Securing the Vaults: Cybersecurity Analysis of Top Banks in the Philippines
In order to safeguard consumer information, financial assets, and national security in the digital era, cybersecurity is crucial as the Philippine banking industry increasingly uses online and mobile platforms. Leading financial organizations are always at risk from cyberattacks, including Land Bank, Banco de Oro (BDO), Bank of the Philippine Islands (BPI), and Metropolitan Bank and Trust Company (Metrobank). The cybersecurity postures of these institutions, their advantages, shortcomings, and the overall effect on their operations are all examined in this article.
Key Takeaways and Recommendations
- Continuous Improvement: To combat complex threats, all institutions must make investments in modern security systems.
- Employee Training: Employees must receive regular cybersecurity training in order to reduce risks and avoid human error.
- Customer Awareness: Customers can lessen phishing and social engineering attempts by learning safe online banking techniques.
- Regulatory Compliance: To keep customers' trust and stay out of trouble with the law, strict adherence to BSP and international standards is essential.
Why Cybersecurity Matters for Banking Institutions
Cybercriminals target banking institutions because they conduct large financial transactions every day and store extremely sensitive client data. A single breach may result in monetary damages, harm to one's reputation, and a decline in consumer confidence. Although there are still issues, regulatory agencies such as the Bangko Sentral ng Pilipinas (BSP) have set stringent rules for financial institutions to follow in order to guarantee that they follow cybersecurity best practices.
Incidents involving banks
A significant hacking issue that affected 700 accounts and resulted in unlawful financial transfers to other banks occurred at BDO in December 2021. After BDO was sanctioned by the BSP, the bank strengthened its cybersecurity protocols and paid back impacted customers. In order to provide a safer banking environment, BDO pledged to collaborate with the BSP. (Domingo, 2022)
A double debit issue that BPI encountered in January 2023 resulted in multiple transactions on users' accounts. Within a day, the problem was fixed, and BPI promised to upgrade its systems to stop it from happening again. The BSP kept an eye on everything, making sure that mistakes were promptly fixed and services were restored. (Chipongian, 2023)
Teachers' payroll accounts were the subject of phishing attacks in late 2021, resulting in losses ranging from PHP 26,000 to PHP 121,000. LandBank blamed compromised personal devices for the intrusions and asserted that its systems were safe. The bank sought to swiftly handle impacted cases and advised caution against phishing. (Lalu, 2022)
In 2017, Metrobank discovered that a bank executive had committed internal fraud totaling up to PHP 2.5 billion. The Anti-Money Laundering Council (AMLC) examined the event, while the BSP looked into internal control violations. In addition to accepting the losses, Metrobank promised to strengthen internal security. (Camus, 2017)
Cybersecurity Posture of Philippine Banks: A Six-Month Performance Analysis
The security ratings are scored based on these 10 factors:
More info about the metrics: https://securityscorecard.com/wp-content/uploads/2024/01/EBOOK-MethodologyDeepDive-3.0_v2-1.pdf
Comparative Analysis of 7 leading Bank institution in the Philippines, as of December 2, 2024
This graph compares the cybersecurity posture of seven major Philippine banks over six months, with grades from A (strong) to F (weak):
Overall Trends:
Philippine banks' cybersecurity performance varies greatly; some have shown steady improvement, while others have fluctuated or stayed the same in lower scoring levels.
Scores are assessed based on several criteria, such as IP reputation, patching frequency, and network security.
Top Performers:
1. Bank of the Philippine Islands (BPI) (Purple): Performed well every time, keeping scores in the A-range the entire time, demonstrating robust cybersecurity safeguards.
2. China Banking Corporation (CBC) (Cyan): After correcting initial irregularities, the period ended in the A-range, demonstrating improvement and stability.
Mid-Performers:
1. Banco de Oro (BDO) (Pink): Remained in the B-range with very slight increases by November, maintaining moderate ratings throughout.
2. Metropolitan Bank and Trust Company (Metrobank) (Magenta): Showed a gradual but consistent improvement by the end of the period, fluctuating between the B and C grades.
Consistent Lower Scores:
1. Land Bank of the Philippines (LANDBANK) (Blue): Suffered from poorer endpoint security and patching cadence, which frequently caused performance to drop into the D category.
2. Philippine National Bank (PNB) (Brown): Performed in the C-range at first, but by November, it had steadily improved to the B-range.
2. Rizal Commercial Banking Corporation (RCBC) (Teal): Consistently received lower C and D scores, indicating serious weaknesses in internal controls and cybersecurity procedures.
Monthly Variations:
Several institutions, such as CBC and BPI, displayed consistently increased trends, indicating continued investments in cybersecurity enhancements. The fact that LANDBANK and RCBC had trouble recovering at all suggests that their systems had more severe flaws. Metrobank and BDO showed modest but consistent gains, with sporadic oscillations brought on by different elements such as endpoint security and patching frequency.