Protecting the crown jewels from cyberattack

In sync with the rise of desktop and mobile applications — whether games, entertainment, or social media — is the Philippines’ emergence as a top 20 country in terms of high smartphone usage.

The work-from-home setup forced us to adapt to and evolve around the use of devices for school, work, business, etc. In this digital age, how do we protect our personal data?

Each time we avail of services or register an account in any application or website, most of us skip reading the terms and conditions agreement and just tick the box to agree. What we don’t read and blindly accept are the rules or regulations on how the website or the company will use, process, and protect the data that we share.

How safe is our personal data when a security breach occurs?

Organizations can respond to cyberattacks using widely accepted and recognized approaches and industry standards, such as these phases based on Incident Response (IR) best practices.

• Preparation. Being ready enough to respond and recover from cyberattacks using tools and equipment, conducting training, and building awareness

• Detection and Analysis. Detecting anomalies in users, network, and systems, with the security team able to analyze and triage cyberattacks

• Containment. Suppressing live cyberattacks by minimizing the impact/damage of an attack

• Eradication. Dealing with an attack through root cause analysis, reverse engineering, malware static and dynamic analysis, removing malware and applying vulnerability patches

• Recovery. Bouncing back from the hacker attack and resulting damage, and resuming business operations

• Post-Incident. Taking note of lessons learned from the attack that help improve readiness and responsiveness

COMMON TYPES OF CYBERATTACKIn a phishing attack, the adversary gains access to the victim’s system or account through electronic social engineering platforms such as e-mail, short messaging service (SMS), calls and social media messaging apps.

A ransomware attacker encrypts the victim’s system files, possibly preventing the user from accessing their machine. He demands payment to regain access and threatens to publish the user’s personal information or company data if the ransom is not paid.

Unauthorized access leading to a data breach is one of the most common hacker objectives. Attackers target the company’s “crown jewels” to acquire critical data. These “crown jewels” that contain company and customer information are sold on various markets. where the info is used to scam customers, defame the company, extort money, and so on.

STAYING IN LINE AND COMPLIANTWith data compromised, an organization may be in violation of the Data Privacy Act of 2012 — and it can be costly. Other than imprisonment ranging from six months to six years, and a fine of up to P6 million, the company also faces damage to its reputation and brand image. Rebuilding an image takes time and can cost more than the penalty and the investment required in implementing robust cybersecurity measures combined.

Building a stronghold against cyberattacks thus becomes an imperative.

Having a third party or an internal cybersecurity team gives companies the upper hand. This team will be the first responder to cyberattacks on the “crown jewels,” helping the organization detect, understand, and respond to cyberthreats.

Cybersecurity policies must be in place to minimize the points of attack available to hackers. Periodic team reviews keep the company updated on cyberattack trends. However, a “one-sided” review might not be enough, so a third-party review can be an option. External consultants can be hired to find gaps in the company’s cybersecurity policies and recommend best practices to the business.

Cybersecurity incidents and events that breach or violate an organization or system’s security (with the potential to destroy, steal, and expose data) are unpredictable and unwanted. Thus, having a response plan — an organized approach to address and manage the aftermath of a security breach is crucial. It is important that plan be reviewed from time to time.

Cybersecurity IR plans prepare the company to detect, respond to, and recover from cyberattacks. In turn, they reduce the potential impact or damage to business assets, finances and brand reputation. Playbooks, on the other hand, go hand-in-hand with an IR plan, providing step-by-step procedures for handling specific cyberattacks.

Immersing ourselves in the digital age in the Philippines becomes easier as our cybersecurity processes mature and as everyone adopts industry best practices in data protection, such as those of the National Institute of Standards and Technology (NIST) and SANS Institute. Having cybersecurity incident plans helps us respond early enough to mitigate damage or loss of assets.

The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.

Timothy Redd Francisco And Eugene Dumlao are a senior associate and an associate, respectively, at the Cyber and Forensics practice of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a Philippine member firm of the PwC network.

+63 (2) 8845-2728