Professional Documents
Culture Documents
Cyber Crime Effects To Businesses in Phi-2
Cyber Crime Effects To Businesses in Phi-2
Businesses in Philippines
Adrian John V. Balarbar Paulo Lorenzo Macaraeg
Taguig City, Philippines Taguig City, Philippines
avbalarbar@student.apc.edu.ph rlmacaraeg@student.apc.edu.ph
Abstract—Recently, there are many issues happening about conduct of the Philippine government towards cybercrime
cybercrime in which causes a lot of loss of data. Usually, business contributes to further more problems. The reactive conduct of
companies and political networks experience cyberattacks and the Philippine officials is said to be a matter of concern from
based on the research [3], countries that are vulnerable in investors. [2] Furthermore, while there is a Philippine Computer
cyberattack are the ASEAN countries, especially Philippines which
Emergency Response Team (PHCERT), their services are not
receives continuous threats based on the advanced threat report of
the FireEye Inc. [3] Based on the amount of percentage of APT sufficient as a measure against the problem. A proactive
attacks in 2013, the most vulnerable are government sites and approach towards the problem is needed to ease the concerns of
business process outsourcing firms where the percentage is 19.8. [3] the investors with regards to IT. [2] In this paper, the focus would
Foreign companies and investors became ambiguous because the be about the effects of cyber terrorism/crime onto the businesses
country’s reputation decreases slowly as it goes and may lead to in the Philippines.
lower sales and mistrust [4]. One of the bank in the Philippines is
which is the Rizal Commercial Banking Corporation popularly The research aims to identify the sources of such attacks, means
known as RCBC has the right to store money of people and
and motives. Additionally, the researchers limit the scope of the
business for savings and lending money and is licensed by Bangko
Sentral ng Pilipinas (BSP), last February 2016, with the use of document towards the Philippines and the businesses present at
SWIFT, hackers had heisted dangling 81 million US Dollars from the country that incorporate IT with its process.
a Bangladesh’s bank account in the Federal Reserve Bank of New
York [5].
Any analysis derived from the research can be helpful for
Keywords: Cybercrime, Data, Threats, Attack, APT, Business, other researchers looking for information about what common
Government approaches a malicious groups or persons do perform against
businesses, what preventive or diminution maneuvers should be
I. INTRODUCTION performed.
The Philippine government encourages further development II. PROBLEM STATEMENT
of Information Technology (IT) related services within the
Cybercrime is a method of attacking that comprises of any
country, since it was regarded as the next haven of economic
illegal pursuit with use of any technology [10] such as hacking,
opportunities. It is said that the growth rate of the Information
theft, child solicitation and identity theft. [11] Cyberterrorism
Technology and Business Process Management (IT-BPM) and
can be also classified as cybercrime. Its main goal is to steal or
global in-house center (GIC) are 30 percent annually, more than
expose confidential data and to cause fear [10] to any targeted
the average rate of the global competitors. [1] Throughout time
individual, property or government. [11] To classify any actions
passed. the industries and services available in the Philippines
or happenings as a cybercrime, it is important to know the
matures and as the growth continues, there is roughly a bold
motive why the incident happened. Cybercrimes could be
estimate of 25 billion US dollars in revenue and 1.5 million
classified into three types: (1) Computer-assisted crime, when
direct hires this 2016 alone. [1] The presented figures clearly
computers are used as a medium to perpetrate a crime. (2)
show the importance of IT to Philippine economic growth.
Computer-targeted crime, whereas criminals commit crime with
computers as prime target. (3) Computer-incidental crime, when
As the IT related sector grows, various problems arise with
the use of computers in perpetrating a crime just happened to be
it. Additionally, complications caused by slow and reactionary
used and not used as main instrument for the crime.
