Got a question? Call 02 8286 9429 | Login
Cyber security is a rapidly growing concern. According to Palo Alto Networks, the Philippines experienced the greatest number of cyber attacks in Southeast Asia in 2023. The same report found that 29% of organisations in the country experienced a significant increase in security incidents.
Moreover, a separate study by risk and financial advisory solutions provider Kroll found that 75% of businesses in the Philippines have suffered a cyberattack — higher than the 59% average in the Asia-Pacific region.
To bolster its cyber resilience, the Philippine government put together the National Cyber Security Plan (NCSP) 2023-2028. Let's break this down to understand its impact on the country’s economy, and how the public, private, and academic sectors must adapt to the NCSP. This blog will also discuss the role of training in creating a skilled cyber security workforce.
What is the Philippines’ National Cyber Security Plan 2023-2028?
The NCSP is an extensive plan by the Philippine government that addresses these cyber security challenges. It employs a multi-faceted approach involving the private sector, government, and international partnerships.
The NCSP provides cyber security professionals and leaders like Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), security managers, and security analysts with a strategic framework to improve their organisation’s security posture.
For Learning and Development (L&D) professionals, the plan highlights the need to upskill the current talent pool and align with the latest skills framework in the country’s ICT industry.
Through the NCSP, the Philippines aims to secure its cyberspace and develop a culture of cyber security resilience and awareness.
The plan has three main outcomes:
Proactive security and protection in cyberspace: The NCSP aims to enhance the security of the Government Network to protect national and local government agencies connected through the National Fiber Backbone. It also looks to strengthen the National Computer Emergency Response Team (NCERT) and establish a National Security Operations Center.
Lumify Work trainers can provide strategic advice and training to implement these initiatives well. Their knowledge also helps government agencies develop effective cyber security strategies and stay ahead of emerging threats.Enhanced cyber security workforce capabilities: The NCSP plans to grant cyber security scholarships for higher education. It sees the government partnering with international training organisations to offer relevant certifications and courses. It also includes plans to re-establish the ICT Academy to develop a skilled workforce. Lumify Work offers a wide range of vendor-certified courses and training programs aligned with the NCSP’s goals. Our expertise in cyber security can significantly help upskill the current talent pool.
Improved cyber security policy framework: The National Cyber Security Inter-Agency Committee (NCIAC) will be optimised to coordinate security policies and strategies across various government agencies. The NCSP will also promote an executive order for the protection of Critical Information Infrastructure (CII) and advocate for new legislative measures to improve cyber security.
In addition, the NCSP emphasises professional development training (like the ones Lumify Work offers) to help cyber security specialists better influence, implement, and communicate security policies. This approach will help build a more resilient and secure cyber environment.
To achieve these overarching outcomes, the NCSP is structured around six key pillars:
Enactment of the Cyber Security Act: This focuses on strengthening the legal and policy framework for cyber security and aims to establish clear laws and regulations to protect against online threats.
Secure and Protect CII: This pillar involves safeguarding essential systems like power grids, financial services, and transportation from cyber attacks through measures like vulnerability assessment, incident response plans, and cyber security certifications. For instance, banks can be required to undergo cyber security audits, while critical infrastructure operators can implement and maintain intrusion detection systems.
Proactive Defense in Cyberspace: This emphasises the importance of being proactive rather than reactive when dealing with cyber threats. It includes measures to identify and prevent these before they can cause damage. A crucial component of this pillar is establishing a National Cyber Security Operations Center, which can aid with monitoring and responding to issues.
Strengthening the Cyber Security Workforce: The NCSP understands that a strong workforce is essential for effective cyber security. This means that by leveraging training and education through scholarships and cyber security centers of excellence like Lumify Work Philippines, cyber security professionals can hone their skills and capabilities.
Public Cyber Security Awareness and Education: This pillar involves educating the public about cyber security best practices through awareness campaigns like National Cyber Security Month and educational programs to ensure everyone can protect themselves from online threats.
Collaboration and Coordination: To combat larger scale threats, effective collaboration between government agencies, the private sector, and international partners is a must. Combined efforts can include participating in international cyber security forums and establishing a public-private cyber security council.
Shifting the Cyber Security Paradigm Through Economics
Traditional cyber security efforts have normally focused on technical solutions (e.g., antivirus software, firewalls) and strict regulations to defend against cyber attacks. But these are no longer enough.
It's also important to look at the economic and behavioural dimensions of the problem. This helps parties involved in cyber security develop more effective security strategies.
Moreover, incorporating insights from behavioural economics, considering the influence of community practices, culture, and traditions, can help us deepen our understanding of how to shape human behaviour to improve cyber security resilience.
The NCSP is adopting this new cyber security perspective by recognising the importance of economic and social prosperity in cyber security and incorporating these factors into its strategies.
In fact, even international bodies like the Organisation for Economic Cooperation and Development (OECD) also emphasise cyber security’s economic and social dimensions in their policy recommendations, as you can see below.
How Does Cyber Resilience Drive Economic Growth?
If the Philippines is resilient against cyber attacks, essential services like banking, eCommerce, business process outsourcing, utilities, and telecommunications will remain operational. This helps maintain public confidence and economic stability. Cyber resilience will also protect company, customer, and employee information, and reduce costly disruptions that can affect business operations and take a toll on productivity.
What’s more, a robust cyber security framework reassures investors that their investments are secure, making the Philippines a more attractive destination for domestic and foreign investments.
