The potential fall-out from a business-targeted cyber attack is huge. Sergio 'Serge' M. Ceniza, Vice President and Chief Compliance Officer of First Metro Investment Corporation's Compliance Division will discuss the implications of cyber attacks against businesses at Cloud Expo Asia Hong Kong this May.
“My session in the Cloud Security Compliance & Regulation Theatre will focus on the very important role that cybersecurity plays in the current business environment,” says Serge. “I will discuss the indispensable role of cybersecurity in protecting business organisations from exposure to legal, financial, regulatory, business and reputational risk arising from a cyber attack.”
Lawyer, corporate official and professor of law, Serge is currently the Vice President and Chief Compliance and AML Officer of First Metro Investment Corporation (FMIC), a leading Investment bank in the Philippines. He is also FMIC's Chief Data Privacy Officer where he is in charge of the company's overall compliance with the Philippine Data Privacy Law.
“As a lawyer, I have significant exposure in field of commercial law,” says Serge. “Particularly in the areas of banking and finance, insurance, investments, securities, regulatory compliance, data security, cybercrimes law and anti-money laundering and terrorist financing.”
As an academician, Serge also teaches various law subjects, particularly in the area of commercial law. “I am currently a member of the faculty of law of three major law schools in the Philippines - namely, De La Salle University-College of Law, University of the East- College of Law and the Far Eastern University-Institute of Law. I also deliver regular pre-bar review lectures in various law schools and bar review centres in the Philippines. In 2016, I was invited to deliver a last minute pre-bar lecture in Commercial Law for the aforementioned universities and the Kokobar Pre-Bar Lecture Series sponsored by the Office of Philippine Senate President Koko Pimentel. Among the topics I discussed were the Philippine Data Privacy Act of 2012 and Cybercrime Prevention Act of 2012.”
First Metro Investment Corporation is the leader in Philippine investment banking. “The investment banking arm of the Metrobank Group, one of the nation’s largest financial conglomerates, First Metro has fostered the development of the country’s capital markets for over fifty years,” says Serge. “First Metro and its subsidiaries offer a wide range of services, from debt and equity underwriting to loan syndication, project finance, financial advisory, investment advisory, government securities and corporate debt trading, equity brokering, online trading, asset management, and research. It has established itself as a leading investment bank with key strengths in origination, structuring, and execution.”
Serge adds that as prime mover in the Philippine capital markets, First Metro continues to solidify its commanding position by successfully participating in 88% of the total publicly listed capital markets transactions in 2015, raising P399.14 billion for the state and its corporate partners. “First Metro has dominated the domestic bond market, engaging in 93% of total bond issues for the year - proof of its leadership, innovation, and service excellence. After its long and stellar history, First Metro has become the investment bank of choice in the Philippines.”
Serge's talk about the ever-present cybersecurity risks to businesses comes at a time when these threats show no signs of relenting. “As they say, for as long as people continue to navigate the cyber world, there will always be cybersecurity threats. At present, the more common cybersecurity threats are botnets, distributed denial-of-service (DDoS), hacking, malware, phishing, spam and the dreaded ransomware.”
However, different jurisdictions have passed various measures, laws, rules and regulations that tackle cyber risks , including penalising related cybercrimes related. “In the Philippines, our Congress has passed way back in 2012 two important laws that deals with protection of data and cybercrimes,” says Serge.
The first of these was the Data Privacy Act of 2012 which was designed to protect individual personal information. “This law was passed to ensure that personal information and communications systems in the government and in the private sector are secured and protected.”
The second law was the Cybercrime Prevention Act of 2012. “It is a law that defined cybercrime and provided procedures for the prevention, investigation suppression of cybercrime both in the domestic and international levels, and by providing arrangements for fast and reliable international cooperation.”
Serge adds that while there is no single and guaranteed solution against cyber attacks, there are various methods that can minimise cyber attacks and the resulting damaging effects.
“At present, there are available softwares in the market that can help minimise cyber threats, if not, mitigate the negative impact of a successful cyber attack. Some softwares can automatically check if a certain website is legitimate. There are also security softwares that can check the validity of individual web addresses (URLs) with a WHOIS search.”
Additionally, there are security softwares that provide vital protection from viruses, spyware, and hackers as well as automatic backups of the hard drive. This would mitigate the impact of a successful cyber attack.
“In the end, regardless of what security system or protocol is employed, there is no substitute to being prepared in case of an actual cyber attack,” says Serge. “In this regard, well-defined, defensive strategies and innovative recovery arrangements should be put in place. Backing up your files regularly and storing these backups somewhere else is, so far, an effective way to mitigate the effects of a cyber attack.”
There are many ways in which the risk of a potential cyber attack can be lowered. Serge says that the most basic of these is the adoption of a strong and secure password. In addition, subscribing to a reliable computer security service and the use of a dependable anti-virus software is a must.
“Establishing a secured firewall is strongly recommended. Ensuring your browsers are updated and adopting a clear policy stand in opening attachments or in visiting "new" websites will help lower the risk cybersecurity attacks.”
“For businesses, it is necessary that there be a established cybersecurity learning programme to regularly remind the employees of the need to be cybersecurity-conscious. They should be taught of the latest trends in cybersecurity breaches and the methods to prevent them.”