Skip to content
News ‘You don’t hack systems. You hack people’: A look at cybersecurity in the Philippine landscape

‘You don’t hack systems. You hack people’: A look at cybersecurity in the Philippine landscape

Remember when the Philippine Health Insurance Corporation (Philhealth) reported data leaks in October affecting 13 million PhilHealth users in the country? How about when millions of people’s information were breached in the Philippine National Police, the National Bureau of Investigation, and the Bureau of Internal Revenue?

The Philippine government has come under scrutiny due to its cybersecurity weakness and lack of security measures when it comes to cyber-attacks. The first day of the Digital Pilipinas 2023 – Digital Government Festival saw members of the government, local and international private organizations look at the damage that cyber-attacks do to society, how to mitigate its risks, and how to find solutions.

The panelists include Founding President of NADPOP Sam Jacoba, Philippine Computer Emergency Response Team’s Lito Averia, and Flagright Singapore’s Tommy Hartono, moderated by nChain’s Business Development Lead for the Philippines Stephanie Tower.

Hacks in the cybersecurity Ecosystem

Quoting Undersecretary of the DICT, Jeffrey Dee, Tower reminded the audience that “cybersecurity is not a technical issue. Most see it from a technical perspective, but it is indeed a human issue because all of us are affected by it,” noting that the world will be facing $10 trillion lost in cyber damage by 2025.

Drawing a line from those statements, Tower began the discussion by exploring the common cybercrimes and the approach to mitigating them.

In Picture: Stephanie Tower, Sam Jacoba, and Lito Averia

Jacoba says that hacking and phishing are the most common online crimes. Phishing involves impersonating someone online through emails or SMS, with the intention of stealing personal information. Expounding on how these kinds of methods could initiate wars in Ukraine, Russia, and, more recently, Israel, Jacoba said we’re already at war.

“If you’re a cybersecurity professional, you will see that we’re already at war. It’s happening right now,” he said. “As long as there is money to be earned, there will be criminals out there who want that money.”

How to realize cybersecurity attacks

How can one know that they’re being attacked? This was probably the most important question during the discussion. According to Averia, a seasoned cybersecurity expert, attackers will usually try to identify weaknesses in your system and exploit them to gain access.

For example, Averia said that a common practice in phishing attacks is sending emails during the wee hours of the day when most victims are exhausted from work. Victims, usually unaware or tired of all the spam messages they are receiving, would click on the links attached to these messages, which result in their accounts getting hacked and their privacies invaded.

“When we’re talking about privacy, it’s really important to understand digital literacy,” Hartono said, adding that in cybersecurity, experts must be proactive rather than reactive.

In Thailand, Jacoba says that the top attack is through romance hacking, also known as pig butchering. This is an interesting hack as attackers use dating apps or fake accounts to lure single men or women, create personal relationships, and ask them for money once the victim falls for the tactic.

“Again, it’s all about people. You don’t hack systems. You hack people,” Jacoba reiterated.

Solutions to help mitigate risks from cyber-attacks

In Picture: Lito Averia and Tommy Hartono

One of the big technologies Averia sees that could help with cyber attacks is Artificial Intelligence (AI). However, the veteran cybersecurity expert also points out the possibility of machine learning technologies being weaponized.

“AI, ML, all of these can be weaponized. On the other hand, you can use AI and machine learning to defend,” he said. “It could also be used to be the baseline for security.”

Jacoba chimes in, firmly reminding everyone that cybersecurity begins at home. “We have to teach our kids and the nannies of our kids not to overshare and open [sketchy] sites,” he said.

“[Cybersecurity] learning should be embedded in our institution,” he added.

Tower emphasizes the significance of the following solutions as means to prevent and alleviate cyber-attacks:

  • Digital literacy to push forward better cybersecurity measures
  • Collaboration between private entities and government organizations is needed
  • If something is free, you are most probably the product
  • Cybersecurity starts at home

To learn more about cybersecurity and its importance in the ASEAN industry and digitalization, catch our Day 1 and Day 2 recap for the recent Digital Pilipinas Festival 2023!

Watch Gregory Ward: BSV blockchain is an absolute fit for cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *