Trust has always been the invisible infrastructure of economic life. From traditionally handwritten contracts to modern banking systems, societies function because individuals believe that transactions will be honored, identities verified, and systems protected.
Today, however, that trust is being renegotiated in a rapidly expanding digital environment — one where borders are porous, threats are decentralized, and security is no longer optional but foundational.
Within the Philippine economy, accelerated digitalization introduces structural vulnerabilities. The more transactions migrate online, the larger the attack surface becomes. This borderless nature of cyber risk fundamentally alters how trust must be constructed. It can no longer rely on jurisdictional enforcement alone. Instead, it must be embedded within systems themselves.
Trust as precondition for economic growth
At the heart of modern cybersecurity is the realization that implicit trust is a vulnerability. In the third episode of the BusinessWorld B-Side podcast series “Where the Digital World Converges: Conversations on Cloud,” Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Ian Dy makes this explicit.
“The new concept of nation building is that you have trust in commercial transactions,” Mr. Dy said. “People should be able to trust transactions in digital space. Otherwise, e-commerce wouldn’t thrive.”
This reframes cybersecurity as a public good. Just as financial institutions depend on regulatory oversight and consumer confidence, digital ecosystems require robust security to sustain participation.
The human element
Despite advances in technology, the most vulnerable link in cybersecurity remains human behavior. As Mr. Dy emphasizes that many threats, particularly in the Philippine context, are low-value but high-frequency attacks targeting ordinary users: “Even if you say it’s only P200, P500, it’s still a lot,” especially for those living day-to-day.
Andrew T. Malijan, Chief Information Security Officer of Converge, reinforces this by pointing to a gap between physical and digital intuition.
“For me, with the analogy of a physical city, you understand what to watch out for. If it’s digital, sometimes you are not so aware anymore,” Mr. Malijan noted.
The lack of awareness creates fertile ground for scams that rely not on technical sophistication but on behavioral manipulation.
These attacks often take the form of phishing, SMS scams, or fraudulent links — what might be considered “digital petty crimes.” As Mr. Malijan notes, many of these begin broadly and opportunistically: “It starts as non-targeted.”
Addressing such threats requires more than technical solutions; it demands widespread digital literacy. Mr. Malijan underscores the basics: “You have to have that password, that PIN. You don’t have to give it to someone else.”
However, beyond procedural knowledge lies a deeper need for cultural adaptation.
“There is training, there are also campaigns, and there’s also targeted efforts for culture,” Mr. Dy explains.
National security and systemic trust
At a national level, cybersecurity takes on strategic significance. As citizens focus on financial security, governments prioritize “critical information infrastructure.”
These infrastructures, ranging from power grids to healthcare systems, are increasingly digitized and therefore exposed.
Compounding this risk is the ambiguous status of cyberattacks in international relations. As noted, such attacks are not considered as part of warfare, allowing adversaries to operate in a legal gray zone.
Mr. Malijan adds another layer to this uncertainty: “Where does it come from? Who is attacking? What do they want? These are the questions. It’s a prelude to something.”
These questions underscore the opacity of cyber threats, where identifying the actor is often as challenging as mitigating the attack itself.
From prevention to resilience
The episode also highlighted the inevitability of cyberattacks, which should prompt among organizations a shift from prevention-centric models to resilience-based approaches.
“Consider yourself compromised every single day. Something will happen,” Mr. Malijan stated.
The focus, then, shifts to recovery — how quickly systems can detect, respond, and restore operations.
In Mr. Malijan’s framing, even awareness is probabilistic: “What if I’m compromised? You won’t feel it.”
The reframing alters the meaning of trust: It is no longer about believing that systems are impenetrable but trusting their capacity to withstand and recover from disruption.
Zero trust and continuous verification
At the architectural level, this evolution is embodied in the principle of zero trust. Contrary to conventional models, zero trust operates on the assumption that no user or system should be inherently trusted.
“The default state of the system is ‘deny all’,” Mr. Dy explains, with access granted only on a need-to-know basis. This reflects the “secure default mechanism” and the “least privileged principle,” which limit exposure by restricting permissions.
In this environment, trust is never owned by a user; it is temporarily lent by the system, contingent upon a set of conditions that can be revoked in milliseconds as the context changes. This ensures that even if a credential is compromised, the window of opportunity for an attacker is drastically narrowed.
Listen to the full episode on BusinessWorld B-Side on Spotify (hyperlink Spotify ep) or watch on BusinessWorld’s official YouTube channel (hyperlink video ep).
Spotlight is BusinessWorld’s sponsored section that allows advertisers to amplify their brand and connect with BusinessWorld’s audience by publishing their stories on the BusinessWorld Web site. For more information, send an email to online@bworldonline.com.
Join us on Viber at https://bit.ly/3hv6bLA to get more updates and subscribe to BusinessWorld’s titles and get exclusive content through www.bworld-x.com.
