Saturday, April 26, 2025

Cybersecurity threats-Technological Risk

CHAPTER 1: INTRODUCTION TO CYBERSECURITY RISKS IN THE PHILIPPINES

Section 1.1: Overview   Cybersecurity issues are becoming a growing concern for both businesses and government in the Philippines. As more companies move their work online, the chances of falling victim to attacks like phishing, ransomware, or data leaks go up. The country has the Data Privacy Act of 2012 (RA 10173), which stresses the importance of having strong cybersecurity practices—especially now, with several high-profile data breaches and cases of financial fraud making headlines.

Section 1.2: Importance of Risk Management   Risk management is all about identifying, understanding, and dealing with possible problems before they happen. According to Wikipedia (2025), good risk management uses tools like risk registers and risk matrices to get a grip on things like cybersecurity threats and figure out ways to handle them.


CHAPTER 2: IDENTIFYING CYBERSECURITY RISKS

Section 2.1: Common Cybersecurity Threats

  • Phishing attacks targeting employee credentials

  • Ransomware attacks paralyzing operations

  • Insider threats and data theft

  • DDoS attacks on government portals

  • Malware compromising private networks

Cybersecurity Risk Register

IDRisk DescriptionCategoryLikelihood<br>(1–5)Impact<br>(1–5)Risk Level<br>(L x I)Risk RatingRecommended Controls
R-001Phishing attacks targeting employee credentialsSocial Engineering / External Threat2 (Possible)3 (Moderate)6MediumImplement anti-phishing training; enable multi-factor authentication (MFA); deploy email filtering systems
R-002Ransomware attacks paralyzing operationsMalware / Critical Disruption2 (Possible)3 (Moderate)6MediumRegular data backups; patch management; endpoint protection and behavior-based detection tools
R-003Insider threats and data theftInternal Threat / Human Factor2 (Possible)3 (Moderate)6MediumRole-based access controls; conduct employee background checks; implement logging and auditing systems
R-004DDoS attacks on government portalsExternal Attack / Availability Risk2 (Possible)3 (Moderate)6MediumUse DDoS mitigation services; traffic monitoring; redundant servers and network capacity
R-005Malware compromising private networksMalware / Network Intrusion2 (Possible)3 (Moderate)6MediumDeploy firewalls and IDS/IPS; user access control; endpoint protection and threat intelligence feeds

Legend for Risk Ratings

  • Likelihood:
    1 (Rare), 2 (Possible), 3 (Likely), 4 (Very Likely), 5 (Almost Certain)

  • Impact:
    1 (Minor), 2 (Low), 3 (Moderate), 4 (Major), 5 (Critical)

  • Risk Level (L x I):
    1–4 = Low, 5–9 = Medium, 10–15 = High, 16–25 = Critical


CHAPTER 3: TECHNOLOGICAL RISK IN PRIVATE AND PUBLIC SECTORS

Section 3.1: Private Sector Vulnerabilities

  • E-commerce sites (payment information breaches)

  • Financial institutions (BSP monitoring, fintech vulnerabilities)

  • Retail and logistics (customer data leaks)

Section 3.2: Public Sector Vulnerabilities

  • Local government units (LGUs) with limited IT infrastructure

  • Government portals (PhilHealth, Comelec data breaches)

  • Education institutions (student and staff information)

Section 3.3: Legal and Regulatory Landscape

  • RA 10173- Data Privacy Act of 2012   and Cybersecurity protocols from DICT (Memorandum Circulars)

  • Tasked with investigating data breaches, digital fraud, and online exploitation-NBI Cybercrime Division. 

Risk Register: Data Privacy and Cybersecurity Vulnerabilities

Risk IDRisk DescriptionSectorLikelihood (L)Impact (I)Risk Level (L × I)Risk RatingMitigation / Controls
R1Payment information breach on e-commerce sitesPrivate4520CriticalEnforce PCI-DSS compliance, implement 2FA, regular vulnerability testing
R2Fintech platform exploited due to weak integration or poor encryptionPrivate3515HighBSP oversight, regular code audits, secure API practices
R3Customer data leak in retail/logistics firmsPrivate4416CriticalData encryption, access control policies, employee cybersecurity training
R4Cyberattack on LGUs with outdated systemsPublic5420CriticalUpgrade infrastructure, DICT support for local IT, cybersecurity drills
R5Government portal breach (e.g., PhilHealth, Comelec)Public4520CriticalThird-party audits, endpoint security, immutable logging systems
R6Unauthorized access to student/staff records in schoolsPublic3412HighPrivacy policies, access logs, educator IT training
R7Non-compliance with RA 10173 and DICT circularsLegal339MediumConduct Privacy Impact Assessments (PIAs), legal training, policy reviews
R8Lack of coordination with NBI Cybercrime Division during breach responseLegal248MediumEstablish MOUs, create response SOPs, include NBI in drills

CHAPTER 4: RISK RESPONSE STRATEGIES

  • Section 4.1: Preventive Controls Proactive steps called preventive controls are intended to lessen or completely eradicate the possibility of cybersecurity threats. By preventing incidents before they happen, these controls are meant to protect the organisation from the start.

