Protecting Small to Medium Sized Businesses in the Philippines from Cyber Threat

While the Philippines continues to be a top choice for outsourcing, one of the primary concerns of international companies is the state of cybersecurity within the country. The rapid growth of the Philippines as a digital economy has led to the accumulation of valuable data and financial transactions, making it an attractive target for cybercriminals worldwide.

International firms are interested in investing and expanding their operations in the Philippines but are hesitant due to concerns about their critical data and information security.

According to the Department of Information and Communications Technology (DICT), the government agency responsible for advancing the national ICT agenda, the Philippines ranked fourth among countries with the highest number of cyberattacks, recording approximately 3,000 in the country between 2020 and 2022 alone.

However, according to Statista, the cybersecurity market in the Philippines remains modest compared to other countries despite the increased risks of online threats.

In a recent Statista survey conducted between August and September 2022 involving 6,700 business leaders assessing the cybersecurity readiness of companies in the Philippines, most respondents (37 per cent) were in the formative stage. The remaining respondents were at progressive (30 per cent), mature (27 per cent), and beginner (6 per cent) stages of cybersecurity readiness.

Catastrophic Consequences

The Philippines predominantly consists of small to medium-sized businesses (SMBs), which, in contrast to larger enterprises, often lack the equivalent level of digital security measures.

This vulnerability increases the risk of cyber-attacks on SMBs. Cybersecurity threats are particularly challenging for them because the consequences are more devastating. Unfortunately, some end up closing permanently within months of an attack. Other catastrophic effects include:

  • Financial loss
  • Impact on business operations
  • Damaged reputation

Financial loss

Dealing with cyberattacks is expensive, especially for SMBs that need more budget to cover them. They are liable for resolving any immediate damages and repairs after an attack. Worse, they need to pay ransom in case of a ransomware attack, which denies a user or organisation access to their files until they pay the ransom.
In addition, SMBs also need to pay for professionals who will help them respond to and recover from a cyberattack, such as IT security consultants, lawyers, and public relations.

Impact on business operations

An unwanted cyberattack can have a detrimental impact on business operations. The incident management process, which includes assessing damages and getting the situation under control, can divert the attention of the business owner or IT manager from other responsibilities, hindering business growth.
Furthermore, operations may halt if the attack compromises web-based applications. Attacks can also affect the morale of team members, mainly if lax security practices have contributed to the attack.

Damaged reputation

An attack can severely impact reputation. Since attacks target the company’s critical data, like customer information, consumers may hesitate to engage. Investors can view being a cyberattack victim as a sign of carelessness. Moreover, a damaged reputation may discourage qualified applicants from seeking employment with the affected business.

Security Challenges

These debilitating consequences should warn small to medium-sized businesses to take cyber security threats seriously. However, some barriers prevent them from implementing good cybersecurity practices. These are:

  • Insufficient staff
  • Not knowing where to begin
  • Budget constraints
  • Downplaying the severity of the risk

Insufficient staff

One of the critical challenges SMBs face is the need for dedicated staff with a specialised focus on IT security. Due to the multifaceted nature of their operations, they need to allocate time and resources to a wide range of competing demands, making it challenging to prioritise cybersecurity and devote the necessary resources to it.

Not knowing where to begin

Managing cybersecurity risks can be daunting for owners. Despite the growing dangers and potential consequences, some believe they do enough to protect their business. However, they are missing critical vulnerabilities and do not know where to begin.

Budget constraints

Budget constraints can prevent small to medium-sized businesses from investing in effective cybersecurity measures. It also prevents them from prioritising cybersecurity over other competing business demands, putting them at a higher risk of cyberattacks. With limited annual turnover, they may need more financial capacity to outsource the task to experts.

Downplaying the severity of the risk

Downplaying the severity of the risks and consequences of a cyber incident can lead to a lack of preparedness and a failure to implement adequate measures to mitigate the risks. Failing to fully grasp the potential impact of a cyber incident and the amount of time it may take to recover from such an event can make SMBs lax, believing that they are unlikely targets.

What can small businesses do?

Security Awareness Training can assist small to medium-sized businesses avoid cyberattacks and minimise harm if they do occur. Since the staff computers are the company’s first line of defence, one way to strengthen protection against threats is to educate the employees about the risk of cyberattacks.

Cybercriminals frequently gain entry to systems and networks by deceiving employees into providing them access. Conduct training sessions that demonstrate to employees how to recognise compromised computers, suspicious emails and websites and teach them the best practices. These efforts will help create a more secure work environment and prevent employees from falling for phishing attempts or other scams.

SMBs can also ask for help from companies that know the ins and outs of cybersecurity. DysrupIT can help with bigger-picture approaches to bolster the cyber security readiness of small to medium-sized businesses.

DysrupIT, powered by SolCyber, removes all the complexity and burden of getting the business environment cyber-resilient, giving the owners and managers time to focus on operations. SMBs can protect themselves from cyber threats through this subscription-based offer, which can start running in under 30 days.

Priced at a maximum of USD$57 per user per month, owners of small to medium-sized businesses can sleep better at night, knowing they are protected and safe from cyber threats.

SMBs may continue with their regular activities secure in the knowledge that with DysrupIT’s cybersecurity specialists at the helm, they are one step ahead of complex cyber threats.

DysrupIT and SolCyber Partner to Offer 24/7 Managed Security Service for Small and Medium Businesses

Providing round-the-clock protection to keep businesses secure.

SYDNEY, AUSTRALIA – Cloud and as-a-Service advocate, DysrupIT has announced a strategic alliance with managed security services provider, SolCyber. DysrupIT has bolstered its existing cyber security service by now offering their clients an affordable, comprehensive 24/7 managed Security-as-a-Service, powered by SolCyber.

SolCyber enables organisations to achieve cyber resilience with their innovative and modern managed security services. The company offers a comprehensive solution utilising leading technologies and services in a cost-effective model. It provides protection across the entire threat lifecycle with 24/7 SOC support. Customers can achieve a nation-state level of security at a lower cost, in less than 30 days.

“Our partnership with SolCyber is a strategic addition to our cyber security service offering,” says DysrupIT Head of Alliances and Partnerships, Marco Hermosura. “In today’s current threat landscape and cyber skills shortages, we want to offer a robust and complete security solution that can be scaled from small business through to enterprise. Our managed security, “Powered by SolCyber”, combines our significant security assets, tools, processes, and expertise, allowing organisations to quickly improve their cyber security posture through an affordable and simple monthly subscription. Being cloud driven and with our joint global support footprint, DysrupIT’s extended security services can provide protection to our clients regardless of their location and time zone.”

The security Teams in DysrupIT and SolCyber have significant combined experience in cyber threat detection and management. Clients that subscribe to the Security-as-a-Service offering have direct access to this knowledge through a dedicated client management team.

“Knowing Marco and the team well, we really appreciate their security acumen, pedigree and massive knowledge of security market. We are very excited to be working with them as our primary MSP partner for the Asia Pacific region, and we are confident that they have the focus, knowledge, and experience to assist small to mid-sized organizations build their cyber resilience and security posture to handle the most sophisticated of threats,” said Scott McCrady, CEO of SolCyber. “With the recent spate of high-profile breaches in Australia and the Region, there are hundreds of smaller organizations falling under the radar that have been breached — many that have been unable to recover quickly or at all. With SolCyber’s Foundational Coverage, now available through DysruptIT, businesses can experience a whole new approach. We’re disrupting legacy MSSP providers by delivering Fortune 500-level managed security in an incredibly affordable manner that is simple to implement and enhances speed and agility.”

DysrupIT CEO Andrew McCarroll commented, “The alliance with SolCyber fits seamlessly into our strategy of helping clients transform their business: moving them to Cloud and migrating from legacy models to as-a-Service. We already support clients across our operations, at an enterprise level with SaaS applications such as Oracle and to a granular level as with Couchbase’s database-as-a-service. Extending our relationships to provide consumption-based security gives Company Boards affordable options that can be implemented quickly and with no major CAPEX requirement.”

About DysrupIT

DysrupIT is an Australian IT Services provider working with Australian companies and governments to address complex business challenges, from digital transformation to cybersecurity.  Industry leaders from DysrupIT and SolCyber will co-manage this innovative service. For more information, go to

Ready to take your cyber security to the next level? Contact us today to learn more about how DysrupIT, powered by SolCyber’s comprehensive security solutions, can protect your business and reduce risk. Email Marco Hermosura at

About SolCyber

SolCyber, a Forgepoint Capital company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are streamlined, accessible and affordable for any organization. SolCyber is disrupting the status quo, by providing a new standard of managed security services that work to reduce cyber risk, wastage, and complexity. We believe in a secure environment for all. For more information about SolCyber, visit

Australian Cyber Security Skills Shortage. What’s the deal?

Cyber threats have become more numerous and sophisticated in Australia, which relies heavily on technology for its economy to thrive.

The Annual Cyber Threat Report released by the Australian Cyber Security Centre (ACSC), July 2021/22, highlighted over 76,000 cybercrime reports, an increase of 13% year-on-year.

Businesses and Government are concerned about this alarming rate and the potential impact on their businesses.

In the last 60 x days, a number of large enterprises in Australia have seen significant cybersecurity breaches. These massive breaches have compromised the personal information of more than 20 million customers combined, with estimates this could represent almost 40% of the country’s population.

