Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

NEWS

URCC 81: Decades of Success happens Dec. 6 in Okada

November 27, 2022 7:22 p.m.

THE Universal Reality Combat Championship will celebrate two decades of greatness titled the “Decades of Success” in a fight night on December 6, featuring the country’s best mixed martial artists at the Okada Manila in Parañaque City. 

Three years since the last time they held their last main event, URCC founding president Alvin Aguilar announced the coming URCC 81 will definitely be a night to remember with events like the 3 Versus 3, MMA fight and the bare-knuckle bouts.

“Our first main event in three years will definitely be an unforgettable night in mixed martial arts. We have a lot of good fighters and everyone is very excited,” Aguilar said. 

The last time URCC held a main event — Retribution— was in November 2019, at the same venue. Despite the pandemic, URCC didn’t stop as it held three fight nights when the government finally allowed contact sports. 

In celebrating URCC’s main event return, Aguilar will be having Team Philippines of Sugar Ray “Mammoth” Estroso, Caloy “Bad Boy” Baduria and Boss Bullet Manliclic taking up against South Koreans Jeong Minhun, Choi Wontae and Jeon Youngjun in an exciting 3 versus 3 event.

“We have to go up against other Asian countries before we start expanding. So we meet Korea then later on China again and then we will invite people from Russia and the USA. This is the fourth time we will be holding this 3 versus 3 fight,” Aguilar said, who also expects the other events to live up to the hype.

A URCC welterweight interim championship is also set between Filipino Arvin Chan and American Will Chope as the other highlight of the main event presented by Okada Manila and sponsored by Winzir.

URCC Global Chairman Arnold Vegafria said the promotions have been evolving since 2002, becoming a household name in the local mixed martial arts industry, where it discovered great MMA fighters and promoted quality fights abroad. 

For inquiries about tickets sale, go to www.urcc.online and download app https://apps.wix.com/place-invites/join-lp/b4e05b90-55a0-40a8-8fac-17ccf4a2c074?ref=pre_banner_top which is available for iOS and Google.

Other MMA undercard bouts feature Dunlee Stewart facing John Tirona in a 170 lbs bout, followed by Gester Maglaque meeting Mariano Jones in an 185 lbs bout; Kimbert Alintozon battling Junie Kimayong (125 lbs); Rhyle Lugo clashing against Alex Aballe (145 lbs) and Eros Baluyot taking on MJ Abrillo (125 lbs). 

For the thrilling bare-knuckle competitions, Damsa Abrenica collides with Joseph “King Pinoy” Cabral, while Dondon Serrano squares off with Sherwin Niro and Denzel Dimaguila fights Mark Jalaron.  

Details of the fight and future fight cards are available to download at https://apps.wix.com/place-invites/join-lp/b4e05b90-55a0-40a8-8fac-17ccf4a2c074?ref=pre_banner_top, which is available for iOS and Google.

Continue Reading

NEWS

BingoPlus Foundation’s FutureSmart Scholarship Program 2022 funds 10 IT scholars

Nov. 21, 2022 12:51 p.m.

BingoPlus Foundation Inc., the corporate arm of leisure entertainment brand BingoPlus, has made education one of its causes to support with a PhP6 million scholarship granted to iACADEMY under its FutureSmart Scholarship 2022 Program. 

Officers of the Foundation signed an agreement with representatives of iACADEMY to sponsor ten students last November 2 at the head office of Leisure & Resorts World Corporation (LRWC) at Tektite Building in Pasig. 

With its specialization in the field of information technology, iACADEMY was seen as the perfect partner school for BP Foundation as it aligns well with the Foundation’s vision to create IT-competent professionals in the future. BingoPlus Foundation firmly believes that education and technology are important components of nation-building and has thus prioritized the FutureSmart Scholarship 2022 Program as one of its top Corporate Social Responsibility initiatives of the year. 

Through the scholarship, the Foundation aims to address some challenges faced by the education sector to provide more and better educational opportunities to the younger generation and thus leave its footprint in the building of a better society. 

LRWC President Andy Tsui said, “We wish to inspire the younger generation and make their dreams come true.” 

“We are truly honored to welcome iACADEMY as a new partner, and we’re grateful to be given the opportunity to contribute to keeping students on the path towards a brighter future,” said Jasper Vicencio, President of BingoPlus and Trustee of BingoPlus Foundation Inc.

