AI-fueled cyberattacks on PH organizations on the rise – cybersecurity firm

This is AI generated summarization, which may have errors. For context, always refer to the full article.

78% of Philippine organizations surveyed say they observed and faced AI-fueled threats over the past year

MANILA, Philippines – A recent survey by American cybersecurity firm Fortinet together with the International Data Corporation (IDC) shows that organizations in the Philippines are facing a rise in cyberattacks, following global trends. 

The escalation is two-fold: there are more attacks, and these attacks are deemed to be more potent. 

A total of 78% of the organizations surveyed in the Philippines said that they have faced AI-powered threats over the past year, with more than a quarter of those reporting to have observed a 3x increase in these types of attacks. 

Using artificial intelligence, attackers are able to scan the web for vulnerabilities and misconfigurations at a much quicker rate than before, thereby increasing the number of potential attacks as well. Phishing emails have become much harder to detect for people as AI-enabled deepfake impersonation and targeted social engineering attacks create much more realistic and believable phishing materials.

As previously reported, Fortinet isn’t the only firm sounding the firm on AI attacks. In 2024, Kaspersky found that there were 53 million bruteforce attacks in Southeast Asia or attacks that attempt to guess passwords to gain access to systems. The two biggest-hit Southeast Asian nations, Indonesia and Malaysia, experienced a 25% and 14% growth year-over-year in number of bruteforce attacks, and AI may have something to do with that, according to the firm.

The Fortinet-IDC survey interviewed 550 IT and security leads from companies with at least 250 employees in Asia-Pacific with 50 leaders from the Philippines. The respondents listed down the most common attacks, which are as follows, with the percentage showing how many of those interviewed experienced such an attack:

• Ransomware (66%)
• Software supply chain attacks (62%)
• Cloud vulnerabilities (58%)
• Insider threats (56%)
• Phishing (50%) 

Curiously, insider threats or employees that potentially jeopardize a company’s cybersecurity protection or steal data are among the top attack types, meaning that while adversarial AI technology is becoming more potent, more traditional vulnerabilities remain. 

Other traditional threats like malware and phishing have slowed down, Fortinet said. Attacks targeting the supply chain or the third-party vendors that service companies are now the fastest-growing category, followed by attacks on internet-of-things devices, cloud service vulnerabilities, insider threats, and zero-day exploits or unknown exploits being targeted for the first time by attackers. 

While the AI threat grows, cybersecurity staffing remains a problem, continuing the trend over the past several years. On average, only 7% of an organization’s workforce is dedicated to internal IT, and even a smaller portion of that (13%) is focused on cybersecurity. Majority of organizations (63%) combine cybersecurity roles with broader IT roles.

Organizations’ staffing problem goes hand-in-hand with the allocation of budget and resources, with just 15% of the overall IT budget going to cybersecurity, on average. There is some growth in the area, compared to the past year, but it’s minimal, Fortinet said. 

Such a landscape matters to the rest of the population, and not just organizations, as society increasingly makes their transactions and dealings with companies digitally. There are front-end financial losses for companies becoming the target of attack, but more than that, consumers who entrusted their data to a company may also suffer when a company slacks off on due protections. 

Just as AI is the threat, it could also be the shield. IDC’s research vice president for Asia Pacific, Simon Piff, pointed to a “growing need for AI-accelerated defence strategies” while Fortinet country head Bambi Escalante noted how they are  “helping customers shift from piecemeal defenses to AI-powered security.” – Rappler.com