Businesses and political networks are often struck by presents the severity of the situation. The statistical results of
cyberattacks. These attacks are classified as Advanced attacks above present the values of how much businesses with
Persistent Threats (APT). [3] APT is a kind of attack where the relation to IT must endure to perform transactions in the
perpetrators maintain constant access to the targeted system. [17] country. In addition, with loopholes or not, the fact that the
ASEAN countries are known for being vulnerable when it Philippine laws could be easily exploited to serve misdeeds of
comes to cyberattack threats where the Philippines is the most others is a clear message that the Philippine government and all
vulnerable and receives a high number of continuous threats of the affected stakeholders should work together to eliminate
based on FireEye Incorporation’s advanced threat report, a or at least mitigate the damages caused by cybercrime incidents.
United States network security firm. [3] Also, the report [8]
There are still more problems that could be incorporated to An Acceptable Use Policy (AUP) can be used to establish
the paper. However, the problems stated above evidently constraints for a user to agree on to access data, networks and
internet provided by an organization. [12] It is a manifest of what IV. CONCLUSION AND RECOMMENDATION
are conducts that are acceptable when pertaining to the use of
the organization’s resources. With the use of AUP, there is an In safeguarding business, one should have a full grasp of all
assurance for an organization that implements the policy activities happening in the whole organization. This is true, both
because users who agreed with the privilege to access the in past and future to come. However, till now the as the business
network can be tracked, especially when there is a user that becomes more modern and competitive there are always risks
violated the policy. Organizations can detect any malicious acts that businesses could be sabotaged or wrongly manipulated for
that contradict to the rules and policies provided. a lot of reasons. Large or small, all business can be affected from
the misfortune of others. All businesses should be responsible
Separation of Duties refer to the importance of making each to each of its own wellbeing and should proactively think of
process in an organization separate. There should be no one that methods to improve its own Information Security.
could conduct business transactions alone. It can be helpful for
an organization to separate the duties and accesses of employees Information security is not solely about computers, it is
to prevent problems like fraud and exposure of confidential about how you manage to safeguard your organizational against
information since the intellectual property of an organization is internal and external threats that could endanger the stability or
highly prioritized [13] and must not be given to the wrong hands. existence of the business. Threats are always looking for worse
Employees must be reminded what are their tasks and privileges opportunities to strike. In our views, there is always a clouded
depending on their position. line between cybercrime and cyberterrorism. Every cybercrime
should be considered as cyberterrorism since it places many
Due Care is the efforts of an organization to prevent or people, every stakeholder, at risk and terror. The Philippine
mitigate consequences of neglect of any possible risk present authorities could only react when an incident happened. [2]
and indicates the level of judgment, prudence, care, The case study therefore concludes that businesses should
determination while Due Diligence are about upholding proactively improve not only its information security, but also
standards and actions conducting an intensive investigation that towards its organizational security.
are acceptable with the current laws. [16] Prevention or
elimination of risks heightens the security of an organization
The security recommendations that the authors will advise
because it detects risks and problems that needs action. It also depends on the various state and situations that a business have
gives an organization sufficient time to prepare and establish
now or anticipate on future. There are some recommendations
possible actions for a certain risk that may happen. that could be enforced to any type of business: (1) Acceptable
Use Policy, this could be used to enforce security responsibility
Employee Treatment refers to the methods of how the since it could be used as a proof or evidence against the
company would avoid unwanted employee’s outrage. It refers employee if neglected and defense of the company that there is
on how a company can manage all their employees to avoid loss Due Care if an unfortunate incident happened. (2) Separation
of interest in the job and unsatisfaction of the employees. Good of Duties, it is important, and applicable to all kinds of
communication is the key to success. [14] It gives a company an organizations. It can be used to divide work and prevent an
assurance that there will be no conflicts or anomalies because abuse of power or privileges. (3) Due Care and Due Diligence,
the employees do their jobs properly due to the proper treatment it is important to uphold what is required by the law, and be
to them. Employee treatment goes a long way because it can cautious of every move for the effects or consequences of
eliminate a problem like inside jobs because there is no need for whatever action an organization may take. (4) Lastly, Personnel
an employee to access and expose confidential data because the Training, it is important to equip every employee knowledge
company is treating them properly. Briefly, it is not giving the how to deal and prevent security risks that may in turn affect the
employees motives or reasons to perpetrate a crime against the wellbeing of the whole company.
organization.