Phishing, ransomware attacks remain top cyber threats in PH

MANILA  —Cybersecurity firm Fortinet warned Philippine companies against a further increase in ransomware incidents this year, noting that hackers have remained persistent in launching digital attacks that could disrupt operations for monetary gain.

In a survey commissioned by Fortinet and conducted by International Data Corp. (IDC), ransomware and phishing attacks are the top cyber threats in the country, with over half of the respondents citing them.

The study surveyed 550 information technology leaders across markets in the Asia-Pacific region, including the Philippines.

Phishing is a fraudulent activity whereby hackers send suspicious links to unsuspecting individuals via mobile messages and emails. The links lead to fake websites that trick users into providing personal information like bank account details.

READ: DICT urges companies not to pay for ransomware to avoid repeat attacks

Rashish Pandey, Fortinet vice president for marketing and communications at Asia, Australia and New Zealand, said that 56 percent of the surveyed organizations in the Philippines said they saw two times increase in ransomware attacks in 2023 compared to 2022.

Ransomware attacks doubled in 2023

“What we are seeing though is the frequency of those attacks is increasing,” he said.

Ransomware, which usually targets big organizations, is a cyberattack that holds an entity’s network or data hostage until a ransom is paid.

Fortinet previously estimated that an organization spends about P55 million or about $1 million to resolve a single data breach and pay off ransom to regain system access.

READ: 47% of hacked SE Asia firms paid ‘ransom’

Pandey explained that the cost to recover data might go up depending on the nature of the attack. Some hackers sell the stolen data to another party, which means the victimized organization needs to pay more to regain control.

In addition, paying off ransom does not guarantee absolute protection as perpetrators might just repeat the attack and demand money again.

Cyberdefense

“In the ever-evolving threat landscape, organizations grapple with a spectrum of cyber threats targeting their digital assets,” Pandey said.

As such, Fortinet noted that companies see the need to have quicker threat detection and response to digital attacks.

The enterprises polled plan to do so by gearing up investments in security operations in the next 12 months. Among the initiatives in their pipeline are cyber awareness training, security audits and upgrade of cyberdefenses.

“Securing modern IT infrastructures requires a continuous commitment to vigilance, proactivity, and adaptability amid challenges posed by hybrid work, AI, and cloud technologies,” said Simon Piff, IDC vice president for research in the Asia-Pacific region.