A Wake-Up Call for PH IT-BPM: Strengthening Cybersecurity Before It's Too Late

The Philippine IT-BPM (Information Technology-Business Process Management) sector, one of the nation’s most critical economic pillars, is facing a mounting cybersecurity challenge that could tarnish its reputation as a global outsourcing hub. Recent reports have underscored the urgent need for firms in this sector to go beyond basic security protocols and adopt advanced, proactive defenses to fend off sophisticated attacks such as vishing a form of voice phishing that has already disrupted global businesses with Philippine connections.

The recent breach involving Qantas Airways, reportedly stemming from a vishing attack at its Manila-based contact center, exposed personal data of over six million customers. This incident serves as a stark reminder that even routine call center operations can become targets of serious cybercrime. In an industry that prides itself on trust, speed, and operational efficiency, one lapse in security can lead to widespread data exposure, reputational damage, and erosion of client confidence not to mention potential legal implications.

Analysts have been quick to point out the glaring gaps in cyber enforcement and the need for stronger legislation. The Cybercrime Prevention Act of 2012, while in place, remains limited in its implementation due to weak enforcement capacity. Calls are growing louder for the passage of the Critical Information Infrastructure Protection Act and the full execution of the National Cybersecurity Plan 2023–2028 to address these systemic issues.

But while legislation moves at the pace of politics, IT-BPM firms must take immediate action internally. This includes enforcing multi-factor authentication, limiting helpdesk privileges, conducting real-world simulations like mock vishing calls, and using centralized databases such as the One Trust Link (OTL) to flag high-risk individuals. Security today cannot rely on reactive tactics alone it demands a layered, preventive approach that evolves with the threat landscape.

This is where Managed Security Service Providers (MSSPs) like Directpath Global Technologies (DGT) come into play. As a Canada-based MSSP, DGT offers a comprehensive portfolio of services including Mobile Threat Defense (MTD), Extended Detection and Response (XDR), Vulnerability Assessment and Penetration Testing (VAPT), SOC2 compliance, WAF implementation, and vCISO advisory. More importantly, our advanced AI division empowers clients to go beyond cybersecurity enhancing resilience, operational efficiency, and informed decision-making through intelligent data analysis tailored to each organization.

The IT-BPM sector in the Philippines is on track to reach $40 billion in export revenue and nearly 2 million full-time digital jobs by 2025. But this vision can only be realized if companies double down on cybersecurity today. The threats are real, growing, and increasingly complex. It’s time to stop treating cyber risk as a technical issue and start viewing it as a strategic business priority. Source: Business World