A MULTI-COUNTRY initiative is expected to boost cybersecurity infrastructure and practices in the Philippines, according to experts.

The ASEAN-Japan Cybersecurity Community (AJCC), which the Philippines is a member of, aims to leverage regional partnerships through international conferences to sustain an information security and cybersecurity community of practices.

“It is about time that a multi-country approach spearheaded by communities of practice will join hands to fight against cybercriminals,” Sam Jacoba, founding president of the National Association of Data Protection Officers of the Philippines and conference chair of the CyberSecConPH, said during a press conference.

“We can only strengthen the cybersecurity community if it is built on collaboration, cooperation, communication, and contribution,” said Angel “Lito” S. Averia, Jr., president of the Philippine Computer Emergency Response Team (PhCERT).

Kaspersky earlier said the Philippines was the second most attacked country by web threats last year, with 39,387,052 internet-borne threats detected. The country placed fourth in 2021.

It also saw 2,409,085 brute force or trial and error attacks among remote workers, 52,914 financial phishing cases among business, 24,737 crypto-phishing cases, 15,732 mobile malware cases, and 50 mobile banking Trojan cases last year, according to data from Kaspersky.

The Philippines will be represented by 20 cybersecurity experts and entrepreneurs at the International Conference on the AJCC in Tokyo, Japan on Oct. 5-6.

Rudi Lumanto, founder and advisor of the Indonesia Network Security Association, said a strong government mandate and increased public education are pillars of best cybersecurity practices.

“Everybody has a responsibility to educate themselves and the people around them,” Mr. Lumanto said.

Seiichi Ito, chair of the international relations committee at the Japan Network Security Association, said governments must focus on enhancing the power to develop and protect critical infrastructure for cybersecurity.

“The gap between the government and communities is quite high,” Mr. Ito said on the primary challenge of cybersecurity, citing the need for capacity building and information sharing at the national level.

Mr. Jacoba suggested benchmarks for industry best practices, like how much should be spent on infrastructure and what kind of training must be done to manage protection, among others.

Meanwhile, Mr. Averia pushed for the implementation of minimum information security standards for both the public and private sector, in response to the resurgence of text message scams.

“The problem is that the adoption of ISO (International Organization for Standardization) 27001 or any other ISO standards is very expensive,” he said on implementing ISO-certified standards for information security management systems.

He noted that it will take the Philippines a long time to comply with international standards and frameworks.

Mr. Jacoba said the Philippines needs at least about 108,000 chief information security officers (CISOs) among registered establishments, assuming that only 10% of the 1.08 million businesses listed by the national statistics agency are critical to the lives of Filipinos.

“Actually, you don’t just need one (CISO),” he said on the urgency of collaborative cybersecurity solutions in the country. “You need a team to look after your infrastructure, ecosystem, and solutions.”

Mr. Averia said mandatory reporting mechanisms for companies must be strengthened.

“We have been pushing for them to share breaches at the technical level so we can learn,” he said.

“Cybersecurity used to be an IT issue,” he added. “We have to go beyond that mindset,” he added. “Cybersecurity is now everybody’s responsibility, cutting across organizations — from senior management all the way down to the smallest user.” — Miguel Hanz L. Antivola