The Sorry State of Cybersecurity in the Philippines

By: Al Restar, Zero Day

The Philippines is in a sorry state of cybersecurity. There’s no need to sugarcoat any of that because the numbers don’t lie. In fact, the figures relating to how sad the state of cybersecurity in the country is so overwhelming, a reasonable person would suggest that we should stop using the internet altogether. But that’s impossible, who are we kidding.

In a recent report published by Arkose Lab, a cybersecurity firm, the Philippines is said to be the world’s single biggest attack originator for both automated and human-driven cyber attacks. This means that most of the cyber threats – phishing, malware smuggling, credential stuffing, social media account takeovers, etc. – were done in the Philippines. To put things into perspective, the Philippines ranks first while the United States ranks in a distant second. It is, however, unsure if the attacks are carried out by Filipinos or by foreigners residing in the country.

The same report also reveals that more than half of login attempts in social media are made by scammers and hackers; not to mention that a majority of new accounts created for social media are fraudulent and are used as vehicles for cyberattacks by criminal elements and malicious actors.

This revelation is independent from an earlier report from Kaspersky, an antivirus service provider, where the Philippines ranks fifth among countries with the highest number of detected online attacks. The report said that this is because Filipinos keep on visiting malicious and dangerous websites as they browse through the internet.

The report shows that reported nearly 7 million, or 37.4 percent, of Kaspersky users in the Philippines, have been attacked by malicious actors while browsing the internet. It is also worthy to note that this figure only includes those who have Kaspersky antivirus installed on their computers and mobile phones; the number could be much higher if those who don’t have antivirus features are also to be considered.

The Philippines joins the ranks of Algeria (44.1 percent), Nepal (43 percent), Albania (40.1 percent) and Djibouti (37.9 percent) in the top five countries with the most alarming state of cybersecurity in the world.

The fact the Filipinos are the biggest users of social media and the internet in the world does not help. According to the report published by London-based social media statistics firm, We Are Social; the Philippines once again tops other countries in the most number of social media users with 67 million people actively using social media.

Amid the fact that social media is a proficient source of information about almost anything, including cybersecurity, it still remains that Filipinos are apathetic about their own cybersecurity. One possible reason for the lack of cybersecurity literacy among Filipinos is the lack of understanding of the importance of cybersecurity and what the risks are if someone’s cyber persona is not secured.

With high hopes, the Department of Information and Communication Technology (DICT) has developed a cybersecurity plan to achieve by 2022. The DICT acknowledges its mandate to “ensure the rights of individuals to privacy and confidentiality of their personal information; ensure the security of critical ICT infrastructures including information assets of the government, individuals and businesses; and provide oversight over agencies governing and regulating the ICT sector and ensure consumer protection and welfare, data privacy and security, foster competition and the growth of the ICT sector.”

They said that one of their priorities is to ensure that the country is cyber secured in the national to the individual level. According to the National Cybersecurity Plan 2022, they  aim to achieve a nation “assuring the continuous operation of our nation’s critical infostructures, public and military networks, implementing cyber resilience measures to enhance our ability to respond to threats before, during and after attacks, effective coordination with law enforcement agencies and a cybersecurity educated society.”

However, there are still no concrete strategic courses of action that has been presented by the government agency on how they would achieve their goals. The mere fact that the agency is led by an ex-military officer and a swarm of lawyers who don’t have a single idea on how information and communication technology functions make this plan a pipe dream.

It is now in the hands of Filipinos to make sure that they themselves implement a cybersecurity plan for themselves. There are a lot of small things that everyone can do in order to protect their systems and their gadgets from cyberattacks. Ensuring that we have set strong passwords in our accounts, which we change every three months is the first step to protect ourselves from malicious actors. There is plenty of information online to help us secure ourselves from threat actors that surround us; we should leverage the power of technology to protect ourselves from those who exploit it against us.