ROTARY CLUB OF MANILA JOURNALISM AWARDS
2006 National Newspaper of the Year 2011 National Newspaper of the Year 2013 Business Newspaper of the Year 2017 Business Newspaper of the Year 2019 Business Newspaper of the Year 2021 Pro Patria Award PHILIPPINE STATISTICS AUTHORITY 2018 Data Champion
EJAP JOURNALISM AWARDS
BUSINESS NEWS SOURCE OF THE YEAR
(2017, 2018, 2019, 2020, 2021) DEPARTMENT OF SCIENCE AND TECHNOLOGY
2018 BANTOG MEDIA AWARDS
www.businessmirror.com.ph
A broader look at today’s business n
Sunday, July 28, 2024 Vol. 19 No. 285
P25.00 nationwide | 4 sections 24 pages | 7 DAYS A WEEK
CYBERSECURITY:
A CAT-AND-MOUSE GAME
ALTITUDEVS VIA DREAMSTIME.COM
A FORMER US NAVY TECHIE, HIRED BY THE PHILIPPINES’ TOP MEDIA NETWORK TO GUARD AGAINST RANSOMWARE, WANTS TO SEE HIS FELLOW PINOYS AS A WORKFORCE WHICH CAN SOLVE COMPUTER PROBLEMS IN MINUTES
G
By Pocholo Concepcion
ERRY DUMATOL wants to pay it forward. The Philippineborn techie, who first applied his knowledge of computers in the US Navy, is touching base with his fellow Lasallians to help them become adept in quantum computing—which he says “can solve problems in minutes that would normally take years to figure out with today’s desktops.” In this exclusive Q&A, Dumatol—whose company DUMATEK provides cybersecurity for the Philippines’ top media network— talks about hackers, ransomware, and understanding technology through common sense. Tell us about your work in technology and how you got into cybersecurity. My knowledge in technology started in the US Navy nearly 30 years ago, when I was involved in setting up its first Learning Resource Center (LRC) in Dam Neck, Virginia. This was part of a directive to train sailors in computers using interactive courseware, instead of “live” instructors. I was instrumental in the launch and use of the LRC. After receiving an honorable discharge from the Navy, I started my own company, DUMATEK, which provides computer services and healthcare security and compliance. To do this, one must have an in-depth knowledge of cybersecurity and the ability to apply it with the latest technology, as well as an updated knowledge of most compliance frameworks in the US. Hacking into websites, email and bank accounts, not to mention entire networking systems, has become a rampant,
GERRY DUMATOL: “Ransomware is the most critical part of cybersecurity—it’s the No. 1 threat in the world today. In my job, I use four cybersecurity parts stacked together.”
worldwide problem. Do hackers set out to form a group to engage in ransomware? Yes! Ransomware is big business on the dark web. It’s a whole industry, and many are trying to learn it because of the huge amount of money that hackers have made from it. Ransomware is a huge “business,” and due to its size, groups form to specialize in certain sections of the process—in exchange for a percentage of the ransom. Ransomware-asa-Service, or RAAS, is a tool used by
groups involved in ransomware. As a ransomware attacker, you can lease an RAAS tool in exchange for a percentage of your collected ransom. Is there an aspiration for them to get into the dark web? Yes, it’s important to know that the dark web is a section of the internet, or the World Wide Web, that normal people like you and I use to communicate messages without exposing our identity. There is nothing against the law in using the dark web. There are legit websites and services in the dark web. The dark web is used by many, even the US government uses it to move messages secretly. Basically, the dark web provides the benefit of anonymity, but also allows bad actors to use it as a haven. They use it when conducting illicit activities like trading stolen data or developing malicious attacks, or even recruiting hacker talent for malicious attacks. What do you make of the recent spate of hackings of Philippine government websites? Today’s hacks are made for the unprotected. Ransomware is a very costly attack for a victim. Normally, in a ransomware attack, hackers can scrub the data of their victims prior to demanding ransom. Through this scrubbing, they can zero in on the value of the operation, and they can ask for only 1 to 3 percent of the value of the company. So, a P100M operation should easily get them P1M to P3M in ransom. Inevitably, this experience teaches the company to fix its cybersecurity measures to prevent such attacks again. The best thing that any entity, in any country in the world, can do to prevent such attacks is protect itself with a “managed detectionand-response” (MDR) solution specifically for addressing ransomware. The reasons for multiple hacks may not necessarily have a political agenda, but for me, reasons for attempts can best be identified through MDR.
