Cybersecurity’s critical role in Philippine finance

I show You how To Make Huge Profits In A Short Time With Cryptos!

THE banking sector plays a crucial role in any country’s economy, making cybersecurity a priority focus, especially as financial institutions in the Philippines drive toward digital transformation.

As the Philippines pushes toward a “cash-lite” economy, the financial services sector faces a growing threat of cyberattacks, including ransomware incidents, phishing scams, and evolving tactics from cybercriminals.

In 2023 alone, ransomware attacks surged, with a Fortinet survey revealing that 56 percent of Philippine organizations saw at least a two-fold increase in incidents compared to 2022, and Kaspersky detected and blocked 15,312 ransomware cases targeting businesses in the country. But a question looms — are financial institutions in the Philippines prepared to defend against these evolving threats?

MAYA & GCASH DEBIT CARDS. As the Philippines pushes toward a ‘cash-lite’ economy, the financial services sector faces a growing threat of cyberattacks. PHOTO BY JING GARCIA FOR THE MANILA TIMES

Stakes of digital transformation

As Philippine banks move toward modernization through open banking and expanded cloud environments, they’re not alone. Cybercriminals are also advancing their tactics, creating a continuous arms race between security teams and online threats. Philippine banks hold large volumes of sensitive payment data and have access to critical information, making them prime targets for ransomware actors who hope for substantial payouts.

Get the latest news


delivered to your inbox

Sign up for The Manila Times newsletters

By signing up with an email address, I acknowledge that I have read and agree to the Terms of Service and Privacy Policy.

According to the Bangko Sentral ng Pilipinas (BSP), the share of digital payments to total retail transactions in the Philippines rose to 52.8 percent in 2023 from 42.1 percent in 2022, indicating a significant increase in digital transaction volumes.

Additionally, the digital payments market in the Philippines is projected to reach a total transaction value of approximately $61.41 billion by 2028, reflecting the nation’s accelerating shift toward cashless transactions and underscoring the urgency of robust cybersecurity measures.

Shifting landscape

The Philippine financial sector has undergone significant changes in the past decade, with a steady shift toward cashless transactions. The BSP’s “Digital Payments Transformation Roadmap” aimed to digitize at least 50 percent of total retail transactions by 2023, a target that was exceeded with the 52.8 percent achievement in 2023.

The adoption of cloud technologies allows banks to scale operations, increase efficiency, and offer customers more flexible digital banking options. However, without robust security protocols, this transition exposes financial institutions to new vulnerabilities.

Rise of persistent threats

Ransomware remains a top threat for financial institutions globally, and the Philippines is no exception. Between 2019 and 2021, losses based on complaints filed with the BSP amounted to P2 billion, underscoring the need for enhanced cybersecurity measures. One emerging threat is ransomware-as-a-service (RaaS), which allows cybercriminals to “subscribe” to ransomware tools from other hackers. RaaS enables hackers to employ a range of techniques, including phishing and exploiting software vulnerabilities, to penetrate corporate networks.

These attackers often persist on networks for extended periods, collecting sensitive data and preparing for maximum damage. With the increasing complexity of hybrid cloud environments, the attack surface for financial institutions widens, heightening the need for rigorous security oversight. Philippine banks must consider finding and addressing these potential blind spots during every stage of cloud migration.

Encryption challenges

One common defense strategy — encryption — has become a double-edged sword. While encryption is crucial for data security, it can also obscure malicious activities within a network, making it harder for security tools to detect suspicious behavior.

Recent advancements in quantum computing have raised concerns that traditional encryption methods may soon be at risk. The BSP has started to explore advanced encryption methods to mitigate these risks, but ensuring system-wide encryption compliance across institutions remains a challenge.

Studies reveal that many financial institutions globally, including a significant portion of Filipino organizations, find encrypted traffic difficult and costly to inspect. Without comprehensive inspection, there’s a heightened risk that breaches may go undetected until after sensitive data is compromised.

A call to action

Philippine banks and financial institutions cannot afford to fall behind in cybersecurity. With the country on the cusp of major digital transformation, achieving complete visibility across networks is essential. Security teams must take steps to gain deep observability — network-derived intelligence delivered to cloud, security and observability tools — of all network activity, including encrypted data flows between on-premises and cloud environments. This deep observability will ensure that hidden threats are exposed, giving institutions the best chance of preventing disruptions to services and protecting sensitive information.

To strengthen cybersecurity resilience, collaboration between the BSP, financial institutions, and cybersecurity providers is paramount. The BSP recently launched the 2024-2029 Financial Services Cyber Resilience Plan (FSCRP) to strengthen the cyber resilience of the Philippine banking industry. This partnership approach can enable a safer environment for digital finance, building trust among Filipino consumers as they adopt digital payment solutions.

By prioritizing cybersecurity innovation and understanding the risks within a hybrid cloud landscape, Philippine financial institutions can stay one step ahead of cybercriminals, safeguarding the future of finance in the country.

Ian Farquhar is the security chief technology officer at Gigamon, a cybersecurity company that offers a deep observability pipeline that efficiently delivers network-derived intelligence to cloud, security and observability tools.

Be the first to comment

Leave a Reply

Your email address will not be published.


*