In A World of Hacks
No one’s safe from being hacked or scammed—this we’re reminded of from time to time. From SMS-based phishing (a.k.a. “smishing”) to social media account-hacking incidents, we’ve seen and heard stories of private individuals and huge organizations alike suffer from cyberattacks.
With digital or electronic payments becoming part of the norm, how do digital infrastructures keep up and protect themselves from these attacks? Mike San Jose, Assistant Vice President for Technology at MPT Mobility shared his insights.
Understanding the enemy
Nowadays, the two most common forms of cyberattacks are phishing and hacking.
Phishing, as defined by Merriam-Webster dictionary, is “the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.” Meanwhile, hacking is “to gain illegal access to a computer network, system, and the like.”
With digital or electronic payments requiring personal details and access to networks, cyber criminals are becoming increasingly prevalent.
“Electronic or digital toll collection systems like what Metro Pacific Tollways Corp. (MPTC) have in its expressways are integrated networks that blend hardware, software, and cloud-based services to streamline the toll collection and account management, and because of their connectivity and real-time data handling, these systems are attractive targets for cybercriminals who seek to exploit vulnerabilities to steal credentials, company and personal data, or disable the operations,” Mike explained.
As the innovations arm of MPTC, MPT Mobility houses Easytrip RFID—the exclusive electronic toll collection (ETC) partner of MPTC expressways—and is the developer of MPT DriveHub, a travel companion app whose features include RFID account management.
“In the context of our businesses, phishing attacks are often designed to trick customers and our team alike into revealing their login credentials or other sensitive information, providing them unauthorized access to critical data in our toll collection systems and account management systems,” Mike detailed. “Additionally, with our interconnected toll collection and account management systems, hacking activities are often targeted at interfering with the seamless flow of transactions on the expressways or compromising personal data of customers.”
Precautions and countermeasures
San Jose shared that keeping their digital infrastructures safe from cyberattacks is paramount, not just for the safety of their customers, but also to ensure that services are unhampered.
“The thing about cyberattacks is they’re not just about stealing money. Cyberattacks have the capacity to impede services. In our case, a break-in on our RFID system can lead to disruption in the flow of traffic along expressways, and a breach on our app can compromise personal information and even hamper access to emergency assistance,” Mike explained.
To ensure their systems remain safe and secure, Mike shared that they are implementing a robust cybersecurity system that includes strong encryption protocols, regular vulnerability assessments and penetration testing, strict access and role-based controls, and continuous information security training even for non-technology employees.
“MPT Mobility is proactively exploring a suite of advanced technologies designed to push the envelope in cyber resilience, ensuring that our digital mobility platforms remain secure against an ever-evolving threat landscape,” Mike shared. “We also deploy a predictive approach to minimize our windows of vulnerability and conduct continuous training and simulation drills to ensure both our technical and operations teams are prepared for any incident.”
A cyber-resilient future
When asked what he foresees as the biggest threats in digital mobility moving forward, Mike declared that a platform or system’s capacity to adapt to the evolution of cyberspace is critical.
“Digital mobility’s rapid evolution and increasing reliance on interconnected, data-rich platforms have expanded the attack surface for cyber adversaries, making it one of the primary challenges moving forward. As vehicles, toll collection and account management systems, and related mobility platforms become more integrated with 5G networks, sensors, and cloud services, every additional point of connectivity presents a potential vulnerability that sophisticated threat actors can exploit,” Mike said.
He also added that with cyber threats evolving at an accelerated pace, the need for continuous monitoring, proactive threat intelligence, and agile incident response mechanisms is more critical than ever.
“Ultimately, continuous improvements in cyber resilience are poised to fundamentally transform seamless, cashless tolling in the Philippines by making these systems more robust, reliable, and reputable. At MPT Mobility, we are committed to being relentless in adapting and evolving our cybersecurity measures to ensure that our customers’ data and our services provide everyone with smoother, seamless, and safer travels,” Mike expressed.
