Navigating Cybersecurity Challenges in The Era of Digital Transformation: Threats and Mitigation Strategies in The Philippines

Abstract

In the context of the ongoing digital transformation in the Philippines, this research seeks to navigate the cybersecurity landscape of the country. Employing a qualitative analysis approach, this study leverages a variety of data sources, including websites, news articles, official government documents, and research publications spanning from 2018 to 2023. The primary focus is on exploring the legal frameworks, regulations, mitigation strategies, and governmental programs aimed at securing the digital realm and protecting the financial assets and personal data of Filipino citizens. Furthermore, this research places particular emphasis on the identification of cyber threats and attacks occurring in the Philippines despite the presence of laws and mitigation strategies. It also addresses the challenges that impede the Philippine government's journey towards becoming fully cyberspace resilient during the digital transformation era.

Among the significant findings is the recognition of legislative frameworks such as the Access Devices Regulation Act of 1998, the E-Commerce Act of 2000, the Cybercrime Prevention Act of 2012, the Data Privacy Act of 2012, the DICT Act of 2015, and the SIM Registration Act. These frameworks are designed to safeguard personal data, financial assets, and electronic transaction security and enhance cyberspace resilience. Additionally, the research uncovers the implementation of various programs and strategies aimed at strengthening the cybersecurity landscape and as support to the enforcement of the identified legal frameworks, such as the National Cybersecurity Plan, Computer Emergency Response Team, Budapest Convention on Cybercrime, National Security Policy (2023-2028), Cybersecurity Awareness Program (Training and Seminars), USAID's Better Access and Connectivity (BEACON) Project, and the observance of Cybersecurity Awareness Month. These legislative frameworks and government programs align with the demands of digital transformation and the ever-evolving cybersecurity landscape.

The study also highlights various cyber threats, including malware, DDoS attacks, SQL Injection Attacks, Insider Threats, Phishing, Supply Chain Attacks, and IoT-Based Attacks that have led to incidents in the country. These incidents include the Medusa ransomware attack on the PhilHealth Insurance website, multiple DDoS attacks on Philippines news websites during national elections, and the increasing incidents of phishing through SMS and email. Moreover, this research also identifies the challenges that act as impediments to the cultivation of a proficient cybersecurity workforce. Ultimately, this research produced valuable information and insightful analysis that concludes the current cybersecurity landscape of the Philippines in the era of digital transformation.