Privileged accounts have been a key asset in each of the most significant security breaches in the last couple of years.
This is Mr Lavi Lazarovitz’s claim. Lavi is based in Israel and works as CyberArk Research Lab Team Leader. In his line of work, he’s seen some of the greatest heists in the 21st Century – credential theft. While no blood is shed in this transgression, he believes that when credit card information is stolen, and personal data is misused, hackers essentially control the keys to the kingdom.
Fittingly, his group explores new innovative defensive and offensive approaches which are then translated into cybersecurity tools and products. In his research, he studies the methods and tactics employed by hackers to penetrate and exploit organizational networks. Lavi is an expert in hacks owing to compromised privileged accounts and cloud shadow admins. He shares with us how the strongest might actually be the weakest link in a network operating system.
Tumbling the Walls of Jericho from the Inside
Privileged accounts are held by high ranking executives in an organisation, and consequently have access to more sensitive information. Take an IT manager for example. To do the job well, the IT manager would need greater levels of access to perhaps manage applications, software and server hardware. Access to client or company information is a privilege which only the IT manager and other selected appointees can access. Appointees might also include non-human privileged accounts. These are application accounts which require specific permissions.
Organisations typically have many sets of accounts and permissions associated with privileged accounts. The number of such accounts increase in larger organisations such as governments. With the adoption of new technologies and automated environments such as cloud, these sets of accounts increase in tandem. The problem is, these accounts are managed by third parties.
Subcontractors and subordinates are allowed some access, visibility or functionality within the network. Although well intentioned to lower the cost of public service delivery, third parties may compromise system integrity. Third parties do not necessarily comply with internal standards perhaps out of ignorance or compliance their own organisation’s standards which might be lower.
Furthermore, passwords which barricade sensitive information from prying eyes can be easily uncovered. Combined with the growing number of third-party credentials, hackers can easily access or compromise the organisation’s network and the information they possess. Usernames and passwords are used for infiltration, lateral movement, or data exfiltration. Even more worrying is the attacker’s ability to clean up the trail of evidence. Credential theft becomes child’s play.
“Emperor’s” New Clothes
A second move of stealth is the use of cloud shadow admins, dovetailing from poorly managed privileged accounts. Cloud shadow admins are prevalent in organisations which rely on cloud infrastructure.
Lavi provides some context, “Organisations that adopt cloud security are very well aware of privileged account security especially governments and banks, intelligence agencies…The guy who has the privilege to change the security configuration or run a hundred new instances, probably knows what he has in his hands and how important the username and passwords are. Organisations [too] are well aware of how important the accounts are. There are a whole set of accounts and permissions associated with [privileged] accounts, that organisations which [require high] security in some cases ignore or are not really aware of the [privileged] accounts. This is where shadow admins come into play.”
To explain what a cloud shadow admin is and its potency, Lavi first delineates two types of administrative accounts. Only the latter is of interest.
The first is an all-admin account can perform almost any function and most organisations are aware of how to handle it. The other administrative account operates under a more restrictive policy, where only perhaps four to five actions or angles can be made. A user may continue to launch a new instance or machine. Despite the limited access, hackers can escalate their access rights to possess an equivalent level of control comparable to an all admin account. This goes one step further from just a privileged admin account.
A one minute and thirteen second demonstration on the CyberArk microsite shows how easy it is to break into an account and alter the policy settings.
“Cloud shadow admins are accounts that attackers use to compromise the account in 4-5 steps, but on the other hand, the accounts do not look like privileged accounts.”
Attackers look for accounts which are unmonitored, typically owned by developers and engineers, rather than for full admin accounts. Reaching for the lowest hanging fruit is enough to cause damage.
The combination of permissions given to an authorised user and instance can be manipulated to gain privileged access and take over the entire system. For example, a DevOps engineer could have permission to launch a new instance. It could be as simple as to take an image and launch it on the cloud infrastructure. The engineer simultaneously assigns the machine a role while enabling the sensors to handle the database entry. These are necessary to create cloud infrastructure stability.
However in the process, an entire operating system can be easily taken over. The combination of permissions assigned to the developer and the instance provide multiple low barrier gateways to access privileges. The manoeuvres are so simple that cloud shadow admin attacks are all too common.
If so, then how does one avoid being pawned? Read the second half of this interview here.
