Cybersecurity measures must be employed by all scales of business, including small and medium enterprises (SMEs), due to the increasing threats and attacks, according to experts.

“Even if they’re small businesses, they should also keep pace with what’s going on out there,” Pebbles L. Sy-Manalang, chief technology and operations officer at GCash, said in an interview with BusinessWorld at the cyber risk management forum of the Management Association of the Philippines (MAP) on Tuesday.

“So they know that it’s happening, and they can prepare for it and respond quickly,” she added, regarding SMEs enforcing basic security hygiene measures.

“Good security governance at every enterprise level is the key,” said Ivan John E. Uy, secretary of the Department of Information and Communications Technology (DICT).

Mr. Uy noted that businesses must adopt a risk management framework and secure critical information infrastructure to stay on top of increasing cyber threats. However, building awareness of such attacks is the first gap entrepreneurs and individuals must face, he said.

“You can have the most sophisticated system, but if your manager happens to give the password to somebody else, then all is lost.”

Mr. Uy said that the Philippines is fourth in the world with the most number of cyber attacks, and the second most attacked country by web threats worldwide last year, citing data from the DICT and Kaspersky.

Kaspersky has reported that SMEs in the Philippines experienced 658,874 web attacks in the first half of 2022 alone, with 17,786 detections of Trojan-password stealing ware attempting to infiltrate the corporate network and steal sensitive information.

“Small business owners may think their companies are too insignificant to become a target for cybercriminals. There is a certain logic in that because attackers usually look for maximum profit with minimum effort,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, in a press statement.

“This sector is part of a bigger chain and like dominoes, if a single password stealer can enter a small enterprise’s systems, consider the entire chain compromised,” he added.

Amid the limited availability of resources, Kaspersky suggested that SMEs should adopt practices aimed at improving employees’ awareness of such cyber threats. These include developing a cybersecurity manual, granting a minimum set of access rights, using a secure password manager, and installing antivirus software on business devices.

“It is free to educate and protect your employees. You don’t need sophisticated tools yet,” Ms. Sy-Manalang said. “But as you scale your business, you become more of a target.”

Mr. Uy said that the DICT has partnered with the Department of Trade and Industry (DTI) to develop the e-commerce platform on the eGov PH superapp, which will host and support SMEs while employing best practices for cybersecurity.

“They’re on their own for now, but the government is doing something for them and it should be out soon,” he said, referring to current initiatives from the DICT to support SMEs in grappling with cybersecurity issues.