(SDN) — AN executive of tech titan IBM has cited the Philippines for its initiative in driving awareness of cybersecurity risks and compliance.
MALCOLM Rowe, leader of IBM Security Software and Services in the Association of Southeast Asian Nations (ASEAN), met with a select number of reporters for a Media Roundtable in Makati City. He discussed the American company’s findings from its 4th yearly study on “The 2019 Cyber Resilient Organization: Southeast Asia” carried out by Ponemon Institute and sponsored by IBM Resilient.
IBM’s Malcolm Rowe.
He did not mention it specifically, but the IBM executive could be referring to the government’s forward-looking stance in cybersecurity management and protection.
At the head of this initiative is the Department of Information and Communications Technology (DICT).
On May 2, 2017, the DICT then under its first head, former secretary Rodolfo Salalima, launched the National Cybersecurity Plan 2022 crafted to protect the country’s critical information infrastructure (CII), government networks, small and medium enterprises (SMEs), big business, and every single citizen from cyber threats.
Under its current head, Acting Secretary Eliseo M. Rio, Jr., the DICT unveiled on January 16, 2019 the Cybersecurity Management System Project (CMSP) designed to fortify the country’s cyber resiliency initiative as well as partnered with Cisco for stronger cybersecurity.
The DICT said the CMSP serves as the “government’s national platform for intelligence sharing and comprehensively monitor threats and defend the country’s cyber infostructure (CII) from cyberattacks.”
In the private sector, Rowe commended two of the country’s industries.
“I think in the Philippines there are two significant industries that are important and are also big investors in cybersecurity investments, services activities.”
He named them as the BPO (business process outsourcing) industry and the gaming industry.
Why so?
It’s because the BPO industry is a global business and big business…(with) significant contributions to Philippine business, he pointed out.
“It’s a critical global industry and it’s highly vulnerable…because it’s 24/7, depends on the internet, huge amounts of ventures, not just a small business, so it has invested significantly in cybersecurity services, cybersecurity software and continues to do so.
“Secondly, gaming, because gaming is actually an object of attack, for ransomware, for exploitation, or just pure attack.”
Rowe noted that the industries are already good investors in preparedness, cybersecurity, response, protection and recovery.
The IBM executive credited the Philippine government for the industries’ compliance.
Meanwhile, here some of the findings of the study as transmitted by IBM to reporters:
- Lack of a Consistent Plan — 77% of respondents say they don’t have a CSIRP applied consistently across the enterprise.
- Failing to Test — of the organizations that do have a plan in place, more than half (54%) do not test their plans regularly (or at all) to ensure they hold up and that they are prepared for their worst day.
- GDPR Anniversary — Nearly half of respondents (46%) say their organization has yet to realize full compliance with GDPR, even as the one-year anniversary of the legislation quickly approaches. (GDPR is General Data Protection Regulation of the European Union.)
- Skills Still Not Paying the Bills – only 30% of respondents reported that their cybersecurity staffing is sufficient to achieve a high level of cyber resilience.
On May 25 the GDPR will mark its one year anniversary, but as the Ponemon Institute and IBM Resilient study shows, not very organization is on board yet. And it may meet some consequences.
“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress-tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program,” said Ted Julian, VP of Product Management and co-founder, IBM Resilient.
“When proper planning is paired with investments in automation, we see companies able to save millions of dollars during a breach.”
Organizations may learn some more lessons from the study with these takeaways:
Automation in Response Still Emerging – less than one quarter of the respondents said their organization significantly uses automation technologies, such as identity management and authentication, incident response platforms and security information and event management (SIEM) tools, in their response process.
Privacy and Cybersecurity Tied at Hip – 62% of respondents indicated that aligning privacy and cybersecurity roles is essential or very important to achieving cyber resilience within their organizations.
IBM said the latest study for the first measured the impact of automation on cyber resilience, taking automation to mean “enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breachers.”
They depend on artificial intelligence (AI), machine learning (ML), analytics and orchestration.
In relation with this, the global study polled over 3,600 security and IT professionals from around the world.
Here’s there response about automation in their respective organizations, per IBM’s narration:
“When asked if their organization leveraged automation, only 23% said they were significant users, whereas 77% reported their organizations only use automation moderately, insignificantly or not at all.
“Organizations with the extensive use of automation rate their ability to prevent (69% vs. 53%), detect (76% vs. 53%), respond (68% vs. 53%) and contain (74% vs. 49%) a cyberattack as higher than the overall sample of respondents.”
Respondents came from the United States, Canada, United Kingdom, France, Germany, Brazil, Australia, Middle East and Asia Pacific. (SDN)