The Market Monitor Minding the Nation's Business
By Lito U. Gagni
Cybersecurity firm FireEye, which has been hired to investigate the $81-million heist against the Bangladesh Bank, has expressed fears that Philippine firms are “twice as likely to face advanced cyberattacks than the worldwide average,” due to its outmoded cybersecurity platforms.
The company said an analysis of the Philippines’s capability showed that it was 30 percent likely to be a victim of a cyberattack, which is twice the worldwide average of 15 percent.
Southeast Asia and the Asia-Pacific region are vulnerable by up to 27 percent, the officials said, as they sounded the alarm that the country’s cybersecurity defenses were “legacy ones,” or outmoded, which could encourage cybercriminals to attack the Philippines banking system.
In a media briefing at the Edsa Shangri-la Hotel in Mandaluyong City, FireEye officials, led by Eric Hoh, president of Asia-Pacific Japan, said there were at least three advanced persistent threat groups targeting organizations in the Philippines, including banking institutions, government entities, and other sensitive agencies.
Hoh said cybercriminals have advanced so well in their craft that the name of the game in cybersecurity has dramatically changed from one of prevention to determining what data were compromised.
He said the hacking, for instance, of the database of the Commission on Elections (Comelec) could prove disastrous, as the cybercriminals get into gear in what he said were “social engineering” aspects of cybercriminals.
Social engineering, in effect, means that cybercriminals who obtained part of a person’s data could discover other information about that compromised data before an attack could be launched could wipe out that person’s bank account.
Cybersecurity is no longer just about building firewalls, whereby organizations could just lengthen the height of those walls, so that cybercriminals could not penetrate the companies’ cyberdefenses.
Now, cybercriminals could introduce malware to a target’s own desktop computer and later on proceed to execute its cyberintent, say, of taking out the company’s cash, after a number of days.
FireEye said the company has discovered that malware could be introduced in an organization for up to 145 days undetected.
The Bangladesh cyberheist comes to mind, according to officials, as the receiving bank accounts were inactive until the instructions for a total of $81 milllion were processed.
FireEye officials said they were not at liberty to disclose their preliminary findings, although they observed that the “Philippines’s cybersecurity gap is an urgent economic and national security concern.”
“As geopolitical tensions drive rapid militarization in the South China Sea (West Philippine Sea), it’s important that we acknowledge that the first shots in any conflict will be fired in cyberspace, “ Hoh said.