Against the backdrop of constantly evolving cyber threats, the Philippines needs to take a more active stance in prioritizing cybersecurity, Kaspersky’s findings suggest. A critical move towards achieving cyber-resiliency would potentially support the growth of local businesses, foster current digital opportunities, and mitigate dangerous risks to the country’s economy.
Just like its neighbors in Southeast Asia (SEA), the past five years saw the country consistently hit by various cyber threats ranging from web attacks, remote desktop protocol (RDP) attacks, and mobile malware.
Data from Kaspersky Security Network (KSN) show that web threat attempts against Filipino users of Kaspersky software grew 432.75% from 9,487,775 in 2017 to 50,544,908 in 2021. In Kaspersky’s global ranking of most attacked countries, the Philippines climbed from the 30th spot to 4th place in just five years.
With the pandemic-borne shift towards remote working, the overall RDP attacks versus local businesses rose by 141% from 2019 (2,549,698) to 2021 (6,150,891). RDP enables computers running Windows on the same corporate network to be linked together and accessed remotely, even when employees are at home.
Mobile malware attacks may have dropped sharply in the Philippines from 2019 to 2021 by 69% but according to Kaspersky, there are indications that Trojans are injected into third-party ad modules and new Trojans are being discovered—proof that cybercriminals have become creative and sophisticated in their approach.
As far as the local government is concerned, legal policies and regulatory frameworks on cybersecurity have already been laid out and are currently in place. Kaspersky executives urge the state to collaborate with its neighbors and private companies to further build its cyber-resiliency.
“Looking at the Philippines’ unique cybersecurity landscape and how it is dealing with cyberattacks, it appears that the country is now in the intermediate stage of cybersecurity readiness. Intermediate-level countries are those that have identified cyberattacks as areas they need to look into and have attempted to make some inroads. The goal is to have the country move to the Advanced stage where we hope to see it doing more in terms of development,” said Genie Gan, Head of Public Affairs and Government Relations for Asia Pacific & Middle East, Turkey and Africa at Kaspersky.
Gan says that while the cybersecurity landscape in the Philippines is distinct from the rest of SEA, it is still interconnected with its regional neighbors in so many ways.
“This is why we encourage the government regulators to begin boosting its cyber capacity-building and cooperation efforts. These two are basically the building blocks of cybersecurity,” she said.
Gan recommended the following specific action steps for the Philippines’ cybersecurity:
• Continuous promotion of security awareness and digital education for its more than 76 million users
• Growing its pool of cybersecurity talents
• Public-private partnerships
• Regional and international cooperation between countries and industries
From Kaspersky’s experience, an effective formula includes constant improvement of security awareness. This includes engagement with the wider cybersecurity community and stakeholders including cybersecurity providers to validate and verify the trustworthiness of their products, internal processes and businesses — an important pillar held by Kaspersky and implemented within the overall framework of its pioneering Global Transparency Initiative (GTI).
One of the GTI’s cornerstones included the opening of a network of Transparency Centers—in Zurich (Switzerland), Madrid (Spain), Kuala Lumpur (Malaysia), São Paulo (Brazil), Singapore, Tokyo (Japan), and Woburn, Massachusetts (the United States).
This global network of Transparency Centers serves as facilities for trusted partners and government stakeholders, responsible for cybersecurity, to review the company’s code, software updates, and threat detection rules.
The Transparency Centers are fully operational and available for on-site (physical) and remote access.
With guidance from the company experts, visitors at the Transparency Center can conduct transparency review sessions in three different modes:
• Blue Piste: overview of Kaspersky’s security and transparency best practices and product portfolio
• Red Piste: review of the most critical parts of Kaspersky’s source code by a client or regulatory stakeholder
• Black Piste: deepest and most comprehensive review of the most critical parts of Kaspersky’s source code
The GTI also paved the way for the creation of Kaspersky’s Cyber Capacity Building Program to help government organizations, academia, and companies around the world develop mechanisms and skills for security assessment of ICT products they use. Requesting access is as easy as sending an email to TransparencyCenter@kaspersky.com.
Kaspersky also advised that countries like the Philippines continually promote skills training and enhanced collaboration to support incident response capabilities and ensure the safety and wellbeing of their citizens.
“Cyber threats are here to stay as it is parallel with the digitalization drive in the Philippines. A latest study even projected a five trillion peso digital economy in 2030, a huge opportunity that will be realized best if digitalization efforts are built upon trusted and transparent cybersecurity foundations,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.