MANILA -The Securities and Exchange Commission (SEC) is stepping up cybersecurity efforts to raise its defense capabilities against a growing number of attacks against state agencies.
This includes the establishment of a dedicated cybersecurity division as well as skills upgrades for cybersecurity personnel, officials said in a recent interview.
“We are the repository of data and we put a lot of value on the data that we have,” SEC Chair Emilio B. Aquino said.
Oliver Chato, SEC director for their information and communications technology division, added there was a need for SEC to further strengthen their cybersecurity capabilities.
“Definitely there is a need to step up considering the recent state of events and incidents,” he said.
For example, the corporate regulator’s cybersecurity division allows them to “keep up and address [threats] with more focus”.
Attacks against government institutions are on the rise as shown by recent data breaches at the Philippine Health Insurance Corp., law enforcement agencies such as the Philippine National Police and National Bureau of Investigation; the Philippine Statistics Authority; and House of Representatives.
READ: Senate urged to probe ‘troubling’ hacking pattern
Last week, the Department of Information and Communications Technology (DICT) confirmed the accounts of millions of PhilHealth members were affected by the Medusa ransomware attack.
This was the largest government data breach since the Commission on Elections’ “Comeleak” incident in 2016.
READ: Philhealth data breach largest since ‘Comeleak’
Chato said the SEC was also equipping its workforce with the necessary skills to combat cyberthreats, adding there is a “lack of skill sets in terms of cybersecurity in the Philippines”.
“We are trying to build up our capacity and capability in that area by engaging experts,” he said.
Chato said there were also plans to increase investments in this area alongside their broader “digital transformation” roadmap.
“We are also closely coordinating with the incident response teams of the DICT and we’ve implemented sound cybersecurity practices from the ground up but at the same time we recognize there is a constant need to improve and adapt to certain threats,” Chato said.