Through Patricia B. MirasolProducer
Experts emphasized the importance of the human factor in combating cyber threats during an Oct. 9 forum by P&A Grant Thornton, a professional services firm.
Social engineering (the use of deception to manipulate people into giving away private information) is as powerful now as it was in 2000, when he was still in the black hat. Leonard B. Duque, CIO of the company’s technology solutions group, says.
“It’s still the number one cyber attack,” he says.
Human error, according to Mr. Duque, is the bane of cybersecurity.
“If employees ignore your guidelines and click on links, that’s human error. If upper management does not prioritize cybersecurity, that is a human decision,” he added.
According to a 2023 workforce survey by ISC2a non-profit organization for cybersecurity professionals, The top three skills gaps at an organization are cloud computing security (35%), artificial intelligence/machine learning (32%), and zero trust implementation (29%).
Artificial intelligence (AI) is already the fastest growing technology in history, according to Alexis C. Bernardino, field CISO and head of enterprise consulting practices at PLDT Enterprise.
“It took the Internet 23 years to reach 1 billion users. It will take AI just seven years to reach the same number,” he said.
“With that adoption,” he added, “the attack surface will increase.”
Most of the cyber threats identified by the European Union Agency for Cybersecurity (ENISA) in 2022 are related to AI, Jeffrey Ian C. Dy, Undersecretary of the Department of Information and Communications Technology (DICT), noted at the same event .
That said, “no firewall is stronger than a workforce trained to think critically, adapt quickly, and respond decisively.”
Even end users should be concerned, Mr Dy said.
“The number one identified threat that ENISA has identified is supply chain compromise. [yet] cybersecurity cannot be the sole responsibility of the supplier,” he said.
“We are trying to amend the legislation so that it becomes your concern too,” he told the audience at the event.
Mr Dy added that the DICT is working with social media platforms to implement automatic information labelling. The initiative aims to improve public understanding and uncover “verified sources of truth.”
Human-centricity is the trend in security design practices in 2024. according to findings from Gartner, Inc., a research and consulting firm.
By 2027, 50% of large enterprise CISOs will have adopted such an approach. the research showed.
“In early 2010, the focus was on technical implementation,” said Mr. Duque. “The catalyst for the shift in safety consciousness was COVID.”
Think of it as a shared responsibility, Mr. Bernardino advised.
“It may happen that something goes wrong [Our role is to make it hard for the] hacker to be able to exfiltrate data,” he said.
“If employees are made aware of this, they can be the first line of defense and a cyber security multiplier,” he added.
The Philippines has an overall score of 93.49 – up from 77 in 2020 – in the 2024 Global Cybersecurity Index. The area where the country has made the most progress is in the capabilities of its workforce.