THE heightened threat landscape is in the country was recently confirmed by data from the Philippine National Police, showing over 14,000 online scams and 2,800 identity theft incidents logged in 2023 alone. These figures underline a national urgency that has already led to initiatives such as the National Cybersecurity Plan 2024-2028.
Kumaravel Ramakrishnan, Technology Director at ManageEngine, shared critical insights with Malaya Business Insight on the state of cybersecurity in the Philippines, focusing on the pressing need for identity security amidst a rapidly evolving digital landscape.
Drawing from the 2024 Identity Security Report, he highlighted the top cybersecurity challenges facing Philippine organizations today, from ransomware to identity theft, which have surged as the nation’s digital transformation accelerates.
Identity security, he explained, has become indispensable in today’s cybersecurity strategy, as it aims to protect an organization’s credentials and sensitive data by ensuring that only verified users have access.
“In the last year alone, 44 percent of organizations in the Philippines have faced an identity-related cyberattack,” he shared, emphasizing that failing to protect identities doesn’t just open doors for insider attacks and data breaches but also erodes customer trust in an organization’s ability to protect personal data. He described identity security as the bedrock for managing privileged accounts, which, if compromised, can lead to significant financial and reputational damage.
In discussing how companies can effectively defend against these cyber threats, he advocated for a combination of endpoint threat detection, behavioral analytics, and automated incident response. Additionally, vigilant monitoring of high-level access to sensitive data is crucial, as privilege misuse has become a top concern. These proactive measures, he believes, can greatly enhance a company’s security posture.
Looking forward, AI-based cyber threats are expected to rise in sophistication, as AI tools give attackers new ways to launch complex and covert attacks. The Asia-Pacific region’s cybersecurity spending is projected to reach $12 billion by 2027, and 60 percent of Philippine leaders believe AI will play a critical role in strengthening defenses. However, the potential for AI to be used for malicious purposes, such as deepfake impersonations or adversarial manipulation, requires organizations to adopt advanced AI-driven detection systems, which can search massive datasets for anomalies while reducing the load on security teams.
Zero-Trust and Zero Standing Privileges (ZSP) frameworks have become essential in these efforts, but the adoption rate in the Philippines remains low, with only 30 percent of organizations currently implementing a Zero-Trust strategy. This model of “never trust, always verify” is designed to limit access to critical resources through continuous verification, minimizing reliance on traditional perimeter defenses.
While 82 percent of organizations in the Philippines plan to implement Zero-Trust within three years, many still face obstacles, including the need for better tools, workflows, and processes. By establishing these frameworks, companies can protect themselves against internal and external threats, reducing their attack surface and ensuring that only verified users have access to essential resources.
In a rapidly evolving threat landscape, his insights suggest that Philippine organizations must act decisively, strengthening identity security and implementing comprehensive strategies like Zero-Trust to protect data, reduce risks, and safeguard customer trust.