By Francis Allan L. Angelo
The recent cyberattack on the Department of Science and Technology (DOST) has spotlighted critical vulnerabilities within Philippine government agencies. The breach, which resulted in the loss of 2 terabytes of sensitive data, has significantly impacted ongoing research projects and highlighted the need for robust cybersecurity measures.
In an interview, Nathan Wenzler, Chief Cybersecurity Strategist at Tenable, discusses the implications of this attack, the role of AI in cybersecurity, and steps for enhancing cyber defenses.
The DOST Breach
The attack on DOST resulted in the theft of 2 terabytes of data, including vital research plans, designs, and schematics. This data loss has delayed ongoing research and development projects. Additionally, DOST IT administrators and employees were locked out of their systems, severely hampering their ability to perform their duties. This incident has not only damaged DOST’s reputation but also raised serious concerns about the cybersecurity posture of Philippine government agencies.
Wenzler explained, “It is not known at this time what the attack vector was or how the attackers compromised the network, as the investigation is ongoing. However, this incident highlights the need for robust cybersecurity measures within government agencies such as implementing stronger authentication protocols, regularly patching systems, and raising employee awareness about cyber threats – all crucial steps in fortifying defenses.”
Lessons for Government and Private Sector
The breach at DOST underscores the importance of strong cyber hygiene practices. Organizations must maintain a comprehensive and continuous understanding of all assets, applications, credentials, and user accounts. This includes entitlements, which define what a user is allowed to do within the system, for both on-premises and cloud environments.
“Many standards organizations and security frameworks have moved toward a continuous assessment model to ensure that a complete understanding of the environment is maintained and that any changes or new risks are identified as quickly as possible to mitigate these issues before an attacker can exploit these weaknesses,” Wenzler emphasized.
Implementing basic cyber hygiene practices, such as patching systems, providing minimal access necessary for users, and ensuring all assets are configured and hardened appropriately, is crucial. Moreover, deploying a broad set of monitoring and assessment tools can help maintain the integrity of critical services and functions.
Cybercriminals Leveraging AI
Despite widespread fearmongering, AI has not yet revolutionized malware creation. “Code created by AI tools is still very flawed and requires a lot of tweaking and rewriting to be weaponized effectively,” Wenzler noted. However, cybercriminals are using AI tools to craft more realistic and language-appropriate phishing emails, making them harder to detect.
AI Bolstering Cybersecurity Defenses
Generative AI tools can significantly benefit security practitioners by enabling faster analysis of risk and threat data. These tools can process and analyze vast amounts of data to identify organizational risks quickly. For instance, AI can prioritize which of 100 vulnerable laptops needs immediate attention by analyzing identity data, vulnerability data, configuration data, and basic asset data simultaneously.
“Generative AI tools are designed to ingest large datasets about assets and provide crucial context for analysts,” Wenzler explained. This capability helps security professionals make quicker decisions and prioritize critical systems for patching, mitigating significant business risks before attackers can exploit them.
Realistic Capabilities vs. Exaggerated Claims
Wenzler cautioned against the myth that AI will fundamentally change everything about cybersecurity. The real power of AI lies in its ability to parse through large datasets and identify patterns and relationships. This is particularly useful for security operations center (SOC) analysts who deal with numerous alerts and data points. AI can help prioritize and surface the most critical findings, allowing analysts to respond more quickly and effectively.
Vulnerabilities in the Philippines
The rapid digitalization in the Philippines has not been matched by adequate investments in cybersecurity. This disparity leaves both public and private sector organizations vulnerable to attacks. The number of web threats detected and blocked in the country nearly doubled between 2019 and 2020, with phishing attacks remaining a significant threat.
“The Philippines’ rapid digitalization raises concerns about implementing effective cybersecurity practices,” Wenzler stated. Organizations must invest in developing robust security policies and ensure their effective execution.
Despite the rise in cyberattacks, many attackers continue to use well-established tactics, such as exploiting known vulnerabilities, phishing, ransomware, and credential compromises. These methods can be countered through fundamental cyber hygiene practices and proactive monitoring and assessment.
Empowering Cybersecurity Professionals
AI can significantly enhance the capabilities of cybersecurity professionals. Attack Path Analysis (APA) tools, for example, provide a visualization of potential threats and prioritize mitigation strategies. By integrating data from various sources, these tools help organizations assess exposures and implement effective security controls.
Generative AI can further streamline decision-making by analyzing data from multiple security tools and providing simple, actionable insights. This reduces analysis time and accelerates mitigation efforts, which is particularly valuable for organizations with limited staff resources.
Successful Examples of AI in Cybersecurity
AI is transforming cybersecurity from a reactive to a proactive stance. GenAI tools can filter out noise from vast datasets, allowing security professionals to focus on the most urgent threats. They can also analyze information at a much faster pace, enabling real-time decision-making and threat assessment.
Wenzler mentioned a study by Forrester Consulting that found 67% of security professionals are interested in using GenAI for preventive cybersecurity. This highlights the growing recognition of AI’s potential to revolutionize cybersecurity practices.
Implementing Robust Frameworks
Effective cybersecurity measures require dynamic risk management practices. More frameworks are emphasizing continuous threat and risk assessment models that encompass the entire attack surface within an organization. This involves identifying all assets, assessing their security risk posture, and using this data to make informed decisions about mitigation and defense strategies.
Improving Threat Detection and Response
Gaining complete visibility into all assets is crucial for detecting threats and building proper response strategies. This involves maintaining an inventory of all applications, servers, workstations, user credentials, cloud workloads, virtual systems, and operational technologies. Understanding what constitutes normal behavior is essential for identifying abnormal activities that may indicate a cyberattack.
Public-private sector partnerships that promote threat intelligence sharing can also enhance threat detection capabilities. These partnerships allow organizations to benefit from broader visibility into the threat landscape and implement defenses more effectively.
The DOST cyberattack has underscored the urgent need for enhanced cybersecurity measures in the Philippines.
By adopting strong cyber hygiene practices, leveraging AI tools for better threat detection and response, and fostering public-private partnerships for threat intelligence sharing, organizations can significantly improve their cybersecurity posture.
As Wenzler pointed out, “Robust cybersecurity measures are essential to fortify defenses against such attacks.”
