Of cybersecurity attacks, banks and small businesses

Computer wizard. (TD)

Exec: PH banks well protected, but small businesses vulnerable to online threats

Cybersecurity threats remain real for businesses but bankers in Cebu assured that measures are in place to prevent any incidents of money laundering.

Cebu Bankers Club (CBC) President Fritz Palileo said local banks are being monitored by their head offices particularly their remittance units and treasury divisions against possible attempts of cyberheist.

“Banks have fully implemented risk management units and are being monitored by the BSP (Bangko Sentral ng Pilipinas). Any incident of crime and losses are mandated to be reported to the BSP within a prescribed period,” Palileo said.

“The AMLA (Anti-Money Laundering Authority) units of banks are also vigilant of all covered transactions,” he added.

Palileo gave the statement following an attempt by hackers to steal from Malaysia’s central bank last week which also prompted the BSP to put the Philippines’ financial system on heightened alert against laundered cash.

BSP Gov. Nestor Espenilla Jr. said though that preliminary reports showed no indication that the hackers would have laundered possible stolen funds into the Philippines unlike the incident in 2016 where $1 billion was stolen from the Bangladeshi central bank and $81 million went into a Philippine bank.

In the 2016 incident and the recent cyberheist, hackers used the SWIFT system of fund transfer among banks.

“This (recent incident) should be addressed by the SWIFT system,” Palileo said.

In an Inquirer report, Brussels-based SWIFT or Society for Worldwide Interbank Financial Telecommunication, declined to comment on the recent incident.

The CBC’s stance on the incident echoed the statement of the Bankers Association of the Philippines’ (BAP) Cybersecurity Committee Head Edwin Bautista that the new computer systems of major banks in the country are secure enough to prevent themselves from being used by hackers to transfer laundered funds.

Ransomware

While banks may have been well-protected against cybersecurity threats, smaller businesses and companies, which are also taking advantage of technology in their work processes, may be more vulnerable to online threats.

Ng Khai Development Corp. President and CEO Wilson Ng pointed out that criminal elements used to rob banks as these were where the money was.

“Now, the money is on the internet, especially for online banks or online transactions. Yes, the theft of credit card information and other hacking (methods) are on the rise,” he said.

Ng warned that there are already cases of a cyber trick called “ransomware” where hackers “kidnap” something or hold hostage the firm’s computer system by locking owners away from their system, and asking for ransom to get back access to their computer system.

This means, companies, no matter how small, could become victims.

In this ransomware, Ng said hackers would introduce a virus into somebody’s computers or servers and the program would automatically encrypt all the files in the system so these could not be used by the owners.

They would then ask owners for a ransom, and they would be given the password to unlock and have access back to their computers.

In May 2017, the ransomware Wanna Cry reportedly infected at least 230,000 computers in 150 countries including hospitals, banks, telecommunications companies, and many different businesses. In June, another ransomware called Petya also infected several companies.

“Can you imagine that each business will pay a few hundred or a few thousand dollars just for a password to unlock the files again? And if most payments are through bitcoin or cryptocurrency, it will be hard to track or trace, or even apprehend (the hackers). And incredibly (it is a) profitable (undertaking),” Ng said.

Citing data from anti-malware software company Malwarebytes, Ng said 35 percent of small and medium-size businesses in the United States have experienced ransomware attacks in 2017.

Of this number, 66 percent of them suffered a data breach.

Real threat

The realness of cyberattacks have already prompted businesses in Cebu to look into ways of protecting themselves especially with the prevalence of digital ways of doing business.

The Mandaue Chamber of Commerce and Industry (MCCI) has already conducted a forum on cybersecurity last January with ePLDT Inc. Chief Information Security Officer Angel Redoble sharing his expertise to forum participants.

“The chamber acknowledges the risk of systems hacking. We all know the greatest trend right now is to go online. The greatest leveling of the playing field and equalizer is the internet. But with this, you are also exposing your company to certain risks like hacking,” said MCCI President Stanley Go.

He said they learned during their forum that there are already real cases of cyberattacks in the Philippines similar to the ransomware incident cited by Ng.

This is why Go said companies should look beyond just hiring IT (information technology) personnel to take care of internet, hardware, and software needs.

“With the current trend, you also need to secure your data and information. You also have to have a cybersecurity officer,” he said, adding that this expert would be able to technically address any cyberattack attempts.

At the same time, Go said businesses could also employ third-party cybersecurity providers like that of ePLDT, which will assess security risks and establish appropriate security policies, track sources of attacks, improve defense in case of future attacks, respond to cyber incidents, ensure seamless operations on the website, optimize threat security, and protect data transfers.

Read more...