Trust has always been the invisible infrastructure of economic life. From traditionally handwritten contracts to modern banking systems, societies function because individuals believe that transactions will be honored, identities verified, and systems protected.
Today, however, that trust is being renegotiated in a rapidly expanding digital environment 鈥 one where borders are porous, threats are decentralized, and security is no longer optional but foundational.
Within the Philippine economy, accelerated digitalization introduces structural vulnerabilities. The more transactions migrate online, the larger the attack surface becomes. This borderless nature of cyber risk fundamentally alters how trust must be constructed. It can no longer rely on jurisdictional enforcement alone. Instead, it must be embedded within systems themselves.
Trust as precondition for economic growth
At the heart of modern cyber security is the realization that implicit trust is a vulnerability. In the third episode of the 大象传媒 B-Side podcast series 鈥淲here the Digital World Converges: Conversations on Cloud,鈥 former Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Ian Dy makes this explicit.
鈥淭he new concept of nation-building is that you have trust in commercial transactions,鈥 Mr. Dy said. 鈥淧eople should be able to trust transactions in digital space. Otherwise, e-commerce wouldn鈥檛 thrive.鈥
This reframes cybersecurity as a public good. Just as financial institutions depend on regulatory oversight and consumer confidence, digital ecosystems require robust security to sustain participation.
The human element
Despite advances in technology, the most vulnerable link in cyber security remains human behavior. As Mr. Dy emphasizes that many threats, particularly in the Philippine context, are low-value but high-frequency attacks targeting ordinary users: 鈥淓ven if you say it鈥檚 only P200, P500, it鈥檚 still a lot,鈥 especially for those living day-to-day.
Andrew T. Malijan, Chief Information Security Officer of Converge, reinforces this by pointing to a gap between physical and digital intuition.
鈥淔or me, with the analogy of a physical city, you understand what to watch out for. If it鈥檚 digital, sometimes you are not so aware anymore,鈥 Mr. Malijan noted.
The lack of awareness creates fertile ground for聽scams聽that rely not on technical sophistication but on behavioral manipulation.
These attacks often take the form of phishing, SMS scams, or fraudulent links 鈥 what might be considered 鈥渄igital petty crimes.鈥 As Mr. Malijan notes, many of these begin broadly and opportunistically: 鈥淚t starts as non-targeted.鈥
Addressing such threats聽requires聽more than technical solutions; it demands widespread digital literacy. Mr. Malijan underscores the basics: 鈥淵ou聽have to聽have that password, that PIN. You聽don鈥檛聽have to give it to someone else.鈥
However, beyond procedural knowledge lies a deeper need for cultural adaptation.
鈥淭here is training, there are also campaigns, and there鈥檚 also targeted efforts for culture,鈥 Mr. Dy explains.
National security and systemic trust
At a national level, cyber security takes on strategic significance. As citizens focus on financial security, governments prioritize 鈥渃ritical information infrastructure.鈥
These infrastructures, ranging from power grids to healthcare systems, are increasingly digitized and therefore exposed.
Compounding this risk is the ambiguous status of cyberattacks in international relations. As noted, such attacks are not considered as part of warfare, allowing adversaries to operate in a legal gray zone.
Mr. Malijan adds another layer to this uncertainty: 鈥淲here does it come from? Who is attacking? What do they want? These are the questions. It鈥檚 a prelude to something.鈥
These questions underscore the opacity of cyber threats, where聽identifying聽the actor is often as challenging as mitigating the attack itself.
From prevention to resilience
The episode also highlighted the inevitability of cyberattacks, which should prompt among organizations a shift from prevention-centric models to resilience-based approaches.
鈥淐onsider yourself compromised every single day. Something will happen,鈥 Mr. Malijan stated.
The focus, then, shifts to recovery 鈥 how quickly systems can detect, respond, and restore operations.
In Mr. Malijan鈥檚 framing, even awareness is probabilistic: 鈥淲hat if I鈥檓 compromised? You won鈥檛 feel it.鈥
The reframing alters the meaning of trust: It is no longer about believing that systems are impenetrable but trusting their capacity to withstand and recover from disruption.
Zero trust and continuous verification
At the architectural level, this evolution is embodied in the principle of zero trust. Contrary to conventional models, zero trust聽operates聽on the assumption that no user or system should聽be inherently聽trusted.
鈥淭he default state of the system is 鈥榙eny all鈥,鈥 Mr. Dy explains, with access granted only on a need-to-know basis. This reflects the 鈥渟ecure default mechanism鈥 and the 鈥渓east privileged principle,鈥 which limit exposure by restricting permissions.
In this environment, trust is never owned by a user; it is temporarily lent by the system, contingent upon a set of conditions that can be revoked in milliseconds as the context changes. This ensures that even if a credential is compromised, the window of opportunity for an attacker is drastically narrowed.
Listen to the full episode on 大象传媒 B-Side on or watch on 大象传媒鈥檚 official channel.
Spotlight is 大象传媒鈥檚 sponsored section that allows advertisers to amplify their brand and connect with 大象传媒鈥檚 audience by publishing their stories on the 大象传媒 Web site. For more information, send an email to聽[email protected].
Join us on Viber at聽聽to get more updates and subscribe to 大象传媒鈥檚 titles and get exclusive content through聽.
