Cybersecurity no longer an option for PH companies

Data breaches in companies like Facebook have been in the news but similar incidents have struck closer to home.

“Once taken, it’s impossible to take back.”

The ominous warning on protecting one’s data privacy will soon be seen on posters and other materials that will be splashed on internet cafes, schools, office buildings, malls, and other public places all over the country.

Matthew Yu, art director of Campaigns & Grey; Raymund Enriquez Liboro, Commissioner and Chairman of NPC; Eugene Demata, chief creative officer of Campaigns & Grey during the Privacy Awareness Week event

The campaign, launched by the National Privacy Commission (NPC) in cooperation with ad agency Campaigns & Grey, is meant to serve as a wake-up call that cybercrime has already reached Philippine shores. During its launch, NPC Commissioner Raymund Enriquez Liboro pointed out, “Data privacy is now a mainstream issue. It’s not a splinter issue. Slowly but surely, Filipinos are now realizing how data privacy and security is impacting their daily lives”

While the data breaches in global companies like Facebook have been dominating the news, other incidents have struck closer to home. In June of 2017, two of the country’s largest banks experienced technical glitches that had thousands of depositors seriously worried about the security of their accounts and related information.

In May of this year, the NPC ordered the suspension of the delivery website of popular fast-food chain Jollibee, determining that flaws in its systems could expose the 18 million Filipino customers who had their private information in its database to online risk. In the same month, another hamburger chain, Wendy’s, had to notify 80,000 of its customers that their records in their databank had been hacked. The NPC’s investigation, to date, noted that sensitive information like account passwords and methods of payment had been exposed.

In any breach of data where cybercriminals are involved, the individuals whose records had been compromised could suffer the misuse of their sensitive information such as names, credit card numbers, social security numbers, and health records. In the United States, says CSO, one patient record can fetch as high as $300 on the Dark Web or the internet black market.

Meanwhile, in the Philippines, according to a Frost & Sullivan study, economic loss can range from $35,000 for small enterprises to $7.5 million for huge corporations. Still, there are other damages such as downtime in sales, loss of consumer confidence, cost of repair, and the very real possibility that the company may never recover.

Stanley Young, co-founder of the Macon Young Philippines Technology Services, elaborates, “There is a lingering long-term effect. The potential for the cyber security blame game exists and may infiltrate the company’s mindset and affect employee morale and productivity. Questions about where the fault lies may arise. Is it internal fraud or a bona fide external cyber attack? Is it the fault of the marketing department, the finance department, our supply chain partners or IT?

“The breached company can become mired in a sea of civil suits and litigation, put forward by the effected party. The financial cost could be staggering. The client base is left uncertain about the future. They will start asking, ‘Who has my information, what is it being used for? What are my liabilities? Do I have to run around town checking on my accounts?’”

Young adds that the extent of the damage also relies on the victimized company’s size and resources. He says, “MNCs that experience a breach generally have significant IT infrastructure, and deep tighter pockets to manage the fallout and restore normal operation fairly quickly. Many Filipino SMEs have cash flow—if the attack is of a significant degree and sustained, their business survival could be at jeopardy. SMEs typically do not have the type of IT resources available to respond to cyber threats, unlike MNCs.”

Finding and fixing the problem will not take overnight, and the entire process will have an effect on the company’s overall operations, sales, and financial bottomline. Young notes, “A study during 2017 by Ponemon’s on malware prevention and detection suggests that the average company takes 170 days to detect an advanced threat, 39 days to mitigate, and 43 days to recover. Once a breach or a hack is detected, it could take up to three months on average to resolve.”

Preparing for an attack starts with awareness. The NPC survey indicated that 94 percent of Filipinos actually want to know how their private data is being processed and treated by the companies that often require it from them as they shop or transact business.

Young welcomes any shift in attitude that will make the public more protective of their private information. He says, “There was this complacent attitude towards cybersecurity until recently. It’s like they believe that the cyberattacks that happened in the U.S. and Europe will never happen here. But you have tons of data sitting out there, attractive to anyone who wants to perform a fraudulent activity and has the means to do so.”

The post Cybersecurity no longer an option for PH companies appeared first on The Manila Times Online.