MORE senior executives in Philippine companies are now supporting cybersecurity and recognizing its business impact compared to five years ago, according to a cybersecurity expert from Google Cloud.

鈥淔ive years ago, there wasn鈥檛 a lot of support at the senior business levels, the C-suite levels, the board levels for cybersecurity, I think that鈥檚 changed now in the Philippines,鈥 Steve Ledzian, chief technology officer for Asia-Pacific聽and Japan聽at聽Mandiant, now part of Google Cloud聽Security,聽told reporters on Wednesday.

Senior executives now understand that 鈥渃yber impact means business impact鈥 and have taken an interest in resourcing it better, he said on the sidelines of the 8th Association of Southeast Asian Nations Chief Information Officer Forum.

However, he said, there is still room for these leaders to get a clearer picture of how cyber incidents happen and how they might impact business.

鈥淸Firms can] take a聽red聽team exercise where you hire a friendly hacking firm to come in, not just if they can break in, but if they can get your crown jewels and come right up to the line of what would otherwise be a business impact,鈥 Mr. Ledzian said.

He said companies such as Mandiant can deliver these聽red聽team exercises. The 鈥渞ed team鈥 uses nondestructive methods to accomplish a set of jointly agreed upon mission objectives, between the customer and red team provider, simulating an attack.

Mr. Ledzian also recommended conducting a compromise assessment.

He said that a compromise assessment helps determine if there is an undetected attacker in the network, noting that digital attacks are often invisible and can go unnoticed for many months.

鈥淲e need to provide shared information. What happens in one country may happen in another,鈥 Cybercrime Investigation and Coordinating Center Executive Director Alexander K. Ramos said at the forum.

Kitti Kosavisutte, chairman at TB-CERT, the Thailand banking sector computer emergency response team, said this information can be used to protect organizations but highlighted that security incident information is sensitive to organizations.

鈥淲hen we share information, it may impact the reputation of others. We need to create a mechanism that allows members to share information without impacting other organizations,鈥 he said. 鈥 Aubrey Rose A. Inosante

RELATED ARTICLESMORE FROM AUTHOR