All organisations that use alphanumeric Sender IDs to send SMS are now required to register with the Singapore SMS Sender ID Registry (SSIR) as part of the measures announced by the Infocomm Media Development Authority (IMDA) last October. This registration is intended to protect consumers from non-registered SMS that may be scams, a press statement has said.
Starting from 31 January, any non-registered SMS will be labelled as “Likely-SCAM”. This functions similarly to a spam filter or spam bin. Consumers might get non-registered SMS labelled as “Likely-SCAM” and are advised to exercise caution. If unsure, consumers are encouraged to check with family and friends. This will improve IMDA’s overall resilience against scams.
All organisations that use alphanumeric Sender IDs must register early with the SSIR. This is to give adequate time as non-registered SMS Sender IDs after 31 January will be labelled as “Likely-SCAM”. Organisations that have not registered their Sender IDs are advised to do so, the statement said.
As of January 2023, over 1,200 organisations have already registered with SSIR, using more than 2,600 SMS Sender IDs. These include financial institutions, e-commerce operators, logistics providers, and SMEs that send SMS to their customers who have registered with the SSIR.
In recent months, IMDA reached out to organisations through aggregators and associations such as the Singapore Business Federation, Singapore International Chamber of Commerce, and Association of Banks in Singapore, to encourage them to register with the SSIR. The mandatory SSIR regime is part of a broader effort to protect against scams, which also includes working with telecom operators to reduce the number of scam calls and SMS coming through the communication networks.
Since the implementation of the SSIR in March 2022, there has been a significant decrease in scams reported through SMS, with a 64% reduction from the last quarter of 2021 to the second quarter of 2022. Additionally, scam cases perpetrated via SMS dropped from 10% in 2021 to 8% in Q2 2022, down from 10% in 2021.
To effectively combat scams, a collective effort from society is needed. Despite implementing various measures, scammers may adapt their methods and tactics. IMDA will continue to collaborate with other stakeholders in the fight against scams, but individual vigilance and awareness are crucial. Consumers should remain vigilant and share scam prevention tips with friends and loved ones, the statement said.
IMDA leads Singapore’s digital transformation with infocomm media. To do this, IMDA is working to develop a dynamic digital economy and a cohesive digital society, driven by an exceptional infocomm media (ICM) ecosystem. It fosters talent, strengthens business capabilities, and enhances Singapore’s ICM infrastructure. IMDA also regulates the telecommunications and media sectors to safeguard consumer interests while fostering a pro-business environment and enhances Singapore’s data protection regime through the Personal Data Protection Commission.
Scams and unwanted commercial electronic messages and calls are an international problem with scammers continuing to prey on unsuspecting parties. Last year, IMDA and Australian Communications and Media Authority (ACMA) signed a Memorandum of Understanding to boost cooperation and fight scams and spam. The agreement covers cooperation in information sharing and assistance in investigations relating to scam and spam calls and short message services. The two sides also agreed to mutual exchanges of knowledge and expertise and collaboration on technical and commercially viable solutions in relation to scam and spam communications.
Thailand’s Minister of Digital Economy and Society (DES), Chaiwut Thanakmanusorn, disclosed that the Cabinet adopted the Royal Decree Measures for Prevention and Suppression of Technology Crime in principle. Accordingly, the act was assigned to the Office of the Council of State for consideration before further enforcement.
In essence, the proposed order prescribes steps to prevent and suppress deceit in people transferring money by telephone or other means. The law also grants authorities the authority to regulate financial transactions. It prohibits opening accounts on electronic cards or wallets to bring money or property to be used in criminal acts.
The proposed Decree requires financial institutions and business operators to disclose information about their client’s accounts and transactions via a data exchange system to suspend transactions when necessary.
“The drafting of this law is a collaboration of several agencies, including the Royal Thai Police, the NBTC Office, and the Bank of Thailand. Thai Bankers Association Anti-Money Laundering Office (AMLO), etc., believe that this regulation will undoubtedly assist in eliminating the problem of ghost sims, pony accounts, and online crime problems,” Chaiwut clarified.
Procedures for halting transactions can be done when a financial institution or business operator discovers a questionable issue or is told by a competent official. They must advise financial institutions or business owners to halt transactions. The transmitting financial institution or company operator must promptly halt future transactions. They can comply with the transaction if they inspect and find no suspicious cause.
