CYBERSECURITY PROVIDER Palo Alto Networks sees e-mail attacks as the top threat in 2019, with attackers becoming more diverse and sophisticated in their methods.
In a press briefing on Dec. 6 at the Makati Shangri-La, officials said the top threat businesses should watch out for next year, most especially in the Philippines, are attacks done via e-mails, where cybercriminals can steal company and personal information.
“A lot of the attacks are coming from emails, so when you open it, it’s a phishing site. Most of it starts in the business e-mail… You click on that site, you know it’s valid site, but it’s a phishing site. That phishing site will harness your valid credentials, and the attacker now will use the valid credentials to steal your money or steal your private information,” Oscar Visaya, country manager of Palo Alto, told BusinessWorld.
Because of this, Mr. Visaya said companies should always be critical of emails they receive and be able to assess their current cybersecurity state.
“I think number one is to take a look at their current state. Where are we right now… One of the things we are advising our customers, both public and private sector is visibility. So, you cannot control what you cannot see,” he said.
“So, that’s why we have to be aware of those emails coming to us… Dapat lang mataas ‘yung curiosity (curiosity should be high) when it comes to receiving these emails,” he noted.
The firm also noted that as operations become more connected with each other, threat risks are also becoming more and more inevitable. Kevin O’Leary, field chief security officer at Asia Pacific of Palo Alto, used the manufacturing sector as an example during his speech. He said operations in this industry are moving into the application of information technology in the process of exchange or movement of goods. Each element in the chain is a risk and the more complex the chain becomes, the higher the risk of attacks.
Still, Palo Alto said firms are already moving to formalize their data protection frameworks. It sees that next year will see many countries take their first steps towards protecting the people’s data. In the Philippines, the Data Privacy Act of 2012 is already being implemented to protect all kinds of information and covers both natural and juridical persons involved in the processing of personal information.
The use of cloud services is also seen to thrive next year, which could also give rise to new threats. Mr. O’Leary noted that local businesses have increasingly been using cloud technology in their operations.
“In some ways, you could look at that and say there’s been a little bit of a lag in terms of how businesses have taken up cloud services within the Philippines and yes, in some ways, that is a bad thing, but there is positive side to that, which is the learning that you can get from all the mistakes that other people made,” he said.
Lastly, critical infrastructure, which now includes the banking and financial services, telecommunications and the media, is becoming more digital and automated, making them easy targets for cybercriminals, most especially the energy, water, and public transport sectors that usually rely on legacy and unpatchable systems.
“We try to move not just us as a company but, I think, all of security technology start to move away from being seen as point solutions…and seen as a something as a little bit more holistic and something that really impacts everybody’s life on a daily basis from a consumer side, but also in terms of how business is ran and managed,” Mr. O’Leary said.
“It’s not just technology. It’s not just part of IT department of all the businesses. It’s actually a really important part of our business these days… So much is done through smartphones. People, their ability to touch IT is much greater now than it was before and we need to be conscious about how we manage our security into the future,” he said.
Meanwhile, Mr. Visaya said the move towards digital transformation in the country should always be accompanied by the transformation of security.
“As I mentioned earlier, I know that the government is undergoing digital transformation. A lot of companies on many different sectors are undergoing digital transformation, but they have to realize that they should also transform their security… The benefits of digital transformation will be at risk if they are not protected,” Mr. Visaya said.
Palo Alto is a California-based cybersecurity company that has been operating in the country for five years. It offers products like advanced firewalls and cloud-based offerings and they cater to all types of companies. — V.M.P. Galang