Ransomware, a cybercrime that encrypts systems and locks their owners out until a ransom is paid, has resurfaced globally, and attacks on Philippine cyber firms are likely to increase.

Just last May, a ransomware attack affected a subsidiary of the French insurance company Axa, impacting operations in numerous Asian nations, including the Philippines.

It followed an attack on the US firm Colonial Pipeline that forced its network transporting gasoline, diesel and aviation fuel over much of the eastern half of the country to shut down.

Alarmed by the new round of cyber assaults, credit watchdogs Fitch Ratings and S&P Global Ratings issued warnings and recommendations to their rated firms on how to avoid becoming ransomware victims.

The resurgence of ransomware attacks, according to Fitch, demonstrates how cyber risk affects all industries.

"Ransomware attacks increased 485 percent in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Purple Sec," Fitch noted.

Citing data from Coveware, a company that compiles global ransomware and cyber extortion data, Fitch said the attacks that threaten to release stolen data are rising, with 77 percent of them in the first quarter of this year.

The average ransom paid during that quarter reached $220,298, up 43 percent from the fourth quarter of 2019.

Fitch warned that institutions with less advanced networks, security systems and information technology departments may be the most vulnerable to assault but that the downside risk potential for larger and more strategically important enterprises is higher.

For S&P, no financial institution is immune to adverse cyber incidents, and organizations that do not invest sufficiently in cyber security risk are being targeted repeatedly and successfully.

It said the key to cyber resilience is a risk management strategy before and after an attack.

"Financial institutions with clear mitigation plans, that develop and test playbooks, and define their post-attack crisis management are better positioned to control a cyber incident and minimize reputational damage," it noted.

More detections

Although it is critical to learn from prior attacks and build cyber-risk frameworks in real time, the proper identification and remediation of attacks takes primacy because threats will continue to evolve, S&P said.

According to an executive from the cybersecurity firm Kaspersky, the Philippines dropped to sixth place in 2020 from fourth place in 2019 in a ranking of countries with the most web threat detections.

"However, with the downgrade in the list, you'll notice that the number of detections increased. This shows an overall heightened increase in cybercriminal activities," Yeo Siang Tiong, Kaspersky general manager for Southeast Asia, said.

Web threat detections in the Philippines rose to 44,420,695 from 27,899,901 in 2019, according to a Kaspersky Security Network report.

In terms of ransomware, Yeo said from May 2019 to April 2021, attacks on 7,055 Filipino firms with Kaspersky-protected devices were detected and blocked.

During the period, 81,599 attacks on Kaspersky-protected users in the country were detected and blocked.

"This data shows that cybercriminals are continuously interested in the Philippines. What this tells us is that given our cybersecurity efforts, we cannot be complacent when it comes to cybersecurity," Yeo said.

"The overall increase in awareness and level of security among individual Internet users and businesses only mean that typical attacks will be more difficult to carry out," he added.

He also said the financial industry is a particularly lucrative target, regardless of location or season, because it is essentially the source of money.

Now that the Bangko Sentral ng Pilipinas has confirmed the significant increase in digital transactions, Yeo said the onus is on financial service providers and regulators to not only safeguard their virtual systems, but also to bolster their cyber defenses in order to better protect their consumers and businesses.

"From both cybersecurity and business standpoints, investments in threat intelligence are now a necessity. Cyberattacks happen every day. And attackers are now more skilled than ever that cyberthreats are constantly growing in frequency, complexity and stealthiness," Yeo said.

The best formula for creating a safer cyber environment includes the following elements: Continued cyber hygiene instruction at all levels; active collaboration between private sectors and the government to combat cyberattacks; and the use of the most current technology.

A former Department of Information and Communications Technology assistant secretary shared the same view, saying that an entity's detection capability must be improved if it is attractive to ransomware attacks.

"The problem for cyber security is poor detection. If you cannot detect, you cannot prevent. You must have the tool to detect. You must have the tool to educate your employees," Allan Cabanlong, the founder and chief executive officer of the nonprofit organization CyberGuardians, said.

Cabanlong urged companies to invest in detection equipment and cyber intelligence.

"You need information, and based on that statistic, you can predict the future. The approach for cybersecurity is not reactive, it should always be proactive," he said.