CEBU, Philippines — Cybersecurity concerns remain a struggle for companies in the Philippines, as cybercriminals continuously evolve their tactics and increase the frequency and sophistication of their attacks.
A survey released by a cybersecurity company, entitled “Cybersecurity Skills Gap 2024”, revealed that 94 percent of the surveyed organizations in the country experienced one or more cyber incidents in 2023, up from 92 percent in 2022.
This high percentage remains a serious concern since these cyberattacks require substantial time and resources to resolve, with 55 percent of organizations taking over a month to recover.
Additionally, 52 percent reported losses exceeding $1 million due to revenue impacts, fines, and additional costs.
While no single cause can be attributed to every breach, IT leaders identified three key factors contributing to cyber incidents--- the lack of skills and training among IT/security staff (77 percent), insufficient cybersecurity tools (64 percent), and low organizational or employee security awareness (57 percent).
According to Alan Reyes, Fortinet Philippines country manager, to address these challenges, organizations must adopt a multi-pronged approach that includes employing skilled professionals, enhancing companywide security awareness, and implementing the right security solutions to mitigate the risk of breaches.
The cybersecurity talent gap remains a significant challenge for organizations, adding strain to already overburdened security and IT teams. In fact, 77 percent of surveyed organizations reported that the shortage of skilled cybersecurity professionals increases their risk exposure.
The survey also unveiled that many organizations also face difficulty filling critical positions, as finding candidates with the right skills and experience is a persistent challenge. Roles in security operations (60 percent) and cloud security (42 percent) are especially hard to fill.
Given this challenge, organizations must adopt new strategies to fill crucial roles and retain their current security professionals. Leaders need to start looking beyond traditional talent pools and start recruiting talent from underrepresented groups like women and offering them cybersecurity training, Reyes added.
Another approach, he suggested is to form partnerships with higher education institutions and nonprofit organizations to develop new talent.
Organizations should also invest in ongoing training and upskilling for their existing security teams, enhancing employee experience, job satisfaction, and retention while keeping their skills aligned with the latest threat trends.
In addition, organizations can reconsider traditional hiring qualifications to attract a wider pool of candidates. Rather than relying on four-year degrees, they can recognize alternative qualifications, such as professional certifications. Combining this approach with apprenticeship programs or train-to-hire initiatives can further help close the talent gap and provide a pathway for developing skilled professionals.
Implement security awareness training initiatives
Cybercriminals often target individual users as an entry point to compromise an organization’s security, making security awareness necessary for all employees. According to the Fortinet report, 79 percent of organizations plan to implement cybersecurity awareness and training programs for all staff after encountering an attack.
Providing this type of training equips employees with the knowledge and best practices needed to recognize and respond to cyber threats, enabling them to become a strong first line of defense against potential breaches.
While the specifics of security awareness programs may vary depending on the industry, Fortinet suggested that companies should cover essential topics, such as phishing, ransomware, social engineering, safe social media and mobile device use, and more.
Adopt the right cybersecurity solutions
To ensure a strong security posture, organizations must deploy advanced security tools that enable security teams to protect their assets from evolving threats.
Reyes said one effective strategy is adopting an AI-powered, platform-based approach to cybersecurity, which integrates various security solutions to streamline management and enhance overall protection.
This approach also facilitates real-time threat intelligence sharing, broadens visibility across all attack surfaces, offers automated self-healing capabilities, and many more, allowing organizations to respond to incidents efficiently and proactively. With this, organizations can ensure that their security measures evolve alongside their changing needs and emerging threats.
Fortinet can support organizations in implementing this multi-pronged approach to strengthen defenses. The Fortinet Security Fabric offers automated protection, detection, and response, together with consolidated visibility across a wide array of security solutions.
Also, the Fortinet Training Institute provides the Network Security Expert (NSE) program, delivering multi-level certifications with both self-paced and instructor-led courses to train cybersecurity talent and build security awareness among employees.
As cyberattacks continue to impact businesses, organizations need to focus on a three-pronged approach—providing training to new and existing cybersecurity talent, cultivating security awareness among all employees, and utilizing advanced security solutions—to safeguard critical assets from persistent, pervasive, and sophisticated cyber threats, Reyes said.