Cybersecurity threats to cost organizations in the Philippines US$3.5 billion in economic losses
A Frost & Sullivan study commissioned by Microsoft revealed thatthe potential
economic loss in the Philippinesdue to
cybersecurity incidentscan hit a
staggeringUS$3.5billion. This is 1.1
percent of the Philippines’total GDP of US$305 billion[1].
The study,
titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific:
Securing the Modern Enterprise in a Digital World”, aims to provide business
and IT decision makers with insights on the economic cost of cybersecurity breaches
in the region and identify thegaps in organizations’ cybersecurity strategies.
The study involved a survey of 1,300 business and IT decision makersranging from
mid-sized organizations (250 to 499 employees) to large-sized organizations(>than
500 employees).
The study reveals
thatmore than half of the organizationssurveyed in the Philippines have either
experienced a cybersecurity incident (18%) or are not sure if they had one as
they have not performed proper forensics or data breach assessment (34%).
“As
companies embrace the opportunities presented by cloud and mobile computing to
connect with customers and optimize operations, they take on new risks,” said Hans
Bayaborda, Managing Director, Microsoft Philippines.“With traditional IT
boundaries disappearing the adversaries now have many new targets to attack.
Companies face the risk of significant financialloss, damage to customer
satisfaction and market reputation—as has been made all too clear by recent
high-profile breaches.”
The True Cost of Cybersecurity Incidents
– Economic, Opportunity and Job Losses
The study revealed that:
A large-sized organization in the Philippines can
possibly incur an economic loss of US$7.5million,
more than 200timeshigher than the average economic loss for a mid-sized
organization (US$35,000); and
Cybersecurity
attacks have resulted in job losses across different functions in seven in ten
(72%) organizations that have experienced an incident over the last 12 months.
To
calculate the cost of cybercrime, Frost & Sullivan has created an economic
loss model based on macro-economic data and insights shared by the survey
respondents. This modelfactors in three kinds of losses which could be incurred
due to a cybersecurity breach:
Direct: Financial
losses associated with a cybersecurity incident - this includes loss of
productivity, fines, remediation cost, etc;
Indirect:The
opportunity cost to the organization such as customer churn due to reputation
loss; and
Induced: The impact
of cyber breach to the broader ecosystem and economy, such as the decrease in
consumer and enterprise spending.
“Although
the direct losses from
cybersecurity breaches are most visible, they are but just the tip of the
iceberg,” said Edison Yu, Vice President and Asia Pacific Head of Enterprise
for Frost & Sullivan.“There are many other hidden losses that we
have to consider from both the indirect and induced perspectives, and the
economic loss for organizations suffering from cybersecurity attacks can be
often underestimated.”
In addition
to financial losses, cybersecurity incidents are also underminingthe
Philippines organizations’ ability to capture future opportunities in today’s
digital economy, with more than half(57%) respondents stating that their
enterprise has put off digital transformation efforts due to the fear of cyber-risks.
Key Cyberthreats and Gaps in the
Philippines Organizations’ Cybersecurity Strategies
Although
high-profile cyberattacks, such as ransomware, have been garnering a lot of
attention from enterprises, the study found that for organizations in the
Philippines that have encountered cybersecurity incidents, data exfiltrationand data corruptionarethe biggest concern
as they have the highest impact with the slowest recovery time.
Besides external threats, the research also revealed key gaps in organizations’
cybersecurity approach to protect their digital estate:
Security an afterthought:Only44% oforganizations consider
cybersecurity before the start of a digital transformation project. Majority of respondents (56%)either
think about cybersecurity only after they start on the project or do not
consider it at all. This limits their
ability to conceptualize and deliver a“secure-by-design” project, potentially
leading to insecure products going out into the market;
Creating a Complex Environment:Negating the popular belief that deploying a large
portfolio of cybersecurity solutions will render stronger protection, the
survey revealed that 17% of respondents with more than 50 cybersecurity
solutions could recover from cyberattacks within an hour. In contrast, more
than twice as many respondents (38%) with fewer than 10 cybersecurity solutions
responded that they can recover from cyberattacks within an hour; and
Lacking cybersecurity strategy:While more and more organizations are considering digital
transformation to gain competitive advantage, the study has shown that46% of
respondents see cybersecurity strategy only as a means to safeguard the
organization against cyberattacks rather than a strategic business enabler. A
mere 25% of organizations see cybersecurity strategy as a digital
transformation enabler.