If the victim reports a fraudulent transaction, financial institutions or business operators must immediately and temporarily cease transactions and tell financial institutions or business operators receiving transfers to do the same. For the victim to file a complaint with the investigators within 48 hours, the investigators must act on that account and electronic wallet within seven days of notification. Notification of information or evidence can be sent by phone or electronically.
Furthermore, Telecommunication Service Providers have the authority to communicate information and allow the Royal Thai Police, AMLO offices, and approved agencies to view the information exchanged. At the same time, the Office of the NBTC is in charge of developing the central database for user registration information, short messages, investigation, and prevention.
The use or disclosure of personal data to prevent, detect, and deter online crime will follow personal data protection legislation. It is required to properly tackle the social media problem of fraudulent people and eliminate some legal issues that cause the integration of work between multiple agencies to be stopped or delayed in the current situation.
The act governs the usage of an account and a SIM card. It will instruct consumers to create a personal account for an electronic card or wallet. The act of opening a without the purpose of using it will be considered an infringement. Anyone who knowingly or ought to knowingly allow another individual to use or borrow their SIM card is breaking the law since criminals could use it for fraud or illegal conduct. Breaches of this law may be imprisonment for up to three years or a fine of up to 300,000 baht (US$9163.10) or both.
It is illegal for anybody to obtain, market, or post news to purchase or sell accounts, electronic cards, electronic wallets, or phone sim cards that may result in criminal activity. Anyone who breaches this will face imprisonment for 2 to 5 years and a fine ranging from 200,000 baht (US$9163.1) to 500,000 baht (US$15271.84) or both.
When aberrant behaviour is discovered or a complaint is made to the bank and enables banks and relevant organisations to reveal and exchange information about online crimes through a standard database system. Thai authorities have the authority to suspend or postpone financial transactions for an extended length of time.
Special Wisit Wisitsorn-at, Professor, the Permanent Secretary of the Ministry of Digital Economy and Society, expressed the MDES need to present the draft to the Office of the Council of State for review and consideration before the announcement goes into effect.
DICT spokesman and Undersecretary Anna Maye Yu Lamentillo conducted the meeting with Singapore Ambassador to the Philippines Gerard Ho Wei Hong to examine future collaborative efforts and Memorandum of Understanding (MoU) implementation between the Philippines and Singapore to enhance digital partnership.
The MoU on Digital Cooperation was agreed upon by President Ferdinand R. Marcos Jr.’s state visit to Singapore last year. It was ratified by DICT Secretary Ivan John Uy and Josephine Teo, Singapore’s Minister for Communications, and Information.
“We reviewed with Ambassador Ho how to implement this MOU and which areas to focus on. Singapore has a wealth of experience in e-governance and cybersecurity, and they can share their best practices with us,” Lamentillo explained.
The MoU covers digital cooperation on digital connectivity, particularly in interoperable systems and methodologies that enable electronic records; cybersecurity, such as organising training courses and technical programmes through the ASEAN-Singapore Cybersecurity Centre of Excellence to improve and strengthen cybersecurity skills; and digital government/e-governance, including digital government strategy, digital government services, and digital government infrastructure.
It also involves exchanging knowledge, technical experience, best practices on scam calls and short messaging services, and personal data protection. It also aims to foster collaboration in emerging technologies such as artificial intelligence, 5G, cloud computing, the Internet of Things, big data, analytics, and robots.
“There will also be collaboration and knowledge exchange to boost the digital innovation ecosystem, such as connecting business owners with promising solution providers; exploring cooperation on digital capability and capacity building; and exchanging knowledge and best practices on digital infrastructure,” she added.
The Philippines has increased its digital partnership with some countries. For example, before cooperating with Singapore, the Philippines signed a memorandum of understanding (MoU) with China on electronic commerce (e-commerce).
The two countries agreed to increase trade of high-quality featured products and services; explore business interchange between MSMEs and e-commerce platforms, start-ups, and logistics service providers; and share best practices and innovative experiences in utilising e-commerce.
The agreement will facilitate the exchange of experiences, best practices, critical information, and trade and e-commerce policies. Both countries will prepare measurements to promote consumer and business protection, intellectual property, data security, and privacy rules. It also contributes to the ability of local businesses to compete in the modernising business sector. The Memorandum of Understanding is in keeping with the E-Commerce Philippine 2022 Roadmap agenda, which aims to promote cross-border partnership and market access through trade agreements and engagement programmes with key e-commerce trading partners.