    Putting in place strong firewalls, antivirus software, and endpoint security:

    Firewalls: Controlling incoming and outgoing traffic to stop unwanted access, firewalls serve as a barrier between an organization's internal network and the public internet. Strong firewalls are able to identify malicious activity and stop damaging traffic.

    Antivirus: Malware, such as viruses, worms, and Trojan horses, is identified, stopped, and eliminated by antivirus software. To identify new threats and offer continuous defence against malicious software that is constantly evolving, it should be updated on a regular basis.

    Protecting devices like laptops, smartphones, and other endpoints that connect to the network is the main goal of endpoint security. To prevent individual devices from being compromised, which could allow hackers to gain access to the network, this involves using antivirus software, encryption, and secure configurations.

    Maintaining Frequent Firmware and Software Updates:

    Cybercriminals frequently take advantage of flaws in out-of-date firmware and software. Organisations can guarantee that any security vulnerabilities are quickly fixed by updating their systems on a regular basis. Updates should be controlled to guarantee that systems are running the most recent security features and lower the risk of zero-day vulnerabilities.

    Protecting Private Information While It's in Motion and at Rest:

    Sensitive information, like financial records or customer information, is safeguarded during network transfers thanks to encryption. Data sent over the internet is encrypted using popular protocols like TLS/SSL.

    Data at Rest: Databases and servers that store data are also protected by encryption. This guarantees that sensitive data cannot be read or misused by an attacker, even if they manage to physically access storage devices.

  • Section 4.2: Controls for Detectives
    Detective controls are tools that assist in spotting possible security breaches in real time or soon after they happen. In order to prevent additional harm, these controls allow for prompt responses and investigations.

    Monitoring a network in real time:

    Tools for real-time monitoring keep tabs on user activity, system logs, and network traffic in order to spot any irregularities or questionable activity. It is feasible to spot possible dangers or illegal access attempts as soon as they happen by continuously monitoring network activity.

    Systems for Security Information and Event Management, or SIEMs:

    SIEM systems collect and examine security information from a variety of network sources, including servers, firewalls, and endpoints. By sending out alerts about anomalous activity, they assist security teams in promptly identifying incidents and comprehending the attack's context. SIEM systems are crucial for spotting complicated threats that could have several different attack routes.

    Evaluations of Cyber Hygiene through Penetration Testing:

    Penetration testing, also known as "ethical hacking," mimics actual cyberattacks on systems in order to find weaknesses. Frequent testing enables businesses to assess the security posture's strength, spot flaws, and implement fixes before an actual attack takes place. These evaluations are essential for understanding possible risks and preserving continuous cyber hygiene.

  • Section 4.3: Remedial Actions
    Following the detection of a security incident, corrective measures are actions taken to return systems to a secure state and lessen the impact of the attack. These steps are intended to limit the harm, heal from the event, and stop it from happening again.

    Incident Response Plans:

    An organization's response to a cybersecurity incident is guided by a predetermined set of procedures known as an incident response plan. Roles and responsibilities, communication procedures, containment and mitigation techniques, and recovery steps are all included in the plan. Minimising damage and quickly resuming operations require a well-documented and practiced incident response plan.

    Procedures for Data Backup and Disaster Recovery:

    Restoring vital systems and data following a cyberattack or system failure is known as disaster recovery. Data backup procedures make sure that copies of crucial information are safely kept, allowing for recovery in the event of a ransomware or corrupted data attack. For any disaster recovery plan to be successful, backups must be tested frequently and kept current.

    Retraining and disciplinary actions for employees:

    Corrective measures might be necessary if it is discovered that employees have intentionally or inadvertently broken security policies. Retraining, disciplinary actions, and other corrective measures may fall under this category. By keeping staff members up to date on security threats and best practices, retraining programs can help avert future occurrences of the same kind of incidents.

  • Section 4.4: Training and Awareness
    Establishing a security-conscious culture within the company requires training and awareness initiatives. Employees and stakeholders are guaranteed to comprehend the risks and obligations related to cybersecurity through education.

    Employee Onboarding Requires Cybersecurity Training:

    All new and current employees should be required to complete cybersecurity training by their organisations. Basic subjects like password management, phishing prevention, using company devices securely, and being aware of common threats should all be covered in this training. Making sure that every employee understands the fundamentals of cybersecurity lowers the possibility that a breach will result from human error.

    DICT-Coordinated Public-Private Cybersecurity Exercises:

    For cybersecurity drills and exercises, the Department of Information and Communications Technology (DICT) frequently works with businesses in the private sector. By simulating cyberattacks, these exercises give organisations a controlled setting in which to rehearse their response plans. These exercises guarantee that organisations are ready for any cybersecurity incident and enhance coordination between public and private entities.

