Cybersecurity threats are escalating rapidly in the Philippines as the country’s digital landscape expands, according to the 2024 Identity Security report by ManageEngine.
Kumaravel Ramakrishnan, technology director at ManageEngine, said ransomware, data breaches and phishing remain prevalent, while malicious insiders and social engineering attacks pose growing concerns in the country.
“In the Philippines, online scams topped the list of cybercrimes in 2023 with 14,030 reported cases, followed by identity theft at 2,804,” Ramakrishnan said in an interview. “Alarmingly, the country also experienced cyberattacks targeting government, education and other critical sectors.”
He highlighted the financial sector’s vulnerability to sophisticated attacks, particularly phishing, targeting online banking, payment systems and digital commerce.
The Identity Security Report notes that an audio deepfake was circulated earlier this year, falsely portraying the president as directing the Armed Forces of the Philippines against China.
“Cybersecurity is paramount in today’s digital age,” Ramakrishnan said. “As threats evolve, organizations must prioritize system security, data protection and user safeguards. Addressing human vulnerabilities is crucial alongside technical defenses. Promoting education and awareness is essential, a commitment ManageEngine has consistently fostered in the Philippines.”
ManageEngine’s recent survey revealed that 44 percent of Philippine organizations experienced an identity-related cyberattack within the past year.
More than 80 percent of these organizations recognize the need for enhanced identity security tools to mitigate future threats. Identity security encompasses safeguarding all identities and credentials within an organization to prevent threats like insider attacks, phishing and credential theft.
It ensures that only authorized users access sensitive data and that all privileged activities are audited and monitored for security and compliance.
Ramakrishnan emphasized the evolving nature of AI-powered cyber threats.
“AI-based threats are becoming increasingly sophisticated, characterized by automation and complexity,” he said. “Malicious actors are leveraging AI to automate and escalate attacks, including malware distribution, phishing, sophisticated techniques like deepfakes and adversarial AI that manipulates systems to circumvent security measures.”
“Conversely, AI offers a solution by enhancing cybersecurity,” he said. “Advanced SIEM tools with machine learning and UEBA can analyze vast datasets to detect anomalies and threats. ManageEngine’s local survey indicates that around 60 percent of Philippine leaders believe AI advancements will strengthen their enterprise’s identity security strategy.”
Ramakrishnan said AI strengthens an organization’s security posture by automating processes, assessing IT assets, and predicting breach risks. It also enhances threat intelligence while reducing false positives and alleviating the workload of security personnel.
To effectively implement Zero Trust strategies and Zero Standing Privileges (ZSP), Ramakrishnan cited the need for a comprehensive framework that restricts access to critical resources and continuously validates user identities.
“For organizations yet to adopt these approaches, implementing a privileged access management (PAM) solution is a crucial starting point,” he said. “With the right tools, security administrators can define and enforce policies that ensure ZSP, limiting access to only what is necessary.”
The survey indicates that 30 percent of Philippine organizations have not yet established a Zero Trust security strategy. However, over 82 percent are committed to adopting these principles within the next three years.