Journey Gesta
- A large-sized organization in the Philippines can possibly incur an economic loss of US$7.5 million, more than 200 times the average economic loss for a mid-sized organization
- Cybersecurity attacks have led to job losses in seven in ten (72%) organizations over the last year
- Cybersecurity concerns delay Digital Transformation plans
- Organizations are increasingly leveraging Artificial Intelligence to enhance their cybersecurity strategy
The digital age has indeed come, with the internet maneuvering institutions and businesses. The cyber world provides comfort to customers and business people alike, offering faster and digitized transactions. Nonetheless, despite the ease in these transactions, the world of online business has also been an easy target for security risks, a magnet of various cyber attacks.
Indeed, cyber attacks are very common these days, whether in personal or organizational sites. IT geniuses can easily orchestrate a mass hysteria through a single, successful attack online, creating a breach in the businesses’ data system and spilling confidential information that may damage and cause a financial burden to businesses.
That is why the question always remains: How safe is doing your business transactions online? In a country like the Philippines, where simple internet lags can’t be dealt with, what other harms in the cyber world await us?
Billions gone with the wind
What awaits the Philippines is a potential economic loss due to cyber attacks that can hit a staggering US$3.5 billion. This is according to a study of Frost & Sullivan commissioned by Microsoft, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World.”
Aiming to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches and identify as well the gaps in organizations’ cybersecurity strategies, the study involved a survey of 1,300 business and IT decision makers ranging from mid-sized organizations (with 250 to 499 employees) to large-sized organizations (with more than 500 employees).
According to the study, more than half of the organizations surveyed in the Philippines have either experienced a cybersecurity incident (18%) or are not sure if they had one as they have not performed proper investigation or data breach assessment (34%).
A Closer Look: How serious Cybersecurity is
Several economic impacts are linked to cyber attacks. It is revealed in the study that a large-sized organization in the Philippines can possibly have an economic loss of US$7.5 million. Meanwhile, mid-sized organizations can possibly lose US$35,000. Apart from these significant costs, these attacks have resulted in job losses in 72% of the organizations that have experienced a cyber incident over the last 12 months.
Frost & Sullivan has created a model based on macroeconomic data and insights shared by the survey respondents. According to the model they used, there are three kinds of losses which could be obtained due to a cybersecurity attack: (1) Direct; (2) Indirect: and (3) Induced.
Direct losses are financial losses linked to a cybersecurity incident, including loss of productivity, fines, remediation cost and others. In easier words, direct losses are the physical or tangible losses after an attack. Indirect losses, on the other hand, are the opportunity costs to the organization, like customer churn due to reputation loss. Finally, Induced losses are the impacts of cyber breach on the wider ecosystem and economy, such as the decrease in consumer and enterprise spending.
Vice President and Asia Pacific Head of Enterprise for Frost & Sullivan, Edison Yu, said that although Direct losses are most noticeable, they are but just the “tip of the iceberg.” He said that many losses are hidden. However, still, these attacks can often be underestimated.
Cybersecurity Threats: The Whats and Whys
The study found that data exfiltration and data corruption are the biggest concerns in organizations in the Philippines. But why do these things happen so often in the first place? Listed below are some of the key gaps in the cybersecurity approach of participating organizations’ to protect their digital domain:
- Security is not a priority
According to the study, only 44% of organizations consider cybersecurity before the start of a digital transformation project. Majority of respondents (56%) either think about cybersecurity only after they start the project or do not consider it at all.
- Complex online environment
Too many cybersecurity solutions do not change anything; the survey revealed that 17% of respondents with more than 50 cybersecurity solutions could recover from cyber attacks within an hour. In contrast, more than twice as many respondents (38%) with less than 10 cybersecurity solutions responded that they can recover from cyber attacks within an hour as well. Who knows, maybe these cybersecurity solutions can cause the breach itself.
- Lacking cybersecurity strategy
While more and more organizations are considering digital transformation to gain competitive advantage, the study has shown that 46% of respondents see cybersecurity strategy only as a means to safeguard the organization against cyber attacks rather than a strategic business enabler. A mere 25% of organizations see cybersecurity strategy as a digital transformation enabler.
Hans Bayaborda, Managing Director of Microsoft Philippines, said that Microsoft is empowering businesses in the Philippines to take advantage of digital transformation by enabling these businesses to embrace the technology that’s available to them, through its secure platform of products and services, combined with unique intelligence and broad industry partnerships.
Using Artificial Intelligence (AI) in Cybersecurity Defense
The use of AI has been very popular in many technological devices these days. Of course, it is now also being introduced in cybersecurity defense. AI can detect and act on threats easily, making it a potent opponent against cyber attacks. The study reveals that 79% of organizations in the Philippines have either adopted or are looking to adopt an AI approach to boost their cybersecurity.
This is primarily rooted in the fact that an AI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organizations to fix or strengthen their security posture even before problems emerge. It will also grant companies with the capabilities to accomplish tasks, such as identifying cyber attacks, removal of persistent threats and fixing bugs, faster than any human could.
Tips on how to secure your business
According to the study, for a cybersecurity practice to be successful, organizations need to focus on their People, Process and Technology – and how each of these elements contributes to the overall security posture of the organization. Listed below are five best practices that businesses or organizations can consider in improving their defense against cybersecurity attacks:
- Position cybersecurity as a digital transformation enabler
Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;
- Continue to invest in strengthening your security fundamentals
Over 90% of cyber incidents can be averted by maintaining the most basic best practices. Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyber attacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;
- Maximize skills and tools by leveraging integrated best-of-suite tools
The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;
- Assessment, review and continuous compliance
The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and
- Leverage AI and automation to increase capabilities and capacity
With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions. Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.
***
Technology has enabled us to create an easier, more advanced working condition. However, cybersecurity threats are inevitable. The launch of FY18 Microsoft Asia Pacific Cybersecurity Study is indeed eye-opening, as it is equally significant for an organization to have the necessary knowledge about cybersecurity, especially if it is adopting online strategies to boost popularity or to simply ease its day-to-day proceedings.
