Security in a world of too much data

Font Size

BusinessWorld holds Cybersecurity Forum

By Bjorn Biel M. BeltranSpecial Features Writer

Cybersecurity starts from within.

That is the clarion call expressed by the speakers at BusinessWorld’s first Cybersecurity Forum, held at the Dusit Thani Manila in Makati City on Nov. 22.

The message, meant to be taken literally and figuratively, warns of the growing threats to cybersecurity in an increasingly digital world and the lack of the adequate awareness regarding them.

For instance, in a separate report made by multinational cybersecurity firm Kaspersky Lab, the Philippines was ranked among the top 10 targets of online attacks in the last quarter, with the number of reported malware incidents jumping more than fourfold to 8.1 million from 1.8 million a year ago.


In the Philippines, reported data breaches have grown more than threefold to 834 in the 10 months to October period from 221 in full-year 2017, according to official data presented by National Privacy Commission Chairman Raymund E. Liboro.

However, such attacks only comprise 47% of data breaches in the country. Over half (53%) of all data breaches are caused by the negligence of the companies handling the data, whether through system glitches or human errors.

The root causes of breaches are in everyday incidents, like lost or stolen laptops or data storage devices, mishandling of data by employees who are authorized to access sensitive data, or improper disposal of paper records.

“Cybersecurity must take a whole new meaning for everybody,” Mr. Liboro said. “Each of us has the potential to do good with your device and the data you process, but each of us also has the capacity now to harm others.”

The dangers of a society flush with so much data is not immediately apparent to casual users of smart devices and social media platforms like Facebook and Twitter. With so much of it floating around, how much harm could it really do?

As Genalyn B. Macalinao, policy lead of the Cybersecurity Bureau of the Department of Information and Communications Technology, pointed out, it is not that difficult to obtain anyone’s private data if you know where to look.

In her presentation, she pointed out the existence of the Dark Web, a collection of Web sites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers.

Through such Web sites, individuals can easily purchase illegal substances, weapons, and child pornography. Credit card information, personal data, and other sensitive information are also available for as low as eight dollars.

“You don’t even need to be technically skilled to damage an organization or agency,” Ms. Macalinao said.

Without significant cybersecurity measures, almost anyone can have the means to initiate bank heists, deface or tamper with government Web sites, control medical equipment and records, manipulate navigation systems, or even override critical systems controlling oil and gas.

Angel T. Redoble, Chief Information Officer of the ePLDT Group, pointed out that with every advancement of the digital age, the impact of cyberattacks like these grows exponentially. This is not to mention the financial motivation that goes with it.

Zerodium, an American information security company which pays hackers to find holes  in cybersecurity systems of large corporations, posted a $500,000 bounty for Apple’s iOS exploits in 2016. In 2017, that bounty tripled to $1.5 million. The Dark Web, Mr. Redoble said, could pay as much for stolen data.

“Technology can damage culture. We’re just not aware of it,” Dominic ‘Doc’ Ligot, founder and chief technology officer of CirroLytix Research Services, told the audience.

Mr. Ligot, who talked about the ethical aspects of cybersecurity and the practical benefits of being an ethical company, said that data privacy concerns are a symptom. The fundamental problem is data misuse.

“I’m a data engineer and a data scientist. I’m telling you now, more and more people are going to enter my field, and they’re going to be accessing your data — legitimately — and if you don’t train them properly, they are going to be unethical,” he warned.

It starts with the companies themselves. Raul R. Cortez, legal corporate affairs director of Microsoft Philippines, Inc., said that organizations should look beyond the costs of cybersecurity solutions to truly understand its value.

“As members of organizations and businesses, we need to talk about and drill down what cybersecurity really means,” he said.

Mr. Liboro suggested that companies start with appointing a chief data officer who will be accountable for the protection of their private data.

“This is where it should start. Everybody, from the top to the bottom, needs to be assessed how they process personal data. If this data falls into another’s hands, what would happen? You have to start somewhere,” he said.

“We’re talking about attitudes, we’re talking about ethics, we’re talking about behavior. Because it is that,” he added.

Bobby Soriano, certified security analyst, computer hacking forensic investigator and ethical hacker from the International Council of Electronic Commerce Consultants, agreed.

“The long-lasting idea for security, privacy, and safety always rebounds to behavioral change, and not technology,” he said.

“Technology always changes. It’s rather difficult to catch up to technology, but foundations of behavioral changes will take us a long way,” he added.

“Cybersecurity needs to be a holistic approach,” Ms. Macalinao said. “It should not neglect the human factor. There needs to be investments on what makes us better as humans over technology.”

The BusinessWorld Cybersecurity Forum was presented by BusinessWorld Publishing Corp., with sponsors Globe Business and IP Converge Data Services, Inc., media partner Philippine Star, hotel partner Dusit Thani Manila, and event partner Fiera de Manila.