Cybersecurity Advocate Urges Filipinos to Guard Against Online Scams

 

Cybersecurity advocate Marlon Jade Banzuelo continues to raise awareness among Filipino netizens about the critical importance of digital security and the need to guard against online scams and hacking.

In an online interview, he shared insights from his journey as a cybersecurity consultant, offering a glimpse into the evolving landscape of cyber threats and practical ways individuals can protect themselves from fraudulent encounters.

YADU KARU: How did you start your career in cybersecurity, and what led you to specialize as a consultant?

MARLON JADE BANZUELO: I did not enter cybersecurity through a single role or certification. My background is in embedded engineering and systems thinking, which led me to understand how systems fail, how people misuse them, and how attackers exploit gaps.

Over time, I became involved in real incidents—such as account takeovers, digital fraud, data exposure, and operational failures—rather than purely theoretical work. Consulting followed naturally because many individuals and organizations do not need full-time security teams. They need practical guidance, incident response, and accountability. My role became connecting technical realities with human behavior, business constraints, and legal considerations.

YK: From your experience, what are the most common cybersecurity threats faced by individuals and small businesses in the Philippines?

MJB: In the Philippines, the most common threats are not advanced hacking techniques. They are social engineering attacks, account takeovers, phishing through email and messaging apps, weak password reuse, and compromised devices.

For small businesses, recurring issues include misconfigured social media accounts, shared admin access, unsecured Wi-Fi, and poor device maintenance. In many cases, fraud happens without malware—through deception, urgency, and misplaced trust.

YK: Why do you think cybersecurity is often overlooked by MSMEs and professionals in regional cities?

MJB: Cybersecurity is often perceived as expensive, complex, or relevant only to large corporations. In provincial settings, there is a stronger reliance on trust-based relationships and informal processes.

Many MSMEs prioritize visibility, sales, and growth, and only consider cybersecurity after an incident occurs. There is also limited access to localized cybersecurity education that explains risks in simple, practical terms.

YK: How can small businesses with limited budgets begin improving their cybersecurity without sophisticated tools?

MJB: Small businesses should start with discipline, not tools. Clear account ownership, strong and unique passwords, multi-factor authentication, regular device updates, and restricted access already reduce most risks.

Simple habits—such as not sharing admin accounts, verifying requests before acting, and backing up important data—deliver high security value at very low cost. Cybersecurity is mainly a process and behavior issue, not a technology issue.

YK: What are the most basic cybersecurity practices that every individual should follow in their daily digital life?

MJB: Every individual should use unique passwords with a password manager, enable multi-factor authentication whenever possible, keep devices and apps updated, and be cautious of urgent or emotional messages asking for immediate action.

People should understand that convenience often reduces security. Awareness, intention, and restraint are just as important as any application or software.

YK: With the rise of remote work and online transactions, how has the cybersecurity landscape changed in recent years?

MJB: The attack surface has expanded significantly. Homes have become offices, personal devices now access work systems, and online transactions happen continuously.

This blurs responsibility and weakens traditional security boundaries. Attackers now exploit speed, distraction, and platform trust rather than technical flaws. Modern cybersecurity is less about firewalls and more about identity, access control, and human decision-making.

YK: What misconceptions about cybersecurity do you frequently encounter when working with clients?

MJB: A common misconception is that “we are too small to be targeted.” In reality, smaller organizations are often easier targets.

Another misconception is that antivirus software alone is enough. Cybersecurity is not a single product—it is a combination of habits, controls, and responsibility. Many incidents assumed to be technical failures are actually process or judgment failures.

YK: How important is cybersecurity education, and what role should schools, companies, and local governments play in promoting it?

MJB: Cybersecurity education is foundational, not optional. Schools should teach digital responsibility and critical thinking, not just tool usage.

Companies should integrate security into onboarding and daily operations rather than treating it as a compliance checklist. Local governments should support practical, action-oriented programs, clear reporting channels, and guidance tailored to local communities.

YK: Can you share a real-world example (without breaching confidentiality) where proper cybersecurity measures prevented a serious incident?

MJB: In one case, a business avoided a full account takeover because administrative access was limited to verified owners and multi-factor authentication was enforced.

An attacker attempted to manipulate staff through messaging, but verification steps stopped the attack. No advanced tools were involved—only clear ownership, access discipline, and refusal to bypass procedures under pressure.

YK: Looking ahead, what emerging cyber threats should Filipinos be aware of, and how can we prepare for them?

MJB: AI-assisted scams, deep fake impersonation, and automated social engineering will continue to grow. Attackers will sound more convincing, localized, and authoritative.

Preparation requires skepticism, verification habits, stronger identity controls, and continuous education. While technology evolves, the core defense remains the same: slow down, verify, and never rely on blind trust.