MANILA, Philippines —Amid fears of Chinese espionage through technology infrastructure, the Department of Information and Communications Technology (DICT) assured that the Philippines has remained “overly cautious” over potential cyberthreats, making sure that systems are in place to monitor its networks.
Information and Communications Technology Secretary Ivan Uy, on the sidelines of an event in Makati on Tuesday, told the Inquirer they have means to detect irregular flow of data at its servers.
In addition, Uy said the agency conducts training to strengthen knowledge capacity and also upgrades software to reduce vulnerabilities.
READ: DICT: Probe underway on alleged breach of 1.2M records
“We always err on [the side of] overly cautious, especially in dealing with protection of our infrastructure,” he said.
Uy, however, stressed that cybersecurity threats loom regardless of which country a particular technology originates from, noting that even Western countries that were not using Chinese hardware still have to deal with cyberattacks.
‘Weakest link’
Beyond the hardware, the DICT chief said that people could be the “weakest link” in an organization as cybercriminals target certain individuals to breach networks. This can be done through phishing attacks launched via emails or text messages, tricking individuals into giving out personal and corporate information.
After DITO Telecommunity won the bid to become the country’s third telco player in 2018, there have been concerns about Chinese espionage as the entity running it includes state-owned China Telecom. The latter owns a 40-percent stake in DITO.
READ: Dito allays fears of Chinese spying: ‘We are a Filipino company’
DITO previously assured that its facilities would not be used as a tool for spying, stressing that the telco is a “Filipino company” and would “never allow any espionage or anything that will be negative to our national security.”
The issue was brought up last year when Sen. Raffy Tulfo advised the Armed Forces of the Philippines to dismantle DITO facilities at military camps for fear of espionage.
Apart from this, the telco players are also using Chinese technology in the rollout of 5G services in the country.
A real threat
Sami Khoury, head of Canadian Center for Cyber Security, told reporters on Tuesday that cyberespionage has been gaining ground.
“Traditional espionage is still around and some have moved into the cyber landscape. We need to recognize that it is a real threat. Some of it is directed towards the government,” he explained.
Other cyberattacks, Khoury noted, target the private sector to steal intellectual property.
“Now, they (cyber criminals) employ sophisticated and often covert digital weapons to conduct espionage, disrupt economic activity, engage in criminal activity, undermine social cohesion, interfere with the political system, undermine democracy and spread misinformation and disinformation,” Canadian Ambassador to the Philippines David Hartman said.
Adrian Hia, managing director for Asia Pacific at cybersecurity firm Kaspersky, told the Inquirer that cyber espionage can adversely impact business, nation’s security, economy and critical infrastructure.
“When a cybercriminal steals information, it can cancel out any advantage the original owner had—whether it’s a nation with military secrets or a business with intellectual property and commercial secrets that provides them a competitive edge,” he said. “No one is immune to cyberespionage, and it’s necessary to keep this in mind at all times.”
More victims
At the time of heightened digitalization, Hartman said that almost everyone can be a victim of cyber attacks.
“Today, any citizen with a smartphone is likely to encounter phishing, ransomware, attempts to access personal data or be exposed to misinformation and disinformation,” he explained.
A common phishing attack targeting smartphones in the Philippines is launched via text messages. The rise of text scams prompted the government to implement SIM (subscriber identity module) card registration to curb its proliferation.
Ransomware, which usually targets big organizations, is a cyberattack that holds an entity’s network or data hostage until a ransom is paid.
READ: Ransomware hit usually costs PH firm about $1M, says Fortinet
Cybersecurity company Fortinet previously estimated that an organization spends about P55 million or about $1 million to resolve a single data breach and pay off ransom to regain system access.
With the cyber threat landscape only expected to keep on evolving, Hartman said Canada was “prepared to work hand-in-hand with the Philippines” to improve cyber defense. INQ