Technological advances have changed the way we live, including the way we do our business. We do things online; we communicate, share assets, connect and analyze data, and even drive operations online. Our world is connected now than before.
But what if our businesses are targeted by criminals—individuals or groups who take advantage of innovation in technology? Cybercrime can happen at any time, from anywhere, and targeting anyone. No business is safe. User accounts can be compromised, intellectual property stolen, critical assets damaged, confidential data leaked, networks can be infiltrated and operations disrupted, which may lead to damage in brands and relationships that have taken years to build and maintain.
However, we do not have to face this problem alone. As cybercrime becomes a growing concern for Information Security professionals, as well as businesses in all industries, cybersecurity is now being recognized as a uniquely skilled profession. The ability to think both defense and offense is a mindset prevalent in a security professional. To know how to defend, one must know how to attack.
In the Philippines, we have already fallen victim to a cybercrime attack—the recent Bangladesh Bank heist—an eye-opener to the fact that we are very vulnerable to attacks. And why is that? Is it because we don’t have enough laws in place to condemn cybercrime in the Philippines, or that the existing laws do not have enough teeth for us to leverage on? Or is it because we do not have the capability to prevent cybercrime, given our current meager resources and skills? The answer is neither. The truth is that we were just being complacent and allowed cybercrime to enter our house without even locking the back door.
So how do we change this?
Early education is absolutely essential. Everyone makes a cyber decision, whether they are aware of it or not. Installing an application (or app as it is commonly known) on your phone, updating your laptop or computer, registering an account on a website are some examples of cyber decisions. As you make cyber decisions in your life, you run the risk of exposing your data and your life, making them less secure.
As such, building cybersecurity as a basic curriculum in education will allow the next generation to have a deeper understanding of cyber awareness. Computer programming is a vital skill in protecting digital security. Everyone has to be made aware of the implications of cybercrime. Start young, and start fresh. This will allow us to avoid being left even more in the digital race.
What about those in the current generation? The answer is simple. Training. In any organization, people are considered as the weakest link. Therefore, it is important that they are trained to understand and become vigilant on the signs of a harmful email, phishing scam and other malicious attacks. Having a comprehensive information security awareness program, which includes conducting a tailored information security awareness training, is the best way to reduce the probability of cybercrime incidents from happening as employees will be equipped with adequate knowledge to identify potential threats.
In addition, policies need to be well defined and communicated across the organization. The security policy acts as a defensive wall, which will make it harder for cybercrime to occur, provided that the measures are followed by everyone in the organization.
It is said that everything begins and ends with knowledge. The knowledge you obtain from education and training will never betray you. In the Philippines, cybercrime can still be foreseen in the near future. While it is not possible to obtain absolute security, obtaining reasonable security will suffice. Why should we make it easy for them? The harder it is for these cyber criminals to penetrate your defense, the longer the attack will take. And in turn, the likely it will be for us to prevent and detect cybercrime incidents from occurring.
But strengthening your defense and achieving reasonable security usually requires the organization to allocate huge investment in sophisticated/advanced tools and highly skilled security professional services, even while getting approval for such purpose is usually a challenge.
So the decision is up to you, “To protect or not to protect?” That is the ultimate question.
* * *
Rosell S. Gomez is a Risk Assurance Partner, Lead Partner for Global Technology Solutions/Chief Information Officer and Lead Partner for General Office Services of Isla Lipana & Co./PwC Philippines. Email your comments and questions to firstname.lastname@example.org. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.