The Implementing Rules and Regulations for the newly-signed SIM Registration Act will create a database of mobile phone SIM cards and their users.
The law will require Filipinos to register their identities with the entities or have their cards deactivated.
Advocates of the legislation expect to curb mobile scams by enforcing stringent punishment for fraudulent registration, also allowing law enforcement to access user data to investigate any crimes committed with the use of phones. However, the predicament is data security–a recent survey found only 48 percent of consumers believe SIM card sellers could be trusted to protect their private information.
“The rise of mobile banking and e-wallets have made a mobile number critical not only for the financial security but also other personally identifiable information (PII) which hackers could target for phishing attacks,” said Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks. “ A data breach or service downtime caused by a cyberattack can lead to severe financial and reputational damage, including privacy repercussions on customers. Mature cybersecurity protection can stabilize the business of an operator, and ease the way to regulatory compliance while keeping users safe and protected.”
Scheurmann further elaborated that personalized SMS phishing or smishing is just one of the many attacks that could happen if mobile numbers and their owners’ information landed in the wrong hands.
Leakage of this type of information may lead to a more sophisticated and higher number of attacks such as identity theft, SIM swapping, and hacked financial and social media accounts.
According to Palo Alto Networks Unit 42 Incident Response 2022 report, a data breach in organizations shares the same initial intrusion with attacks on consumers: Phishing. For telcos, this social engineering tactic is seen to affect both internal and external stakeholders which could not only end with a reputational blow for businesses but financial losses for both businesses and consumers as well.
Combating data leakage is an ongoing challenge that requires continuous vigilance by network security teams. An effective data security strategy requires discovering and securing data while it’s at rest, in use, and in motion.
Monitoring the transmission of data both inside and outside of the organization and proactively detecting and stopping data leakage is another important requirement.
“Perpetrators would always look for new ways to enter a network and find flaws to steal information or money. With this non-stop chase, telcos would also require cybersecurity that would constantly check and validate, to immediately address potential threats and identify attacks in the soonest possible time to dilute the impact of a breach,” added Scheurmann.
Palo Alto Networks is a global cybersecurity leader providing Zero Trust framework that secures an organization by eliminating implicit trust and continuously validating every stage of online interaction. This approach can help telcos protect the data privacy of their organization and consumers with multiple verifications for security purposes.
Furthermore, to meet an effective data security strategy, Scheurmann shared a list of actionable points that telcos and companies can follow to meet an effective data security strategy in line with Zero Trust:
- Protect company and data consistently across their in-house network, cloud, and mobile users
- Centralize data loss prevention and security management efforts
- Discover, classify, monitor, and protect their data, as well as authenticate users and control who has access to specific applications and data at any given time
- Clearly define and enforce role-based data access and usage policies
- Better oversee and manage third-party vendor security and compliance
- Ensure their data is being stored, accessed, and used in a way that complies with data protection regulations and data privacy laws
“The SIM card registration law is a crucial development in curbing the SMS phishing attacks in the Philippines,” said Scheurmann. “We collaborate with multiple governments around the world to ensure that the technology, people, and processes are aligned to help prevent cyberattacks. Phishing is a multifaceted threat that requires a comprehensive strategy to defeat. Ultimately, we believe that overcoming the challenge of phishing involves having an integrated end-to-end process, ranging from the proactive to the reactive, because if you have one and not the other, then you’re not actually prepared to deal with the threat.”
