Connect with us

Hi, what are you looking for?

HEADLINES

Phl’s board level executives assume they’ll never be attacked despite rising ransomware incidents – Sophos

Only 47 % of Philippines companies surveyed believe their board truly understands cybersecurity.  In addition, the top frustration expressed by Philippine cybersecurity professionals is that cybersecurity is frequently relegated in priority.    

Sophos, a global player in next-generation cybersecurity, announced the findings of the third edition of its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA). The study reveals a lack of boardroom awareness of cybersecurity, and a broad assumption from executives that their company will never get attacked, despite rising ransomware incidences, impact and cost.

Cybersecurity education is an issue, and it starts at the top

Despite cybersecurity expenditure and self-assessed maturity increasing in Asia Pacific and Japan (APJ) organizations over the past 12 months, only 47 % of Philippines companies surveyed believe their board truly understands cybersecurity.  In addition, the top frustration expressed by Philippine cybersecurity professionals is that cybersecurity is frequently relegated in priority.    

Eighty-nine per cent of respondents from the Philippines also believe cybersecurity vendors do not provide them with the information they need to help educate executives, and 95 % of Philippine companies agree their biggest security challenge in the next 24 months will be the awareness and education of employees and leadership.

The top two attack vectors of concern for APJ organizations are directly addressable by ongoing education and awareness campaigns: phishing or whaling attacks, and weak or compromised employee credentials.

Advertisement. Scroll to continue reading.

“With ransomware attacks continuing to become more complex, organizations need a genuine, actionable cybersecurity education program. The current reactionary tendencies we’re seeing have created an ‘attack, change, attack, change …’ cycle regarding cybersecurity strategies, which is putting cybersecurity teams constantly on the backfoot. Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organizations,” Aaron Bugal, global solutions engineer, APJ, at Sophos.

The skills shortage continues to wreak havoc

The skills shortage continues to be a key focus area in organizations across the region. Sixty-two per cent of Philippines firms surveyed expect to have some problems with recruiting cybersecurity employees over the coming 24 months; 31 % expect to face a major challenge.

With recruiting continuing to pose issues, companies have identified the priority areas they feel skills and capabilities need to be increased for internal security specialists. These include:

  • Cloud security policies and architecture
  • ‘Train the trainer’ employee and executive cybersecurity training skills
  • Software vulnerability testing
  • Staying up to date with the latest threats
  • Policy compliance and reporting

Cybersecurity professionals’ top frustrations

The survey also highlights that cybersecurity professionals face a variety of challenges and frustrations in their roles, most of which are related to awareness, perception, messaging, and education. The top three frustrations across the Philippines are:

Advertisement. Scroll to continue reading.
  1. Cybersecurity is frequently relegated in priority
  2. Executives assume cybersecurity is easy and cybersecurity professionals over-exaggerate threats and issues
  3. Executives assume their company will never get attacked

Additional frustrations experienced by cybersecurity professionals across the region include:

  • Executives thinking there is nothing that can be done to stop attacks
  • Inability to keep up with pace of security threats
  • Not enough investment and time into training general staff

“Cybersecurity professionals continue to face many frustrations in their roles this year, with many feeling their warnings and messages fall on deaf ears. Apart from lacking skilled security specialists, many of the other frustrations are directly addressable through education and awareness programs, starting at the executive and board level. The challenge for cybersecurity professionals faced with low levels of security understanding among company boards is that many are unlikely to invest in the necessary programs to alleviate these frustrations,” said Bugal.

“The issue isn’t technology, it’s education. Increasing spend on cybersecurity won’t help unless organizations understand from the top down the true nature and critical threat that cyberattacks constitute to their organizational capabilities, their customers and their own existence.”

Cybersecurity education must become a focus. The following is a five-step approach to help bring organisations up to speed on cybersecurity education:

  1. Boards need help to understand it’s impossible to protect everything, and learn to prioritize the most critical information, data and systems to protect.
  2. Education courses on basic principles, genuine likelihood of an attack, attack vectors, threat actors, and other terminology should be available to all staff.
  3. Once basics are clearly defined, organizations need to develop strategy and integrate with digital transformation programs.
  4. The focus then becomes more operational in nature: applying legislation, breach response protocol, ransom payment policy, gap assessments, and future roles and obligations.
  5. Businesses need to clearly understand compliance, the regulatory environment under which the business operates, what’s legally required when breached and what are the appropriate controls around data security and management.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

HEADLINES

This development marks a major step forward in Globe's long-standing #PlayItRight advocacy to help promote and protect the country’s ₱1.6-trillion creative industry from the...

HEADLINES

Spoofing is a technique where fraudsters impersonate SMS channels to deceive recipients. The practice has seen a marked rise, especially in Metro Manila, with...

Advertisement