COMPANIES in the Philippines are not able to address nearly half of legitimate cybersecurity threats they receive, a study published by Cisco Systems, Inc. (Cisco) showed.
According to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, in the region, companies receive six threats every minute but only 50% of alerts are being investigated.
The study was conducted by independent third-party researchers had more than 2,000 respondents across 11 countries — China, Korea, Japan, Singapore, Thailand, Malaysia, Vietnam, Philippines, Indonesia, Australia, and India.
For the Philippines, there were 150 respondents from the financial services, telecommunications, retail, and software industries all classified as medium and large enterprises.
The study showed 42% of the Philippine respondents said they receive 5,000 alerts per day, although this share is among the lowest in Southeast Asian countries.
“As compared to Singapore, we are not as digitized yet… Second is the cybersecurity law and data privacy act that’s recently been implemented has created a lot of awareness and education… While the number of attacks is less compared to the other five [Southeast Asian countries], it’s a statistical model… We are not discounting the fact that it may be less in volume, but…the attacks could be bigger,“ Karrie C. Ilagan, Cisco Systems Philippines Managing Director, told BusinessWorld on the sidelines of a briefing on the study yesterday when asked why the result was better than other countries in the region.
However, on average, local firms investigate just 50% of the alerts they receive. Of those investigated, 30% turn out to be legitimate, of which just 51% are acted upon and corrected.
Attacks were not observed just in the information technology infrastructure, but also in the operational infrastructure, which includes the data center, cloud services, and endpoints. About 19% of respondents said they encountered such attacks on their operational infrastructure, and more than a quarter expect these in the coming year.
“The threat is really becoming bigger… The new kind of security discussion or conversation is happening globally. The security has gone beyond borders because of this. Cybersecurity has become an industry. The cyber-hacking industry is massive globally and that’s precisely why you see a lot of actors coming about in many parts of the world… because of the amount of data that is available today and how these data has become a source of revenue, income,” Ms. Ilagan said.
Still, the study showed that companies in the country had the largest percentage in terms of allotting budget both for information technology and security.
“The Philippines had the largest percentage of companies, at 37%, whose security budget is completely separate from the IT budget. That’s one of the reasons why we think the Philippines is actually doing much better in terms of ranking… Bottom line, I think this is good news,” Ms. Ilagan said.
Earlier this year, Cisco said in a study that the Philippines needs to spend $8.8 billion between 2018 and 2025 to be in line with the average benchmark and $22.8 billion to be in line with “global best-in-class countries” in the same period.
In the region, 60% of the respondents said cybersecurity attacks cost them more than $500,000, while 51% of cyberattacks resulted in losses of more than $1 million. These costs includes lost revenue, lost customers, lost opportunities and out-of-pocket costs, among others.
With multiple security providers coming and companies engaging different providers, identifying and managing threats take longer. The study said 97% of respondents in the Asia Pacific are having a hard time managing the multiple alerts they receive from these vendors. — V.M.P. Galang