Filtered By: Opinion
Opinion
LIVING WITH CYBERATTACKS, PART 2

Strengthening cybersecurity in PH: Steps to protect gov't data, rebuild trust


Note: This is Part 2 of a three-part series on cybersecurity. Read Part 1 here.


In the wake of recent cyberattacks on government agencies in the Philippines, it has become imperative to take proactive measures to address these critical security gaps. Protecting sensitive Personally Identifiable Information (PII) and rebuilding citizens' trust in government cybersecurity require a multi-faceted approach.

Here are key steps that can help mitigate cyber threats and enhance cybersecurity:

1. Cybersecurity education and training

One of the foundational steps to address cyber threats is to invest in education and training.

This includes:

Public sector employees: Government employees should receive comprehensive cybersecurity training to recognize and respond to cyber threats effectively. This education should encompass best practices, threat awareness, and incident response protocols.

Citizens: Promote cybersecurity awareness among the general public through awareness campaigns and workshops. Educating citizens about the importance of strong passwords, secure online behavior, and recognizing phishing attempts can bolster the overall security posture.

2. Investment in cybersecurity infrastructure

To improve cyber defenses, government agencies must allocate resources for cybersecurity infrastructure:

Enhanced systems hardening: Government systems, especially those with public-facing portals exposed to the internet, should undergo rigorous hardening processes. This includes regularly updating and patching software, implementing firewalls, and conducting vulnerability assessments.

Advanced threat detection: Invest in advanced threat detection tools and technologies to identify and respond to cyber threats in real-time. Intrusion detection systems, AI-driven security analytics, and threat intelligence platforms can bolster defenses.

3. Compliance with data privacy and anti-cybercrime laws

Government institutions must enforce internal policies that ensure compliance with the Philippines' data privacy and anti-cybercrime laws:

RA 10173 (Data Privacy Act): Ensure that government agencies handle PII in compliance with RA 10173. This includes appointing data protection officers (DPOs), conducting privacy impact assessments, and establishing data breach response protocols.

RA 10175 (Anti-Cybercrime Act): Strengthen internal policies to align with the provisions of RA 10175. This includes proactive measures against cybercrime, such as preventing unauthorized access, hacking, and other cyber offenses.

4. Promote data ethics as a culture

Promoting data ethics as a cultural norm within government agencies is crucial. This involves:

Ethical data handling: Encourage ethical data handling practices, emphasizing the responsible and lawful use of PII. Government employees should be well-versed in the principles of data ethics.

Transparency and accountability: Foster a culture of transparency and accountability in data handling. Establish clear accountability structures for data breaches and ensure prompt reporting and resolution.

In conclusion

Addressing the critical security gaps exposed by recent cyberattacks requires a holistic approach that includes education, infrastructure investment, legal compliance, and the promotion of data ethics.

By taking these steps, the Philippines can strengthen its cybersecurity posture, protect sensitive data, and rebuild trust among its citizens. Cybersecurity should remain a top priority for government agencies in the digital age.

 

Dominic Ligot is a data analyst, software developer, and technologist. He is the founder of Data Ethics PH and CirroLytix. Ligot's work leverages artificial intelligence for social good.