Aside from financial gain, are there other things that motivate hackers? In the case involving employees of a national media outlet, one of the suspects alleged that he hacked into almost 100 websites so his boss could write about it. It’s like having bragging rights in a perverted sense. A malicious hacker would always like to see prominent victims hanging on their wall, but monetary gain is today’s real trophy. Many hackers who have exceptional talent and tools are immediately tracked down and are offered special jobs. Hackers are programmers who know how to look up vulnerabilities of files and networks. Many of them have day jobs that are technology-related. You’ve recently formalized a deal to provide cybersecurity services to the Philippines’ top media network. Can you explain in layman’s terms how you can foil hacking? Ransomware is the most critical part of cybersecurity—it’s the No. 1 threat in the world today. In my job, I use four cybersecurity parts stacked together. The first part is to install Artificial Intelligence (AI) in all endpoints of the entity. These serve as front-line perimeter protection—the best type of endpoint protection you can buy in the market. One thing about the AI endpoint protection, it does not protect 100 percent, but it’s a very good beacon for shouting, “Something is wrong!” AI shouts to the cybersecurity experts on watch. The second part is a team of cybersecurity experts watching all devices of the entity 24 hours a day, 7 days a week. These experts address everything the AI alerts them to, but the group is also equipped with the third part, which is what we call isolation capabilities. If they see a threat at the app level, they will try to isolate it from all other apps in the device. Or they can isolate the infected device from all other devices.
The fourth and last part is a repair/replace administrator to fix the victimized system and put it back in production. Higher-end stacks come with an executable file that can bring the victimized system back to its original state, like it never got hit. If this happens every time, paying ransom will be a thing of the past, making the ransomware attack ineffective. You also regularly fly home to Manila to attend the homecoming of your high-school alma mater La Salle Green Hills, to which you have also been giving back by facilitating an elective course, Quantum Computing. What’s so special about this course? Many governments around the world are seriously investing millions of dollars in quantum computing (QC) education and research because it is where the future of computing lies. In quantum computing, advancements are quicker than ever, especially with the help of AI. AI and QC complement each other. Once quantum computing is learned, it will advance AI very quickly, and then they will feed off each other. Quantum computing uses several counterintuitive quantum phenomena to be possible, such as quantum entanglement, super positioning, or quantum wave interference. It basically spins particles of atoms to solve problems (on the sub-atomic level). In a nutshell, quantum computers solve problems in minutes that would normally take years to figure out using today’s desktops. I found it seriously important to get the Philippines on the quantum computing world map of IBM. That’s good enough for me, and for Lasallians being a possible quantum computing workforce representing the Philippines, even better. The country will need it to attain economic prosperity. Do you think technology has ironically made life more diffi-
cult or complicated? It is complicated for those who get left behind in the digital divide. Technology makes things easier, but even now, there are still things you need to do conventionally to make technology function. A perfect example is reading the manual. Many do not read instructions, preventing them from getting the full benefits of the technology. In my case, I get to do things others cannot, simply because of my understanding of technology, and being aware that it is all around me, no matter where I go, I have convenience all around me, and it never gets complicated. And yet technological innovations pop up like mushrooms. What does it all mean to you? In the cybersecurity world, it is a cat-and-mouse game between black hats and white hats (bad guy hackers and ethical hackers). Strategic M&As (mergers and acquisitions) between cybersecurity companies are happening to combine security approaches to have a solution strong enough to deal with today’s complex cyberthreats. I see another paradigm shift in which CTOs (chief technology officers) and CIOs (chief information officers) must accept that an MDR solution is the minimum needed to have true peace of mind. The threat landscape has changed, and all business and government entities need to implement MDR to be protected against today’s cyberthreats, most especially from ransomware. What’s your favorite gadget at home? My favorite technology gadget today is the system I use to access the quantum computers of IBM. If the students of La Salle Green Hills love running quantum algorithms through the IBM quantum computers, their best gadget will also be the system that allows them to connect to them. It’s all about the computing power we were trained to chase.
PESO EXCHANGE RATES n US 58.3890 n JAPAN 0.3794 n UK 75.0649 n HK 7.4797 n CHINA 8.0592 n SINGAPORE 43.4701 n AUSTRALIA 38.1689 n EU 63.3345 n KOREA 0.0423 n SAUDI ARABIA 15.5646 Source: BSP (July 26, 2024)