IBPAP on the recent cyberattacks and hacking incidents

The recent surge in cyberattacks targeting the government’s critical information and communications technology (ICT) systems is a serious threat that requires immediate attention.

The IT and Business Process Association of the Philippines (IBPAP) is deeply alarmed by these malicious acts, which not only jeopardize the operations of the IT-BPM industry but also the reputation of the Philippines as an attractive investment destination.

IBPAP recognizes the need to maintain a heightened state of alertness, recognizing the inherent risks from its dependence on digital technologies and systems that host substantial volumes of sensitive data.

The Philippine IT-BPM industry, which is projected to generate revenues of USD35.4 billion by the end of 2023, acknowledges that a successful cyberattack could potentially lead to substantial losses.

More importantly, the ramifications of cyberattacks extend beyond immediate financial losses. They can inflict lasting damage on businesses, leading to client attrition, reputational harm, and long-term financial implications.

Amid the recent cyberattacks, the sector remains steadfast in promoting the recommendations outlined in the Philippine IT-BPM Industry Roadmap 2028 for countering cyber threats at the organizational level:

  • Adopt a zero-trust approach: Implement a zero-trust architecture to ensure that no user or device is automatically trusted, and that verification is required at every step.
  • Invest in artificial intelligence (AI) and machine learning (ML)-led threat hunting: Utilize AI and ML technologies to proactively identify and mitigate potential threats.
  • Enhance threat intelligence capabilities: Develop robust threat intelligence capabilities to include monitoring and analyzing threat intelligence feeds, collaborating with peers in the sector, and leveraging threat intelligence platforms.
  • Strengthen cybersecurity skills: Address the cybersecurity skills gap by investing in training and upskilling programs for employees.
  • Implement strong data privacy and security measures: Establish policies and frameworks to protect sensitive data and ensure compliance with data privacy regulations.
  • Regularly update and patch systems: Keep all software, applications, and systems up to date with the latest security patches and updates. Regularly scan for vulnerabilities and apply necessary patches to mitigate potential risks.
  • Conduct regular security assessments: Perform regular security assessments and penetration testing to identify vulnerabilities and weaknesses in the organization’s infrastructure.
  • Educate employees on cybersecurity best practices: Conduct cybersecurity awareness training programs to educate employees about common cyber threats, phishing attacks, password hygiene, and other best practices to ensure a security-conscious workforce.
  • Establish incident response plans: Develop and regularly update incident response plans to effectively respond to and mitigate the impact of cyberattacks. This includes defining roles and responsibilities, establishing communication channels, and conducting regular drills and simulations to ensure preparedness.

Given the vital contribution of technology and the IT-BPM industry to the economy, IBPAP urges the government to ensure that robust data privacy and cybersecurity laws are established to deter cyberattacks and threats across sectors. In this light, we recommend that the government:

  • Approve and implement the National Cybersecurity Plan 2023-2028, which outlines the Philippines’ overall strategy in combating cyber threats that could cripple the economy and national security.
  • Certify as urgent the passage of the proposed Critical Information Infrastructure Protection Act, which provides a clear reporting mechanism and policy framework for public and private institutions in safeguarding the ICT systems of critical information infrastructures from cyber threats and attacks.
  • Amend the Cybercrime Law to facilitate the legal proceedings against cybercrimes perpetrated by employees that damage the reputation of Philippine IT-BPM and other industries. IBPAP has taken the lead in communicating the urgency of addressing fraud within our sector and the inability of our members to take legal action against culpable individuals due to constraints set by current laws and regulations. We are grateful to House Speaker Ferdinand Martin Romualdez, Representative Manuel Dalipe, Rep. Yedda Marie Romualdez, and Rep. Jude Acidre for filing House Bill No. 9261, amending the Cybercrime Prevention Act of 2012 in September.

IBPAP advocates for public-private partnerships, calling for a cohesive approach to combat cyber threats. Consistent with Roadmap 2028, we pledge to participate in partnerships and collaborations with industry stakeholders, government agencies, and cybersecurity organizations to exchange threat intelligence, best practices, and cooperate on cybersecurity initiatives to create a safer Philippine cyber space.

Reference:     Jack Madrid

President & CEO