UK CYBERSECURITY firm NCC Group said that the finance and industrial sectors are among the top targets for cyberattacks in the Philippines, consistent with global patterns.
“This is not just about the Philippines. Finance is always going to be a fairly strong (targeted) sector because, ultimately, people want to get money, but sometimes they commit cybercrime for disruptive reasons,” NCC Group Chief Operating Officer Kevin Brown told BusinessWorld.
“A lot of the time, you want to get to where the cash is, so the finance sector will be continually targeted. But I think the industrial sector — the operational technology and critical national infrastructure — is one where, year on year, we see a continued rise,” he added.
He said that the industrial sector has a 30% share in terms of targeted attacks, which may stem from the lower investment in infrastructure within the sector.
“This one is on strengthening operational technology because it has been, perhaps, not as invested as much as information technology or your enterprise infrastructure,” he added.
“We certainly see a big push towards (protecting) critical national infrastructure in the industrial sectors,” he added.
Asked about where the attacks on the industrial sector are aimed, he said that the cybercriminals are trying to get access to the network or cause a disruption.
“We’ve seen many attacks across the globe that try to get into oil routes or try to affect water; a lot of these will be driven from a nation-state perspective,” he said.
“Sometimes, they’ll be trying to get into a sort of crucial, critical national infrastructure as an access point to get into a wider network,” he added.
He said that they noticed that the telecommunications sector has been targeted not always because sometimes it hosts a significant infrastructure for other businesses.
Asked for his recommendations for the Philippine government, he said that there is a need to relaunch the country’s cybersecurity strategy.
“I think refreshing and relaunching the cybersecurity strategy is the key one. And the next one is, how do you bring this to life, and how does it become real for everyone? I think that could be through education and awareness,” he said.
“I think bringing that awareness and, at the same time, starting to give some help, some education, and some tools to be able to better understand where everyone fits in the cyber ecosystem are among the things that you need to be doing as well,” he added. — Justine Irish D. Tabile