According to National Computer Emergency Response Team (NCERT) of the Department of Information and communications Technology (DICT), there are 386 reported cyber incidents for 20201. This includes Data Leak, Email/Web Phishing, Financial Hacking, Cyberattacks, Identity Theft, and Ransomware. To visualize the frequency of this count, we may think of it as: at least one (1) cyber incident per day last 2020. But we should take note that this number corresponds only to the reported cases which means that the number of incidents could have been higher since there might be cases that were undetected and/or unreported.
These data breaches and cyber attacks are not only happening in the Philippines but also in our neighboring countries here in Southeast Asia. The following are a few of the major cyber incidents from an article5 in CSOonline.com:
- Government vendor attack in Singapore last December 2019 – a third-party vendor of the government experienced a series of email phishing activities directed towards its employees. The affected system contains personal information of Ministry of Defence and Singapore Armed Forces5.
- Unauthorized access in Toyota subsidiaries in Thailand and Vietnam last March 2019 – the company released a statement through its company websites in the respective countries that there might be a possible breach of its customer data. However, no additional details as to the attacker or specific personal data that were breached have been given5.
- Health data breach in Singapore last January 2019 – confidential information of people with HIV have been leaked online. The attacker has been identified and convicted5.
These are just a few of the examples of cyber attacks in Southeast Asia, and according to a report from INTERPOL last January 2021, “cybercrime’s upward trend is set to rise exponentially, with highly organized cybercriminals sharing resources and expertise to their advantage”6. And in today’s world, where the pandemic has accelerated the pace of digital adoption, the risk of getting involved in a cyber incident has also increased. Businesses were forced by the pandemic to adopt e-commerce and blended work setup to continue operation, and in a time where there is a high threat to the survivability of a business, cybersecurity could easily slip out of mind and be deprioritized. This possibility is being exploited by cyber criminals who, along with the fast pace of technology development, have also become increasingly cunning in accomplishing their malicious agenda.
Therefore, it is important for businesses, no matter the size, to have a framework to follow in order to minimize their exposure to cybersecurity risk. The following is a helpful guide from the National Institute of Standards and Technology (NIST) of America.
The Cybersecurity Framework
Before proceeding to the framework, it is good to emphasize the note of NIST that this framework is not meant to be a one-size-fits-all approach because of the reality that different industries and different organizations will have their own unique cybersecurity threats. This is just a starting point where the company can develop its own set of policies and guidelines. For organizations with established risk management practices, this framework can be a supplement to its existing programs2.
The core of the framework is composed of five (5) functions which aim to organize basic cybersecurity activities at their highest level. These are Identify, Protect, Detect, Respond, and Recover. These functions are meant to be performed concurrently and continuously and not in a series because cybersecurity should be dynamic and evolving as the threats are also changing and developing2.
- Identify. It is important to understand the organizational context to manage cybersecurity. Included here are the systems and infrastructures being used in the company, the assets (both physical and digital), data being generated, and the people (internal and external) who have access to these data, assets, and systems. This information will serve as the foundation of the framework and of the security activities that will be put in place2.
- Protect. This function refers to the development and implementation of appropriate security protocols which include access control, training and awareness, data security, maintenance, and protective technology. This is important since this will determine the possibility of infiltration of a cybersecurity threat. If the security protocols are loose, then cyber-criminals will be able to easily infiltrate the company. Not only a strong cybersecurity protocol will make it hard to be infiltrated, but it will also become a deterrent for criminals to target the company in the first place2.
- Detect. Aside from having a strong security protocol, it is essential for the organization to develop the ability to monitor and identify cybersecurity threat as early as possible because the timing of detection spells the severity of the attack. If an attack is discovered late, chances are that the criminal is already able to get confidential data or create a lot of damage which may mean huge losses for the company2.
- Respond. Once cybersecurity threat is detected, it is equally important to develop the necessary activities to resolve the threat and mitigate its effects. This function may involve communication to the concerned parties, investigation and analysis of the threat, and mitigation. The time it takes to respond is crucial since one of the main goals of an organization is to keep the business running or to restore operations, in case of shutdown2.
- Recover. A function that goes together with response is recovery since right after the threat has been resolved, there is a need to restore not only the affected assets and data but also the company’s reputation. This may include further communication to concerned parties and installation of processes and systems based on the lessons learned from the threat2.
If you would like to know more about the NIST Cybersecurity Framework, you may visit this link.
Tips for Businesses especially SMEs
It is important that a business or organization has a policy or guidelines in place regarding cybersecurity because cyber criminals target companies no matter the size or location. The following are some basic steps4 from Federal Trade Commission (FTC) of America that businesses, especially the SMEs, may follow:
- Protect your files and devices. It is important that your devices are protected both physically and virtually. Physical protection includes safeguarding the devices in their location and limiting the persons who have access to them. Virtual protection includes setting passwords and encryption4.
- Protect your wireless network. In this modern age where wireless connection is becoming a norm, it is important that routers and Wi-Fi connections have passwords to limit the people who can connect4. For work from home setup, Virtual Private Network (VPN) is an option to ensure that remote connection is secured.
- Make smart security your business as usual. Not only should policies and guidelines be created, but also, they should be communicated to all levels of the organization. Employees play a crucial part in ensuring that the organization and its assets are safe from cyber criminals4.
It will be helpful as well to conduct Vulnerability Assessment and Penetration Testing (VAPT) to provide resolutions to weaknesses in the system that might become entry points to cyber attackers. Vulnerability Assessment (VA) is used to identify the flaws in the system through a combination of automated and manual scans. However, in this approach, the severity of damage that may happen in the system given each vulnerability cannot be known. Therefore, Penetration Testing (PT) is being employed. PT is an approach wherein vulnerabilities are being exploited to simulate a real cyber attack and determine the robustness of the system. It is recommended to conduct VAPT on a regular basis to keep the system in check7.
We at Trinity hope that the article above will be helpful for you and your company in the fight against cybercrime. This is why, apart from standard insurance products, we are also offering specialty insurance lines; one of which is Cybercrime Insurance.
Cybercrime Insurance is a protection for liability arising out of unauthorized use of, or unauthorized access to, electronic data or software within your network or business. This insurance will provide protection against claims due to breach of confidential customers’ information and will provide expenses for legal advice in connection with an investigation by the Data Protection Authority.
https://trinity-insures.com/collections/general-insurance/products/cybercrime-and-insurance
Sources:
- https://www.ncert.gov.ph/
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
- https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/nist-framework
- https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/basics
- https://www.csoonline.com/article/3532816/the-biggest-data-breaches-in-southeast-asia.html
- https://www.interpol.int/News-and-Events/News/2021/INTERPOL-report-charts-top-cyberthreats-in-Southeast-Asia
- https://www.csa.gov.sg/gosafeonline/go-safe-for-business/smes/vulnerability-assessment-and-penetration-testing