THE NEXT BIG THING

Cybersecurity Is Not An Option

Cyber attacks are a growing global challenge, as hackers have become smarter, and more sophisticated. So how then can Philippine enterprises prepare themselves for cyber-threats before they even happen?


According to the 2017 Executive Opinion Survey, cyberattacks were ranked as the greatest concern for doing business in East Asia and the Pacific—and for good reason. A global cyber attack could cost an average of $53 billion in economic losses, and it’s most likely to balloon in the next 30 years, according to ePLDT’s Group Chief Information Security Officer Angel Redoble.


In the Philippines, the Commission on Election’s official website was hacked by a 23-year-old fresh graduate—a month before the 2016 elections—exposing over 70 million voters’ data on the world wide web.


“Hacking is not a tools-based job. You need the skills, and the mindset for it. It doesn’t matter how old you are. If you have the skills to hack through a system, you can,” says Redoble.


For a thorough discussion and exclusive look into the minds of cyber attackers, ePLDT invited the World’s Most Famous Hacker Kevin Mitnick—who gained notoriety in the 90s as one of FBI’s most wanted for hacking over 40 top US corporations—during The Hacker’s Code event in Shangri-La the Fort. "You can have the best technology, computers in the world, but if your users are fooled, then it’s game over," Mitnick said in his keynote speech.

PLDT's Security Operations Center provides the facilities, expertise, frameworks, and threat intelligence, giving visibility in advance into potential threats and real-time detection of attacks that could affect business-critical IT assets.

With the Philippines cementing its position as one of the fastest-growing economies in the world, the country is likewise touted to be a prime target for cyber-attacks, which is one of the main reasons why ePLDT—the digital services provider of the country’s leading telco—decided to launch their suite of cybersecurity solutions for safer, more technologically adept businesses.


“Local enterprises used to wait for cyber-threats to happen to them before they did something actionable, but that cannot be the case given that hackers have become smarter and more decisive. Cybersecurity is no longer optional, and shouldn’t be an afterthought. You cannot just react to an attack when it is already there,” emphasizes Redoble.


ePLDT’s cybersecurity model is hinged on a holistic proactive approach, which predicts, prevents, detects, and—if all else fails—responds to an attack, so that customers can truly focus on their core competencies.


Threat hunting is a huge part of ePLDT’s core services, falling under the predictive quadrant. “Our threat intelligence initiatives are expansive. We have guys who scour dark web for new exploits and malware 24/7. We likewise have reverse engineers who dissect malicious software, with the primary objective of informing clients of what is to come,” says Redoble.


“Once we receive a new threat—or what we call the indicator of compromise (IoC)— we imitate a cyberattack in your network and see how we can shut it down,” adds Redoble.

But what happens when an attacker is able to successfully get through what seemingly is an ironclad system? Can enterprises really prepare themselves for a cyber-breach?


“There is no such thing as absolute security. We have to recognize and prepare that there might come a time when a business will be compromised—and we are prepared to address that. We have a dedicated incident response team who understand traffic analysis, hacking, digital forensic investigation, and malware investigation. Only ePLDT has successfully hired and trained these individuals,” he says.


ePLDT Group’s SVP and Chief Operating Officer Nerisse Ramos adds, “It is critical that we are ready and we accept that no company or individual is 100% safe from any breach. Thus, as business leaders and protectors of your organizations, you can no longer afford to be ill-prepared in today’s world. Preparedness means being ready before, during and after an attack.”

"Cybersecurity is no longer optional, and shouldn't be an afterthought. You cannot just react to an attack when it is already there," said Redoble.

“Companies are no longer hesitant to invest heavily in technologies to address cyber-attacks, because cyber-expenditures have gone up since 2009. I think the question now is: Is the technology working for them?” Redoble adds.


Helping build a more cyber-aware Philippines that’s poised and ready to take on the challenges of a highly seismic technological landscape is really the thrust of ePLDT’s core services. At the center of it, the digital services arm hopes to enrich and enable as many enterprises as possible, so that they can get ahead of the curve and prepare themselves to thwart a cyber-breach and ensure business continuity.