On October 30, 2024, I attended an event organized by the American Chamber of Commerce (AmCham) of the Philippines focused on cybersecurity awareness. The “Strengthening Cybersecurity in the Philippines: Best Practices, Emerging Threats, and Future-Proofing Strategies for IT Professionals” event featured several insightful speakers.
Speakers and Panelists
The speakers included Dr. Steve Cutler, Chief Executive Risk and Compliance Officer at Omnipay, Inc., and Tim Scyner, Senior Director for Security, Fraud, and Compliance at InTouchCX. The discussion panel featured Director Jose Carlo Reyes from the Department of Information and Communications Technology (DICT) Cyber Security Bureau and was moderated by Mark Lwin, Managing Director at Reed Elsevier Philippines.
Key Insights from Dr. Steve Cutler
Dr. Cutler began by discussing the dual nature of risk. While risk is often viewed negatively, he highlighted that it also represents an opportunity. He emphasized the need to identify risks and develop effective strategies to manage them, especially given the severe consequences of cybersecurity breaches today.
He then provided insights into the cybersecurity landscape in the Philippines. The country has moved from Tier 3 to Tier 2 in cybersecurity competitiveness, showing progress. However, the Philippines still lags behind other ASEAN countries, which are already in Tier 1. Dr. Cutler shared five key metrics used to measure the cybersecurity index:
- Cybersecurity Laws – Legislation remains pending in Congress.
- Technology – Despite significant internet access, many systems in both the government and private sectors are outdated.
- Training – There is a significant need for specialized training, and DICT is collaborating with international partners for skills development.
- International Cooperation – Strengthening partnerships through agencies such as DICT, the Armed Forces of the Philippines (AFP), and the Department of the Interior and Local Government (DILG) is a priority.
- Cybersecurity Plan Implementation – Under Executive Order 58, executive branches are mandated to implement the National Cybersecurity Plan (NSCP).
Dr. Cutler emphasized that future-proofing cybersecurity requires addressing processes, systems, and people. He highlighted the importance of collaboration, noting that informal leaders within organizations can play a powerful role.
Tim Scyner’s Experiences and Key Recommendations
Tim Scyner shared his firsthand experience managing multiple cyber breaches. He recounted a breach triggered by an employee clicking on a malicious link, which led to a global ransomware attack that affected multiple departments. This situation underscored the need for quick isolation and robust response strategies. Tim Scyner outlined three pillars for effective cybersecurity:
- Adaptability – Being prepared for potential failures in client systems and maintaining a contingency plan for every aspect of the supply chain.
- Responsiveness – Prioritizing and delegating response efforts across clients, customers, and employees.
- Transparency and Honesty – Ensuring clear communication and updates to build confidence among stakeholders.
Tim Scyner also noted the importance of real-time response metrics, such as resolution times, rather than focusing solely on traditional KPIs. He highlighted the need for flexibility in cybersecurity response plans, stressing that a rigid plan without real-world adaptability offers limited value.
Strategies for Enhanced Security
Both Dr. Cutler and Tim Scyner discussed best practices in cybersecurity frameworks. Firewalls remain essential; however, assessing whether current frameworks are functioning effectively is crucial. Regularly reviewing access controls is key, especially for high-level staff, such as C-level executives, who are often targeted by phishing schemes. Limiting privileged access can also reduce risks.
Insights from Director Jose Carlo Reyes of DICT’s Cyber Security Bureau
Director Jose Carlo Reyes of DICT’s Cyber Security Bureau shared updates on sector-based cybersecurity measures. These focus on critical areas such as energy, transportation, health, and banking. While these sectors typically manage their own risk assessments, DICT steps in on national security matters. Director Reyes highlighted the need for legislation to establish a critical information infrastructure protection act and a dedicated cybersecurity agency under DICT. This legislation may be introduced in the next congressional session.
DICT’s cybersecurity scope has grown beyond the traditional CIA triad (Confidentiality, Integrity, and Availability). It now includes non-repudiation, privacy, and safety. Director Reyes also noted ongoing partnerships with countries such as the U.S., U.K., Japan, Korea, Australia, and New Zealand. These partnerships support cybersecurity training and skills enhancement programs.
Looking Ahead: Strengthening Cybersecurity for the Future
The event highlighted ongoing cybersecurity challenges in the Philippines. These include outdated systems, legislative gaps, and a need for international cooperation. However, with expert insights and proactive strategies, IT professionals can better tackle emerging threats. This approach will help pave the way for a more secure digital future for the Philippines.
