The Asia-Pacific (APAC) geography is expected to be the fastest-growing region of the world economy in 2024. After 4.5% economic growth in 2023, countries within APAC are set to hit 5% in 2024. As part of this economic growth, Forrester expects the region to outpace investment in technology compared to both North America and Europe.
But wherever increased technology investment goes, increased cyber risk follows. According to a recent report by IBM, APAC was the most attacked region in 2022. It suffered nearly a third (31%) of attacks globally.
In such a diverse region, it is important to recognise the idiosyncrasies of each country – especially when accounting for the cyber threats faced by businesses undergoing rapid growth.
The Filipino Threat Landscape
Comprising more than seven and a half thousand islands, the Republic of the Philippines has previously topped the world ranking of internet use. It has an incredibly high concentration of smartphone use. Filipino users have the highest daily average online consumption duration in the Southeast Asia region. The country is noted as a testing ground for m-commerce.
However, The Philippines is also no stranger to cybersecurity issues.
Risk advisory specialist Kroll characterises the Philippines as one of the most vulnerable countries in terms of cybersecurity threats. As far back as 2016, attacks on the website of the Philippine Commission on Elections (COMELEC) were followed by an online link to the entire database. In total, 340 gigabytes of the names, birthdays, home and email addresses, and even the parents’ full names of over fifty-five million registered voters were compromised.
Fast forward to April 2023, and more than eight hundred gigabytes of both applicant and employee records under multiple state agencies were compromised. Compromised agencies included the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF)
In September 2023, there was a breach and ransomware attack on the Philippine Health Insurance Corporation (PhilHealth). The incident saw the release of hospital billing, internal memos, and identification documents – as well as an ongoing investigation into the full extent of the leak.
Why is The Philippines such a target?
To understand why these institutions are so targeted, it is important to realise the Philippines’ geopolitical position. The Philippines is located in the South China Sea, a strategically important region that sees two-thirds of global container trade. The country also has remarkably close ties to the United States.
This makes The Philippines a key target for China as it continues to become a superpower. China is one of the two largest state sponsors of cyber-attacks. It has a history of targeting adversaries in the APAC region, including the Philippines. In addition, these same reasons make the Philippines a major target for North Korea.
The instability of the cybersecurity infrastructure within The Philippines leaves it open to a wide range of attacks from such a well-equipped set of opponents. Two strong themes have arisen in terms of the attacks:
- Ransomware: recent research conducted by IDC has shown that 56% of the surveyed organisations in the Philippines reported that ransomware attacks doubled in 2023 compared to 2022. Such attacks often target large industrial names in the region (such as Yamaha Philippines). It has recently led to the Filipino military creating a cyber command to deal specifically with this threat.
- Advanced Persistent Threats (APTs): APTs are defined as an ‘adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors.’ APTs accurately describe the sophisticated attacks that can be orchestrated by those supported by state-level sponsorship. This was seen most recently in the activities of the Mustang Panda group that led to a successful five-day compromise of the Philippine government.
APTs elevate the challenge faced by organisations when countering unknown threats. When an organisation hasn’t encountered a specific type of threat – usually because the attacker is using new methods or technologies – it has no way of protecting against it until that threat is activated. At this point, it is usually too late to stop a damaging attack.
The impact of the public and private sectors
With such sobering reading, organisations across the Philippines are right to focus on cybersecurity – especially those in the government sector, finance, and retail. These sectors all offer the allure of large amounts of personal data, often linked to financial information.
Across all sectors, Filipino organisations must develop a culture and capability of constant visibility based on the assumption that they will become a target.
Such vigilance is not simply a reaction to well-equipped enemies. The growth of the Internet of Things and the high smartphone use throughout the Philippines are exposing networks and technological infrastructures to ever-increasing threats.
This means that the speed to detection – and the associated speed to remediation – are now key fronts of the cyber battlefield.
Protection should not depend on previous knowledge to detect threats but instead focus on how the network data behaves. This has tremendous value in approaching the sophisticated nature of threats facing The Philippines. It addresses not just how cyber-attacks happen but how they progress to high-value targets across or on the network.
It is the detection of an anomaly – as opposed to a full-blown attack that may be the critical skill in Filipino organisations protecting themselves.
What Filipino organisations must do next
Considering these challenges, The Philippines must prioritise enhanced network security standards and cybersecurity practices across all sectors. Collaboration, information sharing, and investment are vital to mitigate ever-evolving cyber threats and ensure the nation’s digital resilience.
Leader in the detection of cyber threats, Gatewatcher has been protecting the critical networks of worldwide large companies and public institutions since 2015. Our Network Detection and Response (NDR) and Cyber Threats Intelligence (CTI) solutions, quickly detect and respond to any cyber-attacks. Thanks to AI converging with dynamic analysis techniques, Gatewatcher delivers a real-time 360-degree view of threats, covering both cloud and on-premise infrastructures.