Has it served as a wake-up call? Maybe.

But the threat of breaches has existed long before these recent incidents.

Businesses and Government must safeguard themselves against all threats, including malware, ransomware, hackers, viruses, and other online risks.

Current Landscape

Ransomware continues to be the most harmful cybercrime, focusing on the reputation of Australian companies. Criminal or hostile state actors steal personal information and use them to extort or gain an advantage. Companies and Government can lose critical data, intellectual property, and in the process, a large number of customers.

Cybercrime actors continually scan company networks looking for gaps or lapses they can use as entry points. Unless prevented, gaining entry to critical infrastructure will give these malicious actors access to valuable information, data, and essential services.
Companies can suffer massive losses. Small and medium businesses can fail from operational disruption, loss of customers, or the lack of funds to cover the impact. Regrettably, some don’t survive.

For instance, the average cost for small businesses is over $39,000. Medium businesses, $88,000 and large, more than $62,000. Larger companies often have deeper pockets, helping them to swim. It’s a different case for small and medium enterprises.

How can Australian companies address the issue?

Cyber defence must be a top priority for every Australian in light of the growing risks to the country’s digitally dependent economy. Every organisation needs a cyber-literate workforce with competent knowledge in protecting the company’s digital assets.

Cyber literacy is critical since all Australian companies use the internet to do business. Regardless of what they do, everyone in the company should acquire skills to help them secure their workplace from cyber threats.

Cybercriminals are becoming more sophisticated and have found ways to trick workers into clicking websites and links, causing companies to become vulnerable. Even the most cyber-literate employees will need professional assistance from trained cybersecurity experts.

These experts are responsible for planning and implementing security measures to defend computer networks and systems against cyberattacks. The main tasks include monitoring, detection, investigation, analysis, and response.

Several organisations in Australia are developing their cyber defence teams in response to cybersecurity concerns. Some build them in-house, while others outsource their cybersecurity needs to external service providers.

However, companies face a hindrance to building their cybersecurity teams: skills shortage.

Skills Shortage in Cybersecurity

The Australian cyber skills gap is reaching a crisis point at a time when the country is facing a rise in attacks. Without the support of expert cybersecurity professionals, businesses and the Government cannot build and maintain effective lines of defence. In many cases, they only realise a breach after the event. With the right expertise and tools, professionally designed and operated cyber security services can be an important part of a preventative strategy, repelling attacks before the damage is done.

Australia is currently facing a cybersecurity skills shortage

Australia is currently facing a cybersecurity skills shortage.

The latest 2022 Skills Priority List release from the Australian Government shows a shortage of all cybersecurity-related jobs.
The country’s education system addresses the skills shortage by launching new cybersecurity degrees and courses, an essential pillar in building security capability. But it is a medium to long-term approach. This pipeline of graduates trickle feeds into the industry. It takes years of hands-on commercial experience for these graduates to reach an acceptable knowledge level to make a real difference. Meanwhile, the attacks continue, and Businesses and Government remain vulnerable. Continued attacks can have a tangible impact on consumer confidence, especially if inflicted downtimes impact financial services or critical infrastructure, such as utilities.

The vital need for cybersecurity experts is projected to continue. By 2026, Australia is expected to require an additional 16,600 people in the field of cybersecurity. Reducing the widening gap will need to be tackled at multiple levels.

Meeting the threats and building national capability requires an open-minded approach. It will take a coordinated and concerted effort from all stakeholders. Government and industry must embrace “re-tooling” the workforce to add security skills that bring business knowledge. The education system needs to continue to nurture graduates at an entry level. Immigration of skilled security professionals will help with more pressing demands. And (as the pandemic demonstrated), remote (and sometimes offshore) based cybersecurity services will provide an immediate line of defence.

Skilled immigration and remote offshore solutions can be controversial solutions for some stakeholders.

However, these options need to be on the table and considered as part of a larger defence strategy.

What we all seem to agree on is that Australia needs cybersecurity experts now.

How can DysrupIT help?

DysrupIT can help with bigger-picture approaches to bolster Australia’s cyber security readiness. As an Australian IT Services provider, we work with Australian companies and governments to help solve their business challenges, from digital transformation to cybersecurity.

Our Cyber Security Team works 24 x 7, identifying and responding to all forms of cyber threats to which our clients and partners are exposed. Our local Team will design a security solution that fits your specific requirements and budget. At the same time, our Philippines-based Global Security Hub will continually watch over your operations, from coast-to-coast and beyond, all day, every day, identifying and responding to immediate and future threats.

Cyber threats are an everyday part of running a business. Talk to one of our local experts for a pragmatic discussion (in plain English) on how you can protect it.

We take Cyber Security seriously. Email to learn more or book a free consult today.