The financial industry remains a prime target for cyberattacks, despite the Bangko Sentral ng Pilipinas’ (BSP) new framework to enhance cyber resilience, a global cybersecurity and digital privacy company has warned.
Kaspersky, a cybersecurity firm, reported that the finance sector experiences the highest losses due to online fraud, as scammers increasingly exploit customer data for account takeovers and credit fraud.
Despite the risks of fraud and money laundering, 82 percent of users continue to rely on their online banking apps for convenience, with 95 percent expressing confidence in the security of their personal data.
“The amount of trust people put into online banking places heightened responsibility on financial institutions to maintain strong security measures,” Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky said.
The BSP recently launched the 2024-2029 Financial Services Cyber Resilience Plan (FSCRP) to strengthen the cyber resilience of the Philippine banking industry.
According to the BSP, the plan emphasizes clear incident response, collaboration, and best practices, including baseline plans, scenario playbooks, and industry-wide cyber testing.
“We support BSP’s efforts to enhance cyber resilience in the financial services sector. Our data shows that cybercriminals are actively targeting the country, which underscores the urgent need for robust frameworks to mitigate risks and protect both financial institutions and their customers,” Yeo said.
Between April and June 2024, Kaspersky detected nearly 3.7 million cyber threats in the Philippines, affecting 30.2 percent of its users. During the same period, the cybersecurity firm recorded 208,073 online threats originating from Philippine servers, accounting for 0.04 percent of global incidents.
To protect against cyber threats, Kaspersky advises enterprises to keep software updated, back up data regularly, audit supply chains, monitor network activity, and utilize security operation centers (SOCs).
For consumers, Kaspersky recommends avoiding suspicious links, using strong and unique passwords, implementing two-factor authentication, verifying website security, and installing apps only from trusted sources. (Derco Rosal)