While Singapore has undertaken a similar digitisation initiative with China. Singapore’s Minister of Communications and Information (MCI) and the Infocomm Media Development Authority (IMDA) announced the signing of eight (8) Memoranda of Understanding (MoU) and the unveiling of fourteen (14) new joint projects as part of the Singapore-China (Shenzhen) Smart City Initiative in November (SCI).
As they build economic recovery and resilience, Singapore and Shenzhen will actively establish a conducive business climate for firms to innovate and conduct cross-border transactions safely and smoothly. As the SCI began its third year of operation, the meeting noted that the number of new cooperative ventures doubled compared to the previous year.
Aside from that, on the 7th UK Singapore Financial Dialogue, dubbed Fintech Bridge, Singapore and the United Kingdom reaffirmed their commitment to expanding their financial ties. The FinTech Bridge will capitalise on fintech players’ active interest in payments, regulatory technologies, and wealth management. It will also provide structured participation that will aid in developing policy measures, improve evaluations of future challenges such as the development of distributed ledger technologies and data exchange, and facilitate trade and investment flow between different markets.
Additionally, both governments discussed recent innovations in the fintech sector, such as advances in crypto-assets, and agreed on significant areas for future collaboration. They examined their progress in tightening consumer protection legislation and implementing stable coin regulations. Both parties agreed that there is an urgent need to assist in the safe development of a digital assets ecosystem while ensuring that digital asset risks are constantly handled.
The National Cyber and Crypto Agency (BSSN) worked with the National Narcotics Agency (BNN) to oversee illegal drug sales and investigate illegal drug dealing on the dark web. To support the endeavour, both agencies elaborate on the e-Mindik application 2.0.
Golose hopes that in the future, all investigative administration exercises, from revealing narcotics cases, and money laundering, to uncovering cases in 2022, will be able to use the BNN’s e-Mindik application, allowing for the realisation of an Information Technology-based Integrated Criminal Justice System that is incorporated with ministries or other organisations.
“BNN has completed the construction and development of the BNN e-Mindik application version 2.0, which is one of the supporting components of the electronic-based government system (SPBE) authorised in the national strategy programme for eradicating corruption to promote the incorporation of the criminal justice system, which is applied through the expansion of a Judicial System database. Integrated Crime Based on Information Technology (SPPT-TI), “Pol. Petrus Reinhard Golose, Head of BNN Komjen, said in Jakarta.
The collaboration is an attempt to carry out the duties and functions of imposing the country’s defence and security sector in digital space, one of which is by using electronic certificates to speed up distribution while preserving the security of information related to cross-institutional narcotics cases.
Meanwhile, BNN and the BSSN signed a Memorandum of Understanding (MoU) on using electronic certificates to strengthen cyber security resilience. Hinsa Siburian, the head of BSSN, imparted information about the amount of danger of security threats that have risen in tandem with the level of use of information and communication technology.
“It needs an adaptable and sophisticated cyber security effort to defend all layers of the cyber world, including the information assets stored therein, from cyber threats and attacks of both technical and behavioural character,” Hinsa explained.
Hinsa also emphasises information about the amount of risk of security hazards that has developed in tandem with the level of use of information and communication technology. As a result, authorities must engage in an adaptive and inventive cyber security effort to defend all layers of cyberspace, including the information assets housed within, from cyber threats and attacks of both technical and social character.
Hinsa stated that social cyber-attacks use manufactured information to target ideas, choices, opinions, emotions, behaviour, opinions, and motivations to modify the way of thinking, belief systems, and human behaviour. The BSSN Cyber Threat Intelligence Team conducts cybersecurity patrols/monitoring on the dark web for unlawful operations, such as data theft, drug purchasing and selling, and sexual offences.
Aside from that, the National Cyber and Crypto Agency (BSSN) undertook competency testing activities to improve the agency’s ability to deal with cyber security threats. The BSSN Human Resources Development Centre (Pusbang SDM) in Depok, West Java, offers three certification programmes (Security Operation Centre, Information Security Auditor Assistant, and Junior Penetration Test).
