Connect with us

Hi, what are you looking for?

HEADLINES

PH companies fail to address nearly half of cyber threat alerts received

Companies in Philippines do not address nearly half of the legitimate cyber threat alerts they receive, according to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study. 

Among those surveyed, 42 percent say they receive more than 5000 alerts each day. While companies in Philippines rank the lowest in Southeast Asia among those receiving more than 5,000 alerts per day, the real challenge lies in what comes after the alert is received, and how many are actually investigated.

The study shows that on average just 50 percent of the alerts received are investigated by companies in Philippines. Of those investigated, on average, only 30 percent turn out to be legitimate, of which only 51 percent are acted upon and corrected. This suggests that more work is needed to help companies and security professionals in Philippines to tackle the rapidly evolving cyber threat landscape.

The results of the study highlight the scale of the challenge faced by the companies, with 79 percent of respondents saying their organization has suffered a breach in the past year. 

Advertisement. Scroll to continue reading.

Cyberattacks are also having a significant financial impact. Among those who suffered an attack in the past twelve months, 35 percent say it cost them US$500,000 or more, while 25 percent say the cost was US$1 million or more. This includes costs from lost revenue, loss of customers, and out of pocket expenses etc.

“In the Philippines, digital transformation has been a favourite theme for consumers, businesses, and the government. While we have seen many benefits from digital innovation and adoption, it is important to ensure that we have the right infrastructure, processes, and technologies in place that continue to enable and empower digital growth. The ability to tackle the cybersecurity threat is critical on that front,” says Karrie Ilagan, Managing Director for Philippines at Cisco.  

“All stakeholders need to work together in a coordinated manner to achieve this. Businesses need to raise awareness about the issue, have proper processes in place and deploy the right technologies to help identify, block or address any attacks. We need strict regulations that deter malicious actors from taking the risk of launching such attacks. Finally, we need to develop local cybersecurity talent so we have the manpower to support the country’s digital drive in a sustainable manner,” she adds.

Cyberattacks are starting to evolve from just targeting IT infrastructure to attacking operational infrastructure, intensifying the challenge for companies. According to the survey, 19 percent of respondents say they have already seen cyberattacks on their operational infrastructure, 35 percent said they expect similar attacks to take place on them within the next one year.

Given the growing scale of cyber threats, respondents say they expect scrutiny of their security policies to increase over the next one year from all stakeholders, especially their customers who are keen to ensure their data is protected. Among those surveyed, 76 percent say they expect increased scrutiny from customers. Privacy concerns are also delaying sales for the companies, with 66 percent of respondents saying such concerns are adding time to the sales cycle. 

Advertisement. Scroll to continue reading.

“When it comes to cyber security, it is no longer a case of a company needing to protect just its own IT infrastructure. Today, business partners, customers, and employees expect a company to keep their data secure. With stringent regulations like the European Union’s General Data Protection Regulation (GDPR) coming into force, the pressure on companies to have the right policies, technology and resources in place will only increase. Those who lag behind run the risk of not only facing high financial penalties, but also losing the trust of customers,” says Stephen Dane, Managing Director of Security for Asia-Pacific, Japan and China at Cisco.

The use of multiple vendors and products is making the challenge more complex. The study shows that 39 percent of surveyed organizations work with more than 10 security vendors, while 41 percent use more than 10 security products or solutions. This creates complexity and increases vulnerability, as having different security products, can lengthen the time to identify and contain a breach. The study highlights that companies are already facing this issue, with 97 percent of respondents saying they find it challenging to orchestrate multiple vendor alerts. 

To put this in context, it is estimated that an almost instant detection of a cyber security breach within a large enterprise costs the business US$433,000. If detection is delayed by more than a week, this figure triples to an average US$1,204,000.

Key recommendations: Based on the findings of the survey, the study has made a series of recommendations that will provide companies with more actionable visibility into the threat landscape, reduce their exposure and improve their security posture. The report states that companies should consider: 

  • Adopting next-generation end point process monitoring tools
  • Accessing timely, accurate threat intelligence data and processes that allow for data to be incorporated into security monitoring and eventing
  • Implementing first line–of-defence tools that can scale, like cloud security platforms
  • Employing network segmentation to help reduce outbreak exposures 
  • Reviewing and practicing security response procedures regularly

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement