with Patricia B. MirasolProducer
Experts highlighted the importance of the human factor in combating cyber threats at an October 9 forum by P&A Grant Thornton, a professional services firm.
Social engineering (the use of deception to manipulate people into providing confidential information) is as powerful now as it was in 2000 when it was black hat, Leonard B. Duque, CIO of the company’s technology solutions group, said.
“It’s still the number one entry for computer attacks,” he said.
Human error is the bane of cybersecurity, according to Mr. Duque.
“When employees ignore your direction and click on links, those are human-based mistakes… If senior management doesn’t prioritize cybersecurity, that’s a human decision,” he added.
According to the 2023 workforce survey conducted by ISC2a non-profit organization of cybersecurity professionals, The top three skills gaps in the organization are cloud computing security (35%), artificial intelligence/machine learning (32%), zero-hope implementation (29%).
Artificial intelligence (AI) is already the fastest growing technology in history, according to Alexis C. Bernardino, field CISO and head of business consulting practices at PLDT Enterprise.
“It took 23 years for the Internet to reach one billion users. It will only take 7 years for AI to reach the same figure,” he said.
“With that discovery,” he added, “the attack surface will expand.”
Most of the cyberthreats identified in 2022 by the European Union Agency for Cybersecurity (ENISA) are related to AI, Jeffrey Ian C. Dy, undersecretary of the Department of Information and Communication Technology (DICT), noted in the same event.
That said, “no firewall is stronger than employees who are trained to think critically, adapt quickly, and respond quickly.”
Even end users should be concerned, said Mr Dy.
“The biggest risk identified by ENISA is the compromise of procurement, [yet] “cybersecurity can’t just be a vendor’s responsibility,” he said.
“We are trying to have a law that will be your issue,” he told the audience of the event.
Mr. Dy added that DICT is working with social media to implement automatic information labeling. The program aims to improve public understanding and expose “verified sources of truth.”
Human-centricity is a trend for security design practices in 2024, according to findings by Gartner, Inc., a research and consulting firm.
By 2027, 50 percent of CISOs at large companies will have adopted this approach, the study showed.
“In the early 2010s, the focus was on the use of technology,” said Mr. Duque. “The cause of the change in security awareness was COVID.”
Think of it as a shared responsibility, advises Mr. Bernardino.
“Ang trabaho po natin is pahirapan ang buhay nung [Our role is to make it hard for the] a hacker to be able to extract information,” he said.
“If employees are informed, they can be the first line of defense and enforce cyber security redundancies,” he added.
The Philippines has a score of 93.49 – from 77 in 2020 – in the 2024 Global Cybersecurity Index. A place where the country is highly developed in terms of working skills.