According to Muhammad Iqro, Director of BSSN Cybersecurity and Password Human Resource Policy, human resource professional certification is highly essential since it is a form of acknowledgement of competence in cybersecurity within the national scope. The competencies become a critical component in understanding parts of information and communication technology, which is essential to anticipating the dynamics of the global and regional strategic environments, which evolve at a rapid and competitive pace.
Ikro noted that one of BSSN’s measures towards satisfying cyber and cypher security human resources effectively and efficiently was to construct a certification infrastructure in the cyber and cypher security sector by establishing the BSSN Professional Certification Agency (LSP).
Ikro believes that the BSSN HR who participate in the qualification test activities may mould and create LSP BSSN graduates with the work capabilities required in cybersecurity and receive national and international recognition for their competencies.
Chaiwut Thanakmanusorn, Minister of Digital Economy and Society (DES), evaluated the effectiveness of the country’s efforts to prevent online crime. He directed Wetan Phuangsub, Deputy Permanent Secretary of the Ministry of Digital Economy and Society, to continue cracking down on illicit cross-border internet use, ghost SIM fixation, and the suppression of fraudulent accounts.
“The problem of cybercrime impacts many persons’ lives and possessions. The NBTC office dealt with many SIM owners who had not yet registered officially, thanks to the collaboration of the AMLO Office and the Banking Association in resolving the false account situation. Including the illicit use of the Internet throughout the nation and the Royal Thai Police, which hastens the prosecution of offenders,” Chaiwut praised.
Meanwhile, Thepsu Bowonchotdara, Deputy Secretary-General of the AMLO Office; Pol. Maj. Gen. Niwet Apawasin, Technology Crime Investigation Bureau; and Suthisak Tantayothin, Deputy Secretary-General of the NBTC Office, provided reports on progress in combating online crime.
To address ghost SIM issues, the NBTC has mandated that about 8,000 users with more than 100 SIM cards prove their identification by January 23. In addition, in the case of illicit cross-border internet trafficking, the NBTC has directed telecommunications service providers to investigate the use of cross-border internet services. The agency has also collaborated with necessary legal officials to check and locate the crime site and the perpetrator.
Meanwhile, the AMLO Office has issued a notification to resolve bogus accounts and suspected accounts used for unlawful activity. When a criterion for determining or revising the list of high-risk individuals arises, the notice alerts. The suspicious performance will be continuously monitored following that, in compliance with the Ministerial Regulation on Customer Fact-Awareness. Furthermore, the AMLO has notified financial institutions of around 1,000 identities of offenders. The financial institution will continue to take appropriate steps.
Aside from that, Thailand is increasing efforts to raise citizen awareness of cybercrime. The Electronic Transactions Development Agency (ETDA) and the Ministry of Digital Economy and Society have launched a programme to help people strengthen their online literacy abilities.
Chaiwut agrees that as Thailand enters the digital era, cyber dangers have intensified, with technology and online transactions driving practically all activity. With 59,794 online complaints, ETDA recorded an increase in online scams 348 times in 2022 (January – November 2022). In comparison, only 54 interactions were made in 2021.
The information was gathered via the online complaint-handling service of the 1212ETDA Online Help and Problem Management Centre. The contact centre observed that the most common internet scam is still online trading problems, followed by unlawful websites, call centre gangs, SMS fraud, etc.
Furthermore, the government has established an application to help safeguard individuals against internet scammers, fake news, and financial fraud, which are significant concerns in Thailand. The Ministry of Digital worked with the state-owned Krung Thai Bank to establish “Pao Tang,” an online scam and disinformation warning system.
The app will not only provide financial services, but it will also serve as another avenue for disseminating information, as confirmed by government organisations. The apps will issue warnings about internet fraud and fake news associated with financial fraud or financial crime. As a result, consumers can keep up with the current situation and manage the new complexity that has caused significant damage.
The technology will connect data from the Anti-Fake News Centre (AFNC) databases at the Ministry of Digital Affairs to service providers. Furthermore, the wallet software sends warnings regarding financial fraud and erroneous information in various formats.
Adapting, adopting and shifting methods, models and processes are unavoidable as technology develops and advances. Manufacturing robots, artificial intelligence and machine learning are just a few examples of rapidly evolving new technologies.
These technologies have the potential to save costs while enhancing output and quality. They have a vast scope and the potential to revolutionise existing enterprises and personal lives. They can make people’s lives easier while also requiring less human engagement.
