats in cybersecurity that organizations need to be prepared for?
JP: Embracing our ignorance about cybersecurity. In a sense, we know the problem, but we let these problems float around and resolve this problem in the wrong way.
Ransomware is now more accessible to everyone with the use of RaaS (Ransomware as a Service), which you can acquire for 40$ as a monthly subscription, a one-time licensing fee with no profit sharing. Which could lead to:
Supply Chain Attack - Once you're entirely reliant on technology and acquiring this solution without knowing your current security posture and risk, it will not protect your organization.
Artificial Intelligence and Machine Learning - Advanced attacks and techniques to evade detection, impersonate legitimate users and generate misleading content. This attack can undermine the trust and reliability of a business, communication and data sources.
As a consulting firm and service provider, we equip and guide our clients to properly lay down their plans and implement, enforce, and maintain their cybersecurity program. We are helping them to reduce their risk to an acceptable and manageable level.
AS: How do you think artificial intelligence (AI) will shape the future of cybersecurity, both in terms of risks and potential solutions?
JP: AI is like a hammer, you can use it to build a solution, you can also use it to break something. This can shape both defense and to do harm to any business. We should understand that we cannot replace human intelligence. We need to use AI as a tool but not as a replacement for humans.
AS: For individuals considering a career in cybersecurity, what skills or experiences would you say are essential to cultivate?
JP: This is one of my messages during my seminar at JISSA General Assembly in TIP:
Cybersecurity is not just a technical skill but a mindset and a culture. It requires constant learning, curiosity, and creativity. As students and aspiring cybersecurity leaders, you have the opportunity and the responsibility to shape the future of this field. You can make a difference by protecting the digital assets and the privacy of individuals, organizations, and nations. You can also innovate and create new solutions that enhance the security and usability of technology.
To succeed in this endeavor, students need to develop their technical expertise, communication, collaboration, and leadership skills. They need to be able to work with diverse teams, understand different perspectives, and communicate effectively with various stakeholders. Students must lead by example, inspire others, and foster a culture of security awareness and best practices. Cybersecurity is not a solo endeavor but a collective effort that requires teamwork, trust, and vision.
AS: What's one cybersecurity advice you wish every business leader and individual would take seriously?
JP: It brings us back to why we built our business. For our customers, clients and partners to resolve their challenges and provide efficiency and productivity. In the era of Information and Data, we should ensure that our customers can entrust their information to us.
Cybersecurity supports your business objectives, but it signifies that you're taking ownership of protecting your customer's information. No matter how efficient your product is, if there is no security in place, people will not trust your business to collect and process their information.