Monday, November 18, 2024

Establishing Zero Trust Cybersecurity in Philippines’s Newly-Connected Communities

Establishing Zero Trust Cybersecurity in Philippines’s Newly-Connected Communities

How do you feel about this story?

Like
Love
Haha
Wow
Sad
Angry

Internet access has transformed from a convenience to a necessity in today’s digital age. With the rise of remote work, distant learning, e-commerce, and financial technology, internet connectivity is increasingly considered a fundamental right. Unfortunately, a report from the Department of Information, Communication, and Technology (DICT) indicated that 65% of Filipinos still do not have internet access.

To bridge the digital divide, the Philippine government is advancing projects to narrow the gap in geographically-isolated and disadvantaged areas (GIDAs). This effort involves welcoming a range of internet satellite providers to enhance accessibility in rural regions. This includes the launch of Starlink in February and upcoming market entry announcements from other key players, such as SES, Silkwave, and Astranis, all within the next two years.

Digital inclusion promises greater economic growth and opportunities in rural and underserved regions. Achieving this goal requires collaborative efforts from all stakeholders to ensure that newly connected communities are well-informed about the associated risks. Consumers need education to embrace a proactive mindset, preparing for and mitigating the impact of cyberattacks. Organizations must offer cybersecurity training to employees and establish strong infrastructure to protect these communities from evolving and complex threats.

 

Cybersecurity Foundation in Newly-Connected Communities

Oscar Visaya, Country Manager for the Philippines at Palo Alto Networks, shared, “GIDAs are gaining internet access through public and private initiatives. But the greater challenge lies in shifting consumer behavior towards cybersecurity. Many people in these communities were never exposed to online risks, so taking on cybersecurity practices might take time—possibly too late. Early education on best security practices, like Zero Trust, is crucial for individuals and organizations within these areas.”

Zero Trust is a strategic approach that secures an organization by eliminating implicit trust and continuously validating every stage of digital interaction. This principle encourages users to adopt multi-factor login authentication and grant permission solely to recognized devices and applications. Given the country’s high incidence of phishing, Zero Trust can also be extended to consumer behaviors. This involves individuals exercising elevated caution when encountering links in emails and social media, evaluating the credibility of links and their sources before clicking.

Companies at the forefront of driving the digital infrastructure of communities are also increasingly confronted with ransomware attacks. According to Palo Alto Networks’ 2023 Unit 42 Ransomware and Extortion Report, ransomware attacks in the Philippines surged by nearly 60%. These attacks employ tactics such as encryption, data theft, distributed denial of service (DDoS), and harassment. While no organization is impenetrable to cyber threats, embracing Zero Trust helps identify a network attack or breach at an early stage.

As companies handle vast datasets, contend with supply chain vulnerabilities, and manage on-premise and cloud integration complexities, risks arise on various fronts. Securing network architecture with robust firewalls and intrusion detection systems (IDS) is vital to fortifying digital infrastructure against multifaceted threats. In this backdrop, leveraging artificial intelligence (AI) and machine learning becomes pivotal for a comprehensive Zero Trust approach, enabling continuous monitoring and verification of high-volume users, data, and applications to effectively address the rapid evolution of sophisticated risks that surpass manual monitoring capabilities.

Palo Alto Networks also reported that state and local government units (LGUs) emerge as one of the most vulnerable sectors in the country due to the abundance of extensive sensitive data and invaluable information they store. The possible fallout from a data breach within a public agency reverberates far beyond the digital realm, which could jeopardize citizens’ privacy, public services, and even national security. In line with this, government agencies like the Bangko Sentral ng Pilipinas (BSP) advised their supervised banks and other financial institutions to embrace a zero trust operational model for security.

One of the most important cybersecurity measures that the state and LGUs can integrate is having granular visibility over operational network traffic and scrutinizing it at both the application and user levels. This process would validate proper usage while promptly flagging any anomalous activity. Additionally, identity and access management (IAM) could help segment networks to limit extraneous and internal attack vectors while meeting stringent performance requirements.

“Digital infrastructure’s economic potential hinges on effective preparedness against attacks that could cause financial losses, cost livelihoods, and endanger people’s safety at worst. By implementing robust cybersecurity measures from the outset, attack surfaces shrink and pave a path for sustainable growth that benefits everyone in the long term,” Visaya concluded.