Cybersecurity National Security

How to Fix Philippine Cybersecurity Without Needing a Foreign Consultant Who Just Googled ‘Manila Timezone’

teodulfo.espero

June 20, 2025

Photo by Obi on Unsplash

Because we can Google it ourselves, thank you very much.

Let’s not sugarcoat it: Philippine cybersecurity is behind.

Behind in funding. Behind in skills development. Behind in taking threats seriously until they hit us square in the NBI database.

And what’s the usual response?

“Hire a foreign consultant!”
Preferably someone who charges six figures, presents a fancy PowerPoint, and whose only interaction with a Filipino system is Googling, “What time is it in Manila?”

Let’s be real: we don’t need more outsiders telling us what we already know.

We just need to do these 7 things — ourselves.

Start treating cybersecurity like national security. Because it is.

Cybersecurity isn’t an IT problem. It’s a sovereignty issue.

If someone can:

  • Wipe out databases
  • Hijack government websites
  • Or leak sensitive citizen data on Telegram
    …you don’t just have a tech issue. You have a crisis.

Let’s stop filing breaches under “tech hiccups” and start putting them in “national defense” folders where they belong.

Actually fund it — and stop pretending ₱50,000 will cover an entire agency’s firewall needs.

You can’t protect the country with:

  • Outdated antivirus software
  • Passwords taped under keyboards
  • Or that one intern named Carl who “knows computers”

Cybersecurity requires real investment.
Not just for tools — but for people. Pay our local experts. Train them. Retain them. Stop making them work with expired licenses and “good luck.”

Build local capability — not just dependency on vendors with foreign hotlines

Yes, we love shiny enterprise solutions. But if every threat response requires calling someone in another time zone, we’re not secure — we’re babysat.

Instead:

  • Build in-house SOCs (Security Operations Centers)
  • Upskill your own staff
  • Encourage local companies building security tech
  • Make “cybersecurity” an actual career path in the Philippines, not just a stepping stone to Canada

Have a national incident response plan that isn’t ‘panic and post on Facebook’

If your agency’s plan for a data breach is:

“We are investigating… please wait for further updates.”

That’s not a plan. That’s PR damage control.

Every major institution (gov or private) should have:

  • An incident response team
  • A communication strategy
  • Legal protocols
  • A recovery plan
  • AND a person who knows how DNS works

Use red teams, blue teams — and pay them well, please

Stop treating ethical hackers like criminals-in-training.

If someone can find holes in your system before the bad guys do, they’re not the enemy — they’re the MVP. Invest in:

  • Penetration testing
  • Internal exercises
  • Capture-the-flag events
  • Public bug bounty programs

You know what works better than security through obscurity?
Security through actually testing your systems regularly.

Create real public education, not just a “Change Your Password” poster

We love awareness campaigns with cartoon mascots telling us to be “cyber safe.” But where’s the follow-through?

Teach people:

  • How phishing works
  • What MFA is
  • How to spot social engineering
  • Why “123456” is not a password, it’s a wish

If even one person in the barangay office knows how to identify a malicious link, you’re doing better than half the agencies on Facebook.

Make cybersecurity part of the long-term national strategy — not just a bandaid after every breach

No more knee-jerk, reactive policies like:

“Oh no, we got hacked — should we make a task force again?”

Instead, let’s:

  • Embed cybersecurity in every major infrastructure plan
  • Mandate secure-by-design systems
  • Put actual CISOs in agencies
  • And stop handing out sensitive government contracts to the cheapest bidder with a .xyz email address

Final Thoughts (AKA: Stop Googling Manila Timezone)

We have the talent. We have the brains. We have local IT professionals who:

  • Understand the language
  • Understand the culture
  • And understand that fixing this mess requires actual commitment, not just slides and slogans.

So let’s trust Filipino experts. Let’s build internal capability. Let’s secure this country without needing another foreign consultant who still thinks we’re in the same time zone as Shanghai.

Tags: