PHILIPPINES-BASED banks face sophisticated cybersecurity threats, an official of the Philippine National Police-Anti-Cybercrime Group (PNP-ACG) said.
In an exclusive interview at Camp Crame, P/Supt. Elbert F. Pagente said these institutions, however, are tongue-tied, fearing their reputation will be damaged once reports of these attacks become public.
The threat has been around for years now but “not one has ever reported” to the authorities, Pagente told the BusinessMirror on August 24.
Banks can exercise discretion to not disclose breaches on their cybersecurity since no law compels them to do so, according to Angel Averia, Philippine Computer Emergency Response Team president and another cybersecurity expert, in a separate interview.
According to Pagente, the officer-in-charge of the PNP-ACG Cyber Security Research and Analysis Division, local cybersecurity professionals, like Averia, have confirmed there have been attacks against banks here.
“Everyone in the circle knows the threat,” Averia said.
“Hackers have been trying to penetrate banks’ security measures in the past several years,” Angel Redoble, Philippine Institute of Cyber Security Professionals president, told the BusinessMirror in a separate interview.
But banks, who employ their own cybersecurity professionals, cannot be compelled to disclose security threats because “there is no law that mandates them to do so,” Averia said.
The reactive nature of Republic Act (RA) 10175, otherwise known as the Cybercrime Prevention Act of 2012, is inadequate to address the threat, according to Pagente.
Under RA 10175, the PNP-ACG is “limited to responding only when a cybercrime is reported,” he said. “Banks’ cybersecurity requires a proactive law to strengthen its vulnerability.”
Averia, one of the proponents of RA 10175, admitted this flaw and agrees with Pagente.
That measure should compel banks to disclose data-security breaches to authorities, Redoble said.
Securing banks, financial institutions and the national cyberspace as a whole from cybersecurity threats require the cooperation of the private and public sectors, Pagente said.
Lawmakers should understand the importance of the cybersecurity of banks and basic industry organizations in the country and legislate a proactive cyberlaw the soonest time, Redoble said.
“The impact of cyberattacks on banks and other financial institutions can have a ripple effect on other services,” he said.
“The unforseen extent can be catastrophic.”
Image credits: Oliver Samson