The government, academe and telcos top the list of sectors that sustained the most digital threats so far this year, exposing the emerging risk the Philippines faces on the cyber front.
In data obtained by The STAR, the Department of Information and Communications Technology (DICT) reported that it handled 1,568 incidents of digital attacks from January to May this year.
Of this, the government accounted for more than half of the total, as cybercriminals grew eager to steal sensitive data handled by state agencies.
Likewise, the academe came next, reporting 26 percent of the incidents, while telcos ranked third with eight percent. The DICT also handled incidents of online attacks against medical providers, logistics firms, financial institutions, among others.
On its own, the DICT is undertaking a program called Project SONAR, short for Secure Online Network Assessment and Response System, to identify government vulnerabilities. Through it, the DICT scans the digital assets of state agencies and classifies risks based on severity.
As of May, Project SONAR has found over 68,000 vulnerabilities, of which 44,343 are low risks, 18,326 are medium risks, 2,645 are high risks and 3,175 are critical risks.
Information Assistant Secretary Renato Paraiso told The STAR that digital attacks involving state agencies usually cover data breaches and information expropriation.
At times, hackers deface the website of their target agencies just to gain notoriety, in the hope of drawing public attention to the ability of their group and the weakness of their victims.
However, Paraiso said what is really challenging for the government is detecting and addressing cyber attacks on private firms. In cases like this, the DICT has to work with designated regulators to be able to touch base with companies that are reportedly compromised.
For telcos, the DICT has to alert their regulator, the National Telecommunications Commission (NTC), when it learns of a possible data attack. In the past, Paraiso said businesses go as extreme as paying their hackers to hide the incident from the public.
The good thing right now is that companies alarm the DICT on their own when they find out that their database was compromised.
“The DICT has really no power over the private sector, but given that this involves certain data, we coordinate with agencies like the NTC, who has the regulatory power over telcos, whenever there are cases of data breach,” Paraiso said.
“It is really hard when it comes to the private sector and the DICT. We have seen a trend recently that private (firms) come out and seek the help of the DICT. Previously, they tried to shun away from us and in fact they paid these hackers not to reveal that they were hacked,” he added.
For the DICT, there is a need to legislate a measure that would strengthen cybersecurity efforts in the Philippines. The agency pushes for the creation of a National Cybersecurity Agency (NCSA) tasked to protect information infrastructures crucial to the economy.
The NSCA will also be mandated to formulate cybersecurity policies and strategies. Apart from this, the body will lead public-private partnership projects on cybersecurity.
Telcos, for their part, have committed to invest in the upgrade of their digital defenses to prevent cyber criminals from reaching subscribers.
Wireless leader Smart Communications Inc., for one, blocked a total of 615,788 SIMs that were involved in the proliferation of messaging scams from January to June.
Smart is also working with its regional dealers and trading partners in improving the integrity of their distribution process, making sure that SIMs are bought for legal use only.
Source: Digital attacks target mostly government, schools, telcos – DICT