Enhanced cyber security strategies reduce the risk of data breaches and attacks, which can result in reputational damage and financial losses. And as businesses invest in better cyber security measures, the demand for cyber security professionals increases, creating more job opportunities and contributing to economic growth.
What is the Current State of the Philippines’ Cyber Security?
When it comes to cyber attacks, most Filipinos commonly experience text scams or cyber bullying. However, there’s more to the story.
The country’s National Computer Emergency Response Team (NCERT) monitored 57,400 threats from 2020 to February 28, 2023, and oversaw 3,470 incidents in the same period. Of these threats, almost half were malware, while the rest involved data leaks and compromised websites.
What’s alarming is that these threats primarily targeted government agencies and emergency response systems, resulting in operational disruptions in critical infrastructure. The NCERT report also found that cybercriminals went after sectors like the academe, telecommunications, finance, and the military.
The OECD estimates cyber attacks cost USD 6 trillion a year globally (PHP 343 trillion). But despite this number, many businesses remain slow to invest in cyber security. According to the NCSP, this may be due to misaligned incentives between the cost of following the policy compared to the cost of not following it.
There’s also often a significant knowledge gap between those who develop cyber security products and those who use them. While cyber security professionals have an in-depth understanding of complex technical concepts, most end-users, including executives and board members, struggle to understand the intricacies of cyber security jargon.
Such a disparity leads to a mismatch between product features and user needs, making it difficult for users to evaluate the effectiveness of cyber security products. This increases their susceptibility to purchasing subpar solutions. As such, end-user training is crucial as it gives users the necessary knowledge to make informed decisions and effectively utilise cyber security products.
What Can Organisations Adapt from the NCSP 2023-2028 to Achieve Cyber Resilience?
It isn’t just a good idea; it’s imperative as well to improve the ability to identify, respond, and quickly recover from any security incident.
By being resilient, they can remain operational during adverse events, avoid unnecessary downtime, and keep their data secure. It also allows them to protect their brand’s reputation, comply with regulatory requirements, and save millions (or even billions!) in pesos. This will then help strengthen the country’s cyber security posture.
Businesses of all sizes in the Philippines can leverage the NCSP 2023-2028 to improve their cyber resilience. Consider these examples:
1. Proactive Protection and Security
To ensure its security, the NCSP is set to recalibrate the Government Network (GovNet) this year. The GovNet project aims to interconnect more than 3,900 national and local government agencies and units to the 5,414 km National Fiber Backbone of the National Broadband Plan.
Much like this, businesses must implement robust security measures for their network. For instance, they can:
Regularly assess and prioritise potential cyber risks and develop a framework to manage them better
Implement cyber security awareness education and training and make sure to cover security during employee onboarding
Implement strong authentication systems like multi-factor authentication, biometrics, or password managers
Regularly update systems and programs to fix security vulnerabilities and bugs
Develop policies for mobile device usage, implement remote wipe capabilities, and enforce encryption on mobile platforms
2. Enhance Cyberspace Intelligence Capabilities
Like key agencies responsible for national security and fighting cybercrime, companies can set up teams to leverage intelligence gathering. From there, they can look at the threat landscape and proactively protect their assets. This includes monitoring threat actor activities both on the surface and dark web, analysing open-source intelligence, and using User Entity and Behaviour Analytics in intelligence operatives.
3. Incident Response and Recovery
Cyber attacks can strike unexpectedly, so creating and regularly updating incident response plans is vital to ensure quick and effective responses to incidents. They must also focus on resilience planning, which involves not just recovery, but also adapting to new threats and uninterrupted operations during incidents.
4. Policy and Framework
To bolster threat detection and mitigation efforts, businesses must collaborate with the public sector in building a robust cyber security ecosystem. They must develop and implement comprehensive security policies that align with national standards and best practices.
5. Cyber Security Workforce Development
Organisations must establish training programs for their staff and provide scholarships to develop a skilled cyber security workforce. This focus on cyber security workforce development is aligned with the NCSP’s initiative to build human intelligence capabilities through training, re-establish the ICT Academy, and launch a Cyber Security Center of Excellence.
How Lumify Work Can Help You Improve Your Cyber Security Initiatives
One effective way for your company to become resilient is to upskill through cyber security courses. Lumify offers best-in-class cyber security training that caters to all employees whether you are a front-line staff or a highly experienced cyber security pro. We also boast a team of award-winning trainers and partner with leading security vendors like CompTIA, ISACA, AWS, and ISC2.
Professionals in government, telecommunications, IT, banking, finance, education, and business process management look to our cyber security courses for upskilling and certification.
Governance, Risk, and Compliance : This refers to strategies for handling corporate governance policies, enterprise risk management initiatives, and company and regulatory compliance.
Certifications:
Security Management and Leadership : This covers all aspects of protecting an organisation’s assets, such as computers, sensitive data, and people against risks.
Certifications:
Technical Security and Operations : This ensures the protection and reliability of IT systems through incident response, cyber security, and network administration.
Certifications:
Application and Cloud Security : This refers to safeguarding software and cloud applications from threats.
Certifications:
Emerging Technologies and IoT Security : This covers security protocols for devices under the internet of things and other modern technologies.
Certifications:
Ready to get started on your journey to cyber resilience? Talk to our team today to know more or download our “Meeting the Cyber Security Challenge For 2023 and Beyond” eBook.