Tighter cybersecurity urged after attacks on gov't
MANILA — The government should institutionalize more preventive measures to thwart data breaches after several agencies fell victim to cyberattacks, an expert said Monday.
Dominic Ligot, the founder of Data Ethics PH, said current laws such as the Data Privacy Act and the Anti-Cybercrime Law only take effect after a breach or a crime has happened.
"We need more rules and policies that are more preventive in nature, how do we set up structures and systems that look to monitor and detect breaches," he told ANC's "Headstart."
An audit of "every government portal that's accessible via the internet" should be done, he added.
On Sunday, the House of Representatives website went offline after hackers defaced parts of it, with the main page smeared with a troll face meme.
Ligot said this could be a form of "hacktivism" in which hackers expose vulnerabilities to systems to call for change.
Other agencies with confirmed breaches include the Philippine Health Insurance Corp., the Philippine Statistics Authority, the Philippine National Police, and the Department of Science and Technology.
'NOT PURELY TECHNOLOGY'
Ligot flagged the shortage of cybersecurity expertise in government agencies.
He suggested that "there should be a permanent role in every organization" that could immediately respond to cybersecurity incidents, "the same way we have fire marshals, for example."
He also underscored the importance of cybersecurity education in government personnel, saying defenses against breaches are "not just purely technology, it's also people."
"Sometimes weak passwords could be the culprit. If people are unable to secure their web servers with appropriate passwords any attacker can come in," Ligot said.
"The employees of PhilHealth and other agencies might have accidentally clicked some malware or attachment to an email and that's enough for an attacker to come in."