By Krista A. M. Montealegre, National Correspondent
THE EXPLOSION of digital threats has created an unprecedented demand for people with skills and experience in tackling cyberattacks. Unfortunately, talent is hard to come by in the Philippines.
Companies have been investing heavily in cybersecurity since 2010, but the lack of trained experts to make the investment work continue to make these systems vulnerable to attacks.
“To develop this responsive cybersecurity, it will be very expensive even for big companies. You need to hire people and there is none. The expertise do not exist,” Angel T. Redoble, chief information security officer of ePLDT, the digital enterprise enabler of PLDT, Inc., said in an interview.
The chairman and founding president of the Philippine Institute of Cyber Security Professionals, Mr. Redoble came out of retirement in 2016 to help PLDT build its own army of all-Filipino “cyber warriors” comprised of analysts, penetration testers, digital forensic investigators, threat hunters, responders and reverse engineers.
These skilled professionals were nonexistent before PLDT provided them with the rigorous training in assisting enterprises analyze and respond to more sophisticated cyber threats.
“Training and constant improvement of people are very expensive for companies. For us, it is our lifeline; it is our business,” Mr. Redoble said.
So glaring is the shortage that ePLDT plans to launch its own cybersecurity academy by the end of the year to help address the lack of talent, he added.
The trained individuals are the secret sauce behind ePLDT’s Security Operation Center, which provide the facilities, expertise, frameworks, and threat intelligence, giving visibility in advance into potential threats and real-time detection of attacks that could affect business-critical IT assets.
Most traditional cybersecurity solutions in the market are only preventive and detective in nature so ePLDT developed an approach that is also predictive and responsive.
“As a service, this is the answer to the problem of budget for all types of companies. They can do away with the capital expenditure part of the problem because they can outsource it to us. They don’t need to hire the people because we’re a one-stop shop,” he said.
One of the bigger problems for the private sector is the absence of a comprehensive law on cybersecurity.
The Philippines needs a law that will compel the government and private sector to adopt a cybersecurity practice that is more than sufficient to the kind of environment or businesses that they are into, while giving them the leeway to identify risks specific to their sectors, Mr. Redoble said, adding that the law should identify the roles and responsibilities of the government in protecting cyberspace.
“The Philippines only has the Cybercrime Prevention Law and the Data Privacy Law. These laws are reactive. When there is an incident, you can use the law. No incident, no use of the law. We need a law that is proactive. We need to be able to identify the risk before it occurs,” Mr. Redoble said.
Financial losses due to cyberattacks could cost businesses $6 trillion by 2021 despite increased investments in cybersecurity, he added.
ePLDT has barely scratched the surface in terms of coverage, monitoring close to 30,000 devices in early May, out of the 60 million devices in the country, so the potential for growth is exponential.
“We will not stop until we are able to monitor every connected device in this country,” Mr. Redoble said.