PHILIPPINE cloud services pioneer and IT security expert IP Converge Data Services Inc. (IPC) urged financial institutions to strengthen their security systems against widespread cyber attacks on both the local and worldwide banking systems.
In a statement, IPC said banks and other financial institutions’ data security measures are not enough, pointing out that even the most secure institutions are not exempt from the alarming increase of crimes perpetrated online.
The company issued the statement amid the ongoing case of the $81 million stolen funds from Bangladesh Bank’s US Federal Reserve Bank account in New York, which was coursed through the Philippines’ Rizal Commercial Banking Corp. (RCBC) Jupiter branch.
“This is a reality that has caused the loss of significant revenue for many businesses. The global recorded cost of cyber attacks is at $400- to $500-billion dollars per year roughly fifty percent of which is from DDoS [Distributed Denial of Service] attacks,” IPC President Rene Huergas said.
Huergas said companies are likely to lose more if businesses do not act to improve data and network security, adding that many financial institutions in particular are still inadequate in terms of system and network security layers for protection from cyber attacks.
“This poses an even greater danger to both the customer as well as the institution. As data and network security is a commodity in this day and age, now is the best time to recognize that the threats are real and can make businesses vulnerable and susceptible to attacks.
Banks and financial institutions are the most susceptible to this kind of attack,” Huergas said.
The IPC described a growing trend in which several hackers work together to carry out DDoS attacks that compromises multiple systems all at the same time, citing a recent event in which a number of Iranian hackers worked on weekly DDoS attacks on US banks, flooding their servers with illegitimate traffic that slowed websites down and caused millions in lost business.
“Perpetrators have been launching DDoS attacks to mask the other ways by which they compromise systems. Financial institutions, especially those with online transactions (e-payments, online banking), must remain vigilant against these threats or they’ll easily lose their client’s trust and consequently, their business,” said Niño Valmonte, IPC director for Product Management and Marketing.
Other than DDoS attacks, other kinds of cyber attacks being encountered on a widespread scale are malwares, phishing, password attacks, MITM (Man-in-the-middle), Drive-by downloads, malvertising, and rogue software.
According to a report released by global cybersecurity giant Symantec Corp., the Philippines ranks 20th worldwide and third in Asia Pacific for social media scams, and 7th in Asia Pacific for ransomware attacks with an average of 17 attacks per day, which IPC said was a clear indication of the country’s vulnerability to cyber attacks.
The IT systems specialist said the growth of cyber attacks poses an imminent threat to the banking sector, with about 22 million people using electronic banking services and channels in the country.
IPC said this market continues to grow each year, translating to gigantic amount of data that is at risk.
“Cyber attacks have been growing in size and becoming more and more complex. While they can’t be scrapped entirely, employing security features and updating them every once in a while will help ensure that disruptions to business processes are at a minimum,” Valmonte said.
Through its ThinkOutCloud initiatives, IPC has been educating enterprises, institutions and individuals about the threats to information stored online.
At the most basic level, the IT systems specialist said businesses and the public should install updated anti-virus protection and firewalls in personal computers and mobile devices, as well as utilize Secure Socket Layer (SSL) encryption and cookies to ensure the security of connections.
“But it doesn’t stop there. Depending on the needs of the institution, additional security measures have to be in place. It is also as important to regularly review and assess whether these security measures are being implemented and are functioning well,” Valmonte said.
IPC said businesses can partner with IT security systems experts to secure assessments in all areas of data and network security.
“IPC has been in the business of security for over ten years, it is the de facto security provider for a majority of companies nationwide. Financial institutions should rethink their data security measures if they would like to ensure that their data and networks are safe from the imminent threats and attacks looming,” Huergas said.
“Because we are in the business of data centers, security is in our DNA. It is something that we take seriously on a day-to-day basis. All companies—big and small—can be the subjects of attacks. The only way we can eventually destroy these threats is if we adopt a defensive mindset,” he added.
IPC is a wholly-owned subsidiary of ePLDT Inc., the information and communications technology (ICT) arm of the Philippine Long Distance Telephone Company (PLDT). It is an internet data center, telecommunications and cloud services company, providing local and regional enterprises with managed data services and business solutions compliant with international standards.