Companies have realised that such cutting-edge solutions can take over specific roles and increase operational accuracy, production and efficiency. Automation and digital improvements have improved analytical, technical, and management capacities. Even today, many large technology organisations have reached a broad economic scale without a large staff base.
As a result, the workforce and skillset needs will change. Organisations require fewer people in roles managed by tech creating a greater need for employees with specific abilities.
The impact and opportunities
In an exclusive interview with Mohit Sagar, CEO and Editor-in-Chief OpenGov Asia, Michael Baron, CEO & Director of Baron Consulting Group, Singapore, believes technology changes will be positive for most people. But technological advancement may disappoint others because they may be concerned that technologies may replace their jobs.
“There will be proactive people and that people who are reactive. It is important to understand that further development is essential for people, companies and governments, to keep the nations and businesses competitive. So, I think the future will positively impact those who want to embrace the technologies. We need to focus on development rather than on keeping everyone happy,” explains Michael.
People can embrace the new technology with better utilisation. As an example, he shared how people will have gotten used to a pass-card ticketing system. Some time ago, the technology was introduced in several countries in Southeast Asia and Australia. People had to learn to adapt to the new ticketing system if they wanted to use the public transport system. While initially challenging for many, people have gotten used to it and, indeed, prefer it.
Baron urges people to view new technology as a unique opportunity. Change happens all the time in almost all spheres – sometimes rapidly and other times gradually. Businesses need to adjust their service offerings based on technological developments. It may require performing specific technology-related tasks for the companies which are no longer relevant.
“I recall a very old Chinese saying that every crisis is an opportunity. You can say that I lost my job and I lost my business proposition many times and I don’t see it as drama. I see it as an opportunity. See it as an interesting experience, a natural transformation,” Baron offers.
From a personal perspective, the analytics engine, for instance, has helped him to become a better chess player. The tools can help him to perform better in online chess games by analysing his game, understanding his mistakes and what opportunities he misses and suggesting what he should learn and how he can do better next time.
The same idea goes for organisations or governments. The private and public sectors can do better through digital transformation and utilise technological advancement to maintain their position in the marketplace. It’s not a matter of enjoying it or not embracing the norm, it’s a matter of survival. It’s a matter of remaining relevant, of addressing the challenges by delivering better.
According to Baron, what is happening now is that traditional players are losing market share very fast and possibly don’t even understand the market anymore. So, it is vital to reshape themselves, adopt new goals and embrace new technology.
As a big fan of predictive analytics, he believes that analytics can break into the past to build a better future. Citing a Greek philosopher that said history repeats itself implies this results in variations in a range of operations. So predictive analytics will play a role in calculating the future based on what happened in the past and emulate it for future problems.
In terms of challenges, Baron believes that security, privacy and controls will still be a big problem in the future. Ethical factors are also emerging around the globe today. Organisations with international presence have to comply with all the multiple countries’ respective laws and regulations regarding data ownership and management.
Sooner or later, organisations need to ensure compliance. Even though technology tends to develop faster than legal frameworks, ultimately all countries create regulatory frameworks.
Cultural spirit and political drive
Baron is convinced that both the private and public sectors can drive the technology improvements. Whether it is public or private-driven innovation, it is essential to keep forward-facing if an organisation or a nation intends to survive.
He acknowledges several governments’ efforts to stay ahead of the digital transformation journey, such as Japan, China and Singapore. These countries demonstrate how they can be leaders through cultural spirit and technology utilisation rather than only depending on their natural resources.
After World War Two, Japan’s economy was in a very difficult situation, dealing with the devastation and a lack of natural resources. They faced these challenges head-on by utilising technology and aggressively pursuing digital solutions. Eventually, they not only became a leading economy but were a global benchmark for development.
China, too, has a robust digital and technology vision for the country and has seen remarkable success. From a largely agrarian/rural society, it is now the second-largest economy worldwide. It is a great example of how political will plays a significant role in driving technology-enabled progress.
As for Singapore, the country has become a leading exponent of technology and digital innovation. Compensating for a lack of resources with heavy investment in technological development, innovation and education. They have harnessed their multicultural heritage and been wise in how they use their existing resources. Infrastructure, policies and pathways have made the nation a preferred destination for investment and international tech workers.