The FutureSmart Scholarship 2022 Program will be launched in the current school year of iACADEMY. 

Continue Reading

NEWS

Game on! SM Christmas Village is back—and bigger than ever

November 17, 2022 3:50 p.m.

We’re calling it: Christmas 2022 is going to be one for the books. 

The past two years saw Filipinos dialing down on the holiday celebrations as we exercised caution against the spread of the COVID-19 virus. It’s no easy feat, too, given that our Pasko is easily the biggest event of the year. The good—no, aweSM—news? This 2022, SM is set to give you a Christmas comeback like no other with the return of the SM Christmas Village, now on its second year!

In case you didn’t know: SM Supermalls is the very first mall in the Philippines to venture into the metaverse, giving you the first mobile brand rewards app that provides customers with fun and exciting ways to score amazing deals, earn free shopping money, and win wow-worthy prizes—anytime, anywhere!

And here’s proof of just how amazing it is: The pilot run of the ChristmaSaya Village in 2021 recently won four accolades at this year’s Vega Awards, earning nods for outstanding innovation in the digital and virtual realm. Wowza!

Enter the Mall-tiverse
Here’s how it works: To join, a user simply has to register for an account online via smmetaverse.world. Once registered, you gain access to the virtual SM Christmas Village, where you can explore different zones, interact with other players, and collect virtual coins to unlock exclusive shopping vouchers and earn raffle entries. And just like at SM Supermalls nationwide, #YoureAlwaysWelcomeHere

Excited for supercharged virtual fun? Here’s a quick look at what’s in store for you this year:

  • Bigger rewards, bigger prizes 

If you loved last year’s vouchers, you’re in for even better rewards this time. SM has partnered with more of your favorite brands to give you exclusive shopping discounts and deals (a total of ₱2M worth of vouchers are up for grabs!) and is set to give away a whopping ₱1M worth of raffle prizes. Plus, one lucky winner will drive home the ultimate Christmas gift: a brand new Suzuki S-Presso!

  • An expansive game world awaits
    Your gaming experience gets a level up with improved game designs and an exciting game world featuring new areas to explore—from shopping and dining zones to entertainment zones—like you’re really at an SM Supermall! Experience augmented reality malling, e-meet friends, and play fun games to earn virtual coins. Before that, have fun customizing your own avatar down to the hair, outfit, and accessories (shopping bag, included), so you can create a character that’s uniquely you. 
  • Enjoy fresh in-game features
    Get your family members in on the Christmas fever with the multiplayer option and stay connected while you play with the new chat and video-calling features. (Looking at you, social butterflies!) Be on the lookout for pop-ups, too, featuring special brand deets and surprise deals with every visit.
  • Earn shopping money every day

The more virtual coins you collect in-app, the more “shopping money” you get, which you can use to redeem vouchers from your favorite brands. Once you’ve claimed your vouchers virtually, you can use them at participating SM Mall branches nationwide—to pay for your Christmas shopping, dining, and more! You can also use your coins to unlock raffle entries and win one of the 20 major prizes at the end of the year. 

Some tips! 

  • Visit the village every day to earn more coins faster.
  • Excited to shop? You can spend your coins as soon as you earn them, but it pays to be patient, too. By accumulating your coins first, you’ll be able to redeem bigger rewards later on!
  • Make sure to explore all the zones and keep an eye out for hidden treasures and bonuses. 

A Christmas to remember

With restrictions easing up and COVID-19 vaccination rates at an encouraging high, this year’s holiday season surely is shaping up to be one to look forward to. If you’re jonesing for some real-life Christmas fun, though, you won’t be disappointed when you take a break from the metaverse and make your way to your favorite SM Supermalls instead! From the light shows and holiday centerpieces to all sorts of Christmas attractions, all things merry and bright await you and the whole family—and it all starts now! Check out all the holiday happenings here and have a #HappyChristmasAtSM!

The #SMChristmasVillage2022 will run from October 28, 2022 to January 5, 2023. Voucher redemption will be until January 31, 2023.

To stay updated on all things SM, follow SM Supermalls on Facebook, Instagram, and Twitter. SM implements strict #SafeMallingAtSM protocols nationwide and offers convenient shopping options via the SM Malls Online app, The SM Store, and ShopSM. (You can read more here.) For updates on mall hours and entry guidelines, click here

Hop into our mall-tiverse and score ₱3M worth of vouchers and prizes!
Continue Reading