Cybersecurity seen as a ‘team sport’ that holds everyone responsible

CYBERSECURITY requires the broad involvement of top management, chief information security officers, and the entire workforce, networking company Cisco Systems, Inc. and other experts said at the BusinessWorld Virtual Economic Forum on Thursday.

“Cybersecurity is a team sport and everyone has a role to play and everyone is responsible for it,” Cisco Philippines Managing Director Zaza S. Nicart said during her presentation. “Organizations should prioritize a robust security posture that will help them have successful digitization efforts in 2022. Cybersecurity also should be at the core of the technology architecture, and with the right partner, any organization, regardless of size, can bolster security and build greater vigilance,” she added.

The Philippines ranked fourth in Kaspersky’s 2021 global league table of countries most targeted by web threats, pointing to heightened exposure for those working from home and largely beyond the protections afforded by corporate network security during the second year of the pandemic.

“If we do not address this, there will be more losses for organizations,” Ms. Nicart pointed out.

Archieval B. Tolentino, president of the Information Security Officers Group (ISOG), said that companies should be able to achieve a measure of cyber resilience by “detecting threats and recovering quickly.”

“How can we prevent these threats right now? The main thing that I can see is cybersecurity awareness because as the pandemic drove the shift to digital services, there was also an increase in cybercrimes against consumers,” he added.

Ramu Arivuvel, chief technology officer of Tonik, the first digital-only neobank in the Philippines, said cybersecurity must be a board priority.

“Traditional banks focus primarily on numbers and outcomes,” he said, adding that technology is “now the business.”

“That means when we touch digital touchpoints, moving away from physical touchpoints, cybersecurity becomes part of the business, meaning it should be a boardroom discussion item.”

At the same time, he said the most common problem for organizations is the cybersecurity budget.

“Most of us have limited budgets for cybersecurity, mainly because we cannot justify RoI (return on investment). So, we should bring cybersecurity to the board level. Second is implementing the proper cybersecurity upgrades, and third, it is not just a one-team responsibility. The entire organization has to work on it. It’s everybody’s concern.”

For micro-, small-, and medium-sized enterprises, ISOG’s Mr. Tolentino said: “Let’s go back to the basics. Implement multi-factor authentication on your accounts, because it reduces the likelihood of compromise by 99%.”

“Next is update your software regularly — your anti-virus, your operating system, and everything else that would make your endpoint secure.”

“Third, think before you click. That’s always being said and always being advertised because more than 90% of cyberattacks start with phishing e-mails. Last, use strong passwords,” Mr. Tolentino said.

Cisco’s Ms. Nicart said there are various ways to simplify security for organizations. “One of them is adopting different approaches like the zero-trust approach, which looks at security in three areas, so there’s the workforce, there’s the workload, and there’s the workplace.”

“This approach enables organizations, whether large or small, to address the full spectrum of vulnerabilities in identity applications and network threats,” she noted.

“There must be an end-to-end type of security once you get into a cloud-first or application-centric world.” — Arjay L. Balinbin