“The ever-changing
threat environment is challenging, but there are ways to be more effective
using the right blend of modern technology, strategy, and expertise,” added
Hans. “Microsoft is empoweringbusinesses
in the Philippines to take advantage of digital
transformation by enabling them to embrace the technology that’s available to
them, securely through its secure platform of products and services, combined
with unique intelligence and broad industry partnerships.”
In a digital world where cyberthreats are constantly
evolving and attack surface is rapidly expanding, AI is becoming a potent
opponent against cyberattacks as it can detect and act on threat vectors based
on data insights. The study reveals that more than almost four in five (79%)organizations
in the Philippines have either adopted or are looking to adopt an AI approach
towards boosting cybersecurity.
AI’s ability to rapidly analyze and respond to
unprecedented quantities of data is becoming indispensablein a world where
cyberattacks’ frequency, scale and sophistication continue to increase.
AnAI-driven cybersecurity architecture will be more
intelligent and be equipped with predictive abilities to allow organizations to
fix or strengthen their security posture before problems emerge. It will also
grant companies with the capabilities to accomplish tasks, such as identifying
cyberattacks, removal of persistent threats and fixing bugs, faster than any
human could, making it an increasingly vital element of any organizations’
cybersecurity strategy.
Recommendations for securing the modern
enterprise in a digital world
AI is but
one of the many aspects that organizations need to incorporate or adhere to in
order to maintain a robust cybersecurity posture. For a cybersecurity practice
to be successful, organizations need to consider People, Process and
Technology, and how each of these contributes to the overall security posture
of the organization.
To help
organizations better withstand and respond to cyberattacks and malware
infections, here are five best practices that they can consider in improving
their defense against cybersecurity threats:
Position cybersecurity as a digital transformation
enabler: Disconnect between cybersecurity practices and
digital transformation effort creates a lot of frustration for the employees.
Cybersecurity is a requirement for digital transformation to guide and keep the
company safe through its journey. Conversely, digital transformation presents
an opportunity for cybersecurity practices to abandon aging practices to
embrace new methods of addressing today’s risks;
Continue to invest in strengthening your security
fundamentals: Over 90% of cyber incidents can be averted by
maintaining the most basic best practices. Maintaining strong passwords,
conditional use of multi-factor authentication against suspicious
authentications, keeping device operating systems, software and anti-malware
protection up-to-date and genuine can rapidly raise the bar against
cyberattacks. This should include not just tool-sets but also training and
policies to support a stronger fundamental;
Maximize skills and tools by leveraging integrated
best-of-suite tools. The best tools are useless in the hands of the
amateur. Reduce the number of tools and the complexity of your security
operations to allow your operators to hone their proficiency with the available
tools. Prioritizing best-of-suite tools is a great way to maximize your risk
coverage without the risk of introducing too many tools and complexity to the
environment. This is especially true if tools within the suite are
well-integrated to take advantage of their counterparts;
Assessment, review and continuous compliance: The organization
should be in a continuous state of compliance. Assessments and reviews should
be conducted regularly to test for potential gaps that may occur as the
organization is rapidly transforming and address these gaps. The board should
keep tab on not just compliance to industry regulations but also how the
organization is progressing against security best practices; and
Leverage AI and automation to increase capabilities
and capacity: With security capabilities in short supply,
organizations need to look to automation and AI to improve the capabilities and
capacity of their security operations. Current advancements in AI has shown a
lot of promise, not just in raising detections that would otherwise be missed
but also in reasoning over how the various data signals should be interpreted
with recommended actions. Such systems have seen great success in cloud
implementations where huge volumes of data can be processed rapidly.
Ultimately, leveraging automation and AI can free up cybersecurity talents to
focus on higher-level activities.
For more information on the study, please visit:
To better understand the cyberthreats happening
globally and in Asia Pacific, please download the Microsoft Security
Intelligence Report Volume 23 here: https://info.microsoft.com/ww-landing-Security-Intelligence-Report-Vol-23-Landing-Page-eBook.html
Footnote:
[1] World Bank’s Asia Pacific GDP information: https://data.worldbank.org/indicator/NY.GDP.MKTP.CD
0 comments