BUSINESS NEWS | digital & technology

Secuna offers free services to help government agencies, SMEs beef up cybersecurity

By ICON Executive Asia
Published June 03, 2022

In response to the rising cybersecurity threats in the Philippines, Secuna, the first and the only crowdsourced cybersecurity testing platform in the country, is offering its community of security researchers to provide free bug bounty and vulnerability disclosure programs to help the government agencies and private organizations better their security capabilities.

“Governments and non-governmental organizations can run vulnerability disclosure programs (VDP) through the Secuna platform for free. They can also run bug bounty programs (BBP) for free, with no platform subscription, if they want to incentivize security researchers for reporting a valid bug,” said AJ Dumanhug, CEO of Secuna.

A VDP is a structured method for third parties, researchers, and ethical hackers to report vulnerabilities easily. The program provides a straightforward method to communicate findings and to show customers and investors that they take security seriously. It gives organizations a chance to develop a patch and disclose the issue once a solution is ready. This approach follows the international standard ISO/IEC 29147:2014 for vulnerability disclosure.

Ethical hackers disclose vulnerabilities for both VDP and bounty programs. The key difference is that bug bounty programs include rewards or incentives to encourage cybersecurity professionals with a wide range of skill sets and experiences to find, identify, and report potential vulnerabilities.

In BBP, no money changes hands until the vulnerability is validated and determined to be compliant with the terms specified on the policy page of the program. The payout is based on the severity of the reported vulnerability. Bug bounty programs can either be open or private.

While bug bounty and vulnerability disclosure programs are already standard security procedures in the private sector, there’s still much work to be done to strengthen the country’s defenses against the proliferation of malicious cyber-attacks and data breaches that could lead to national risks.

The website of Secuna outlines the broad set of its features and provides guides and other resources for putting these free cybersecurity tools to best use. Secuna encourages government agencies and SMEs to contact them to assess and help them implement the best cybersecurity practices.

“They only need to set up a policy on our platform which contains rules, a target list, and a list of acceptable vulnerabilities. Then they will launch their VDP or BBP so that the vetted community of researchers in our platform can start looking for vulnerabilities and report them accordingly. These are free trial services and have no limits,” said Dumanhug.

Amplifying cybersecurity awareness and readiness

Six years after the country’s cybersecurity framework was launched, the country remains at Level 1, meaning “no standardized processes are in place” in terms of awareness and communication, and cybersecurity skills and expertise. 

Moreover, the COVID-19 pandemic has aided in increasing reliance on digital channels, and it has also attracted bad actors as online scams have increased.

Last year, the Philippines ranked fourth in Kaspersky’s global ranking of countries most targeted by web threats. 

Dumanhug warned that cyberattacks are expected to become more complex in a few years.

“We have to act quickly by implementing programs that are already available to us. Cyber attackers are now using new technologies like artificial intelligence that’s why private organizations, SMEs, and the National Government should also take advantage of the technologies we have to keep up with the attackers,” he noted.

Secuna is the first and only crowdsourced cybersecurity testing platform in the Philippines that has a community of hundreds of the world’s most advanced and highly-vetted cybersecurity professionals and ethical hackers. The company offers Managed Service that helps in setting-up ISO-compliant Security Vulnerability Disclosure Program and Bug Bounty Program to receive and act on vulnerabilities discovered by cybersecurity professionals. Secuna also offers Compliance Service, a comprehensive, modern, and ISO-compliant Vulnerability Assessment and Penetration Testing (VAPT) tailored-fit for apps/websites that have never been tested for cybersecurity flaws or businesses with requirements of Third-Party Assessment reports from government agencies.

Some of Secuna’s notable clients are Dashlabs, QuadX, UBx, Kumu, Paymongo, and Palawan Express, among others. 

The company has been striving to be at the forefront of cybersecurity in the Philippines. It has been committed to helping companies, organizations, and even the government secure their digital assets since 2017.

For more information, visit https://www.secuna.io/.