    Campaigns to raise awareness online, such as National Cybersecurity Awareness Month:

    Public education about the significance of cybersecurity is the goal of awareness campaigns like National Cybersecurity Awareness Month. These campaigns frequently offer training sessions, advice, and resources to help people and businesses learn how to stay safe online. At the individual and organisational levels, public awareness campaigns are a powerful instrument for creating a society that is more concerned about security.


CHAPTER 5: INSTITUTIONAL ROLES AND COLLABORATION

Section 5.1: DICT Initiatives

  • Philippine National Cybersecurity Plan 2022

  • Establishment of the Cybersecurity Management System (CMS)

  • Partnerships with private tech companies

Section 5.2: Role of NBI Cybercrime Division

  • Investigation and prosecution of cyber offenses

  • Cyber patrolling and digital forensics

  • Coordination with INTERPOL and ASEAN digital crime units

Section 5.3: Industry Collaboration

  • BSP’s cybersecurity regulations for banks

  • Financial sector collaboration with cybersecurity vendors

  • Tech startup partnerships for cyber innovation (Steve Glaveski, 2025)


CHAPTER 6: STRATEGIC OUTLOOK AND INNOVATION

Section 6.1: Adopting Competitive Cyber Strategies

  • Michael Porter’s Five Forces: Cyber resilience as a strategic differentiator

  • Digital trust as a brand value in a saturated market

  • Tech-driven innovation in retail and finance (NielsenIQ, 2025)

Section 6.2: Building Future-Ready Systems

  • Leveraging AI and machine learning for threat detection

  • Cloud infrastructure with zero-trust architecture

  • Regional cybersecurity centers in Subic, Cebu, and Davao (proposed by DICT)


CHAPTER 7: CONCLUSION

Section 7.1: Summary of Recommendations To mitigate medium-level cybersecurity threats in the Philippine setting:

  1. Implement strong cybersecurity measures

  2. Regularly update security protocols

  3. Conduct frequent employee training

  4. Strengthen coordination with DICT and NBI

  5. Build digital resilience across sectors

Section 7.2: Final Thought The rise of cyber threats in the Philippines demands coordinated action across government, industry, and civil society. As digital adoption accelerates, so too must our commitment to cybersecurity.

References: 

  1. Wikipedia contributors. (2024, November 8). Risk register. Wikipedia. https://en.wikipedia.org/wiki/Risk_register
  2. Nizhebetskyi, D., & Nizhebetskyi, D. (2023, October 16). Risk Response Strategies (Definitive Guide with Examples). IT PM School - Practical IT Project Management. https://itpmschool.com/risk-response-strategy/ Access on April 25, 2025
  3. Wikipedia contributors. (2025, January 7). Risk matrix. Wikipedia. https://en.wikipedia.org/wiki/Risk_matrix
  4. Wikipedia contributors. (2025, February 21). Risk management. Wikipedia. https://en.wikipedia.org/wiki/Risk_management
  5. How to differentiate your business in a saturated market. (n.d.). https://www.steveglaveski.com/blog/how-to-differentiate-your-business-in-a-saturated-market
  6. The Five Competitive Forces That Shape Strategy by Michael E. Porter. (n.d.). https://piazza.com/class_profile/get_resource/iyd2tysc6fj5aa/iyxgbroqf172cb
  7. Andrea Ozias. (n.d.). Beating Disruption: How to Win in the Fight to Be First. https://www.pragmaticinstitute.com/resources/articles/product/beating-disruption-how-to-win-in-the-fight-to-be-first/.
  8. Raymund Chao. (2022). Asia Pacific’s time: Responding to the new reality. In https://www.pwc.com/gx/en/asia-pacific/asia-pac-time/asia-pacific-time-report-2.0.pdf. Retrieved April 25, 2025, from https://www.pwc.com/gx/en/asia-pacific/asia-pac-time/asia-pacific-time-report-2.0.pdf
  9. NielsenIQ. (2025, March 27). Navigating the Future of Retail: Driving Innovation and Consumer Spending - NIQ. NIQ. https://nielseniq.com/global/en/insights/education/2024/navigating-the-future-of-retail-driving-innovation-and-consumer-spending/   

            10.  https://www.bsp.gov.ph/Pages/InclusiveFinance/FinancialInclusionDashboard.aspx 

            11. Republic of the  Philippines. (2012). Data Privacy Act of 2012 (Republic Act No. 10173). https://www.officialgazette.gov.ph/2012/08/15/republic-act-no-10173/ 

            12 .Department of Information and Communications Technology (DICT). (2023, June 5). DICT to establish cybersecurity centers in Subic, Cebu, and Davao. https://dict.gov.ph/dict-to-establish-cybersecurity-centers-in-subic-cebu-and-davao/

No comments:

Post a Comment

Complete Analysis of Near Miss Accidents: Trips, Slips, and Falls in an Office Setup

 Analysis of Trips, Slips, and Falls in an Office Setup Using Risk Matrix Decision Tree Analysis, FMEA, and Bow Tie. 1. Risk Matrix Analysis...