LKYGBPC entrepreneurial pathway
Technology development has a massive impact on future employment, hence the entrepreneurial path is one of the solutions to answering the challenge. As a member of the International Judging Panel (IJP) for the Lee Kuan Yew Global Business Plan Competition (LKYGBPC), Baron encourages people not just to embrace the ideas of others but to work with their ideas. He believes that everybody has something to bring to the table.
Teaching about technologies and related subjects, helping people acquire the necessary skills and traits, and providing the right environment is essential to foster entrepreneurship. But a little more is needed to create a culture of entrepreneurship.
He considers the international competition a fantastic way to bring a lot of global talent together to actualize their dream, to be inspired, express their concerns,and to find solutions. The competition creates the right environment to put ideas together and tailor them to suit specific marketplaces.
The competition is a chance for people with ideas to organise themselves, present their ideas to the big wide world and have a shot at being successful. To Baron, there should be more calls for international competitions they allow ideas to travel beyond the borders to create a better future for the world.
The Philippine National Police (PNP) is one of the major agencies tasked combat cybercrime. The agency has been monitoring crimes involving technology and has noted a significant increase over the years. PNP Chief Gen. Rodolfo Azurin Jr. believes the robust implementation of the SIM Registration Act implementation would be an effective method of dealing with cybercrime and cyber criminals.
“Through this timely and relevant legislation, we are closing all windows of opportunity for criminal elements to take advantage by requesting that all mobile phone users immediately comply with the law,” Chief Gen. Azurin Jr said. “Rest assured, under my leadership, the PNP will do everything in our power and mandate to make this happen.”
Chief Gen. Azurin Jr. has directed PNP employees to comply with the Subscriber Identity Module (SIM) Registration Act as soon as possible. All 227,000 PNP officers and rank-and-file personnel are encouraged to ask their families and household members to register following Republic Act No. 11934. He also directed the PNP DICTM (Directorate for Information and Communications Technology Management) to keep track of PNP personnel’s compliance.
With many Filipinos being victimised by text scams and data breaches daily, Interior Secretary Benjamin Abalos Jr. believes that the law would allow the Philippine National Police and other law enforcement agencies to respond quickly to complaints and cases involving mobile scams. The Act makes it easier for the PNP to track down offenders and resolve misconduct involving telecommunication devices.
The Republic Act 11934, also known as the Subscriber Identity Module (SIM) Card Registration Act is predicted to significantly reduce electronic communication-aided criminal acts that are commonly committed in anonymity. The Philippine National Police and other law enforcement agencies would be able to readily trace criminals and address misconduct involving telecommunication devices under this new law, allowing them to respond rapidly to complaints and cases involving mobile scams.
The National Telecommunications Commission (NTC) reported that over 3 million SIM cards were successfully registered across all three telecommunications companies in the first two days of SIM registration implementation. For the first seven days after the rollout begins, telcos must submit a daily report to the NTC.
Subscriptions will then have 180 days to register their SIM cards before mid-2023 or from the date of purchase. The government urged users to subscribe immediately before the timeline ended. NTC Deputy Commissioner Jon Paulo Salvahan believes the Philippines will achieve 160-180 million SIM registrations within the time frame.
Furthermore, the Department of Information and Communications Technology (DICT) reported on Thursday that it had received nearly 500 SIM card registration complaints. According to DICT, the first 15 days of SIM registration are considered a test period. Some glitches or technical issues are expected during the period as public telecommunications entities (PTEs) fine-tune their respective processes. During this 15-day test period, PTEs can assess what they need to improve to make the registration process more efficient and user-friendly.
To deal with the growth of cyber threats, the Department of Information and Communications Technology (DICT) will launch short-term courses and long-term cybersecurity programmes to strengthen the country’s cybersecurity workforce. The efforts in response to the increased demand for cybersecurity experts and the USAID study show a need for cybersecurity skills felt by both the private and public sectors.
The final report, “National Cybersecurity Talent Workforce Assessment Report of the Philippines,” was completed in October and formally presented in December. The report investigates the current cybersecurity challenges, gaps, and positions. The report emphasises the country’s current need for credentialed or certified cybersecurity workforce.
Only 200 certified cybersecurity experts or those with Certified Information Systems Security Professional (CISSP) certifications are currently available in the Philippines. Furthermore, only about 30% of these accredited experts work in the country, with the remainder working abroad.