‘High Time For Companies To Reassess, Enhance Cybersecurity Measures’
“We need to prevent information (from) being stolen…we need experts, we need people who (know) about cybersecurity. It’s a necessity in every organization,” Ivan Dianga, sales director for Collabera Digital, said.
It is “high time” for companies to have a “maturity check” on modern technology along with their cybersecurity measures, an official from an engineering firm said on Thursday, Oct. 19.
“We need to prevent information (from) being stolen…we need experts, we need people who (know) about cybersecurity. It’s a necessity in every organization,” Ivan Dianga, sales director for Collabera Digital, said during the “Digital Transformation through Cybersecurity: Keeping Smart Cities, Energy, Insurance, Health, and Logistics Safe and Secure” event at the Department of Information and Communication Technology office in Diliman, Quezon City.
Dianga, a former information technology consultant at the Land Transportation Office (LTO), said the improvements are overdue, suggesting remedies to strengthen cybersecurity.
He cited the ISO/IEC 270001, the “world’s best-known standard for information security management systems (ISMS)” as one of the companies that adopt a holistic approach for information management, and can be certified by accredited registrars through the framework.
Should ISO/IEC 270001 be extensive, companies can follow the cybersecurity framework from the United States’ National Institute of Standards and Technology (NIST) under the Department of Commerce.
NIST’s framework provides ideal practices for companies to protect their data. Examples include equipment lists, data encryption and backup, and response measures including policy adjustments from cyberattacks.
Dianga also stressed the need for “understanding and awareness,” noting that companies should learn about daily processes, what their critical data are, and collection points that hackers can penetrate and steal data from.
Personally, Dianga recalled his firm losing about P200 million within two years as hackers attacked whenever they had a new product launch. “And if you’re not prepared, the attackers would be prepared for you,” he said.
“You have to be aware…everybody in the organization is a cybersecurity officer, not just the top management,” Dianga emphasized.
Company officials in attendance echoed Dianga’s call to improve cybersecurity measures. Noel Tordesillas, head of e-channel at Etiqa Life & General Assurance Philippines, said employee education is essential.
Even with modern technology, Tordesillas stressed “it would just sit there” if employees are not trained to use them. Company cultures should also include openness and non-resistance to change, he said.
Olivier Bariou, chief executive officer and founder of DOCONCHAIN, recommended investing in cybersecurity teams or programs. However, he also acknowledged high costs for the move.
Meanwhile, Arlene Martinez, president of MyKartero shipping, said companies should better understand cybersecurity measures. As part of the micro, small and medium-sized enterprise (MSME) industry, she hopes her peers can also understand and “embrace” cybersecurity for themselves.
Ruth Oquendo, vice president and general manager of Quick Loans Online, emphasized that companies should not solely focus on convenience and accessibility, but also on the security of their data or applications.
For his part, Aian Guanzon, head of business development for Global Dominion Financing Inc. (GDFI), had a call to action instead. He said the challenge now is to convince companies, especially in the finance industry, to embrace modern technology.
“And I think they need to realize that they have to fast track their digital transformation now…and we can all help in increasing the awareness to convince them and to join the journey,” Guanzon noted.
‘Collective learning’
In a side interview, Xendit Philippines chief operating officer Christian Reyes acknowledged the rise of cyberthreats as the country further goes digital.
As a “payment gateway” application, Martinez said Xendit Philippines shares potential vulnerabilities to their regulator in the Bangko Sentral ng Pilipinas (BSP), as well as peers in the financial technology (fintech) field.
He explained they would usually look for possible loopholes when someone transacts on their application.
“Parang mayroon kaming nahanap dito ‘no? Nakikita ng lahat (It’s like we disclose any vulnerabilities we find in our application, and all our peers can see that), and everyone can fortify their systems, their applications, para na-a-avoid ‘yung mga ganung (so everyone can avoid the same vulnerabilities),” Reyes told reporters.
With more customers going digital, he said sharing best practices also prevent large-scale data breaches. It also allows for customer education, he added.
“Because you don’t want a small number of compromised transactions to affect about 9.9 million of successful transactions that were able to help people. For example, offline borrowers, have now become online borrowers, Reyes said in a mix of English and Filipino, citing figures from payment gateway application Dragonpay.
Reyes acknowledged the national identification system as a “best practice.” He explained easily knowing customers, and having accessible government databases can aid in resolving vulnerabilities in the fintech industry at least.
Reyes said “increased banking penetration” as part of the formal banking system would also help ensure that official records and transactions will be easy to track.
“And when you have more transparency like that, it’s easier to open up, it’s easier to lend, it’s easier to give services and products to that person,” he added in English and Filipino.
