1

Cyber SecurityMonette Tiongson

Head, cyber Security Business Management

2

Agenda

I. Who We Are

II. Messaging & Problems Addressed

III. Cyber Security Portfolio

IV. Next Steps

3

ABOUT US

ALLePLDT, Inc. is an industry-leading enabler ofdigital business solutions in the Philippines.Since its inception at the turn of themillennium, ePLDT has set the pace in thedevelopment of digital technologies forenterprises across the country and the AsiaPacific region. It delivers best-in-classsolutions that utilize purpose-built cloudand data center facilities. The company wasalso the first to bring Analytics services andinfrastructure to the Philippines as well asdifferentiated professional services beyondCloud, Security, Digital Engagement andManaged IT Services.

4

Ensuring Business Resilience In Experience Age

5

Threat Landscape

Source: SANS 2016 Threat Landscape Survey

6

Notable 2016 Global Leaks of Data

IBM X-Force Threat Intelligence Index 2017

7

Industries Most Frequently Breached in 2016

IBM X-Force Threat Intelligence Index 2017

8

Recent Cyber Breaches

9

Cyber Breach in the Academe

10

How Threats Get In

Source: Exploits at the Endpoint:SANS 2016 Threat Landscape Survey

11

DATA

51% of employees believe it is

acceptable to take corporate data

because their company does not

strictly enforce policies

26% is the chance of a breach

happening over 24 months

48% of breaches are malicious

attacks

$158 is the average cost per record

breached

REVENUE & REPUTATIONCost Breakdown of Attacks

DATA PRIVACY LAW 2012(RA 10173)

SEC. 26. Accessing Personal Information and Sensitive Personal

Information Due to NegligenceDamaged

Reputation29%

Lost Productivity21%

Lost Revenue

19%

Forensics12%

Technical Support 10%

Regulatory Compliance 5%

Real Life Business Problem: Enterprise Risk

Source: Gregory Strauss & Jon Williamson, “Five best practices to improve building

management systems cybersecurity.” 2015

Source: Global Symantec Study, Ponemon Cost of Data Breach Study 2016

12

• Reputational damage

• Loss of competitive advantage

• Productivity loss

• Financial loss

Business Impact

• Competitive advantage

• Financial Gain

• Revenge

• Strategic disruption

MotivesThreat Actors

• Hacktivists

• Nation Sponsored

• Competitors

• Insider Threats

• Organized Crime

Risk Factors

13

Threat Actor Sophistication

Source: ISACA CACS

14

COMPLEXITY

Evolving threats means constantly evolving to keep up in terms of people, process & technology

Large networks, BYOD, & siloed IT deployments make it difficult to implement cyber security across the organization

EXPERTISE

Applying best security practices & upgrades to ensure global-standard compliance

Getting the right security people given the global cyber security expertise shortage

Challenges in Implementing Cyber Security

15

People are both an asset and a liability

in security

Technology as an enabler for cyber

security and business resilience

Resiliency is a process, mindset, and culture, not a single solution

“Cyber Security is an integral part of business resilience….”

Building Business Resiliency

16

EXPERTISE-BASED

Cyber Security Services and Consulting through local ePLDT

expertise and processes

TECHNOLOGY AND TOOLS

Security hardware, software, and platforms through trusted

technology partners

PHYSICAL SECURITY

Experience in physical asset security by virtue of our

pioneering VITRO Data Centers

PLDT Group Cyber Security Approach

17

PLDT Group Cyber Security Approach

18

ePLDT

Cyber Security

PortfolioEnd-to end solutions to help our customers translate their cyber security goals into real business outcome, resulting to business resiliency amidst the onslaught of continuous cyber threats.

19

PLDT Group Cyber Security Portfolio

Managed Security Platforms

Network Web Endpoint

Managed security appliance• Installation

• Configuration

• 24x7 phone/e-mail/remote support

• Site visit

Risk Assessment Consulting

VAPTISMS

consultingSource

code review

• Monitoring

• Alerting

• Incident analysis and

Recommendation

• Containment and Response

• Threat intelligence

Assessment of the enterprise’s IT

assets based on its inherent risk and

criticality on operations as a basis for

establishing appropriate security

policies and techniques.

EXPERTISE FRAMEWORKS

Incident Response

Investigation Proactive IR Management

TECHNOLOGY AND TOOLS

Security Operations Monitoring

20

PREDICTIVE PREVENTIVE

DETECTIVERESPONSIVE

•Periodic VAPT

•Periodic Risk Assessment

•ISMS

•Source code review

•Hardening

•Patching

•Source code review

•Perimeter Security devices

•Endpoint security

•Isolation of compromised devices

•Prevention of lateral movements

•Incident response and handling

During Attack

Post Attack

Pre-Attack

Information Protection Lifecycle

21

Cyber security requires hiring and maintaining skilled people, managing different technologies and implementing best practices.

Skills & Best Practices

Don’t just focus on the short term - develop a contingency plan in the event of an attack.

Prepare for the Worst

Work with trusted partners to maintain business resiliency.

Capability and Credibility

As businesses become more digital, it also brings increased chances for cyber-attacks which can affect your operations, bottom line, and reputation.

Prioritize Initiatives

Cyber Security is a journey…..The Road to Follow

Forging Ahead...

22

THANK YOU