With 67 percent of Filipinos expressing concern about online misinformation and disinformation—the highest level recorded in the country, as per the Reuters Institute Digital News Report 2025—the Philippines is grappling with a significant credibility crisis in the digital landscape. The emergence of AI-powered deepfakes and coordinated false narratives is transforming disinformation from a primarily political issue into a serious business risk, prompting organizations to reassess their cybersecurity strategies.
In an interview with The Manila Times, Subhalakshmi Ganapathy, chief IT security evangelist at ManageEngine, offered insights into the evolving nature of disinformation campaigns and their implications for businesses in the Philippines. Ganapathy emphasized that the methods used by cybercriminals have shifted from direct network intrusions to more sophisticated credential-based attacks, where users are manipulated into willingly providing access.
“Globally, the entry point for enterprise intrusions has changed significantly,” Ganapathy explained. “Attackers are increasingly using AI to facilitate phishing attempts, with 57 percent of organizations reporting daily or weekly phishing attacks.” She noted that these AI-generated phishing emails often closely resemble legitimate communications, making them harder to identify. As a result, users are more likely to inadvertently compromise their credentials, posing greater challenges for organizations.
The shift towards credential-based attacks necessitates a change in organizational security strategies. Companies are moving from a proactive approach—attempting to block every potential attack in advance—to a reactive model focused on rapid breach detection and incident management. This includes stringent timelines for reporting and containing incidents, which are critical in maintaining regulatory compliance and protecting brand reputation.
In light of the growing concern about misinformation, particularly with 67 percent of Filipinos alarmed by online disinformation, Ganapathy highlighted the need for businesses to prepare for both technical and reputational threats. Cybercriminals exploit geopolitical events and seasonal trends to tailor their disinformation campaigns, which can lead to severe operational and reputational consequences for enterprises.
Ganapathy pointed out that the incentives for cybercriminals to engage in market manipulation are substantial. “Cybercrime has become highly industrialized; attackers now operate almost like businesses,” she noted. For instance, ransomware attacks alone caused approximately $57 billion in damages last year. These attacks have evolved significantly, shifting from simple data encryption to tactics that involve data theft and operational disruption, thereby increasing the pressure on victims to pay ransoms.
In the Philippines, the scale of the threat is underscored by the exposure of over 52 million personal credentials in data breaches last year, marking a 49 percent increase from earlier in the year. The implications for enterprises are dire, leading to operational disruptions that can halt critical services. Additionally, data breaches can result in hefty regulatory fines, loss of customer trust, and long-term reputational damage, all of which can negatively impact share prices and investor confidence.
Despite the growing awareness of these risks, Ganapathy expressed concerns about the pace at which organizations are addressing them. “According to Gartner, 50 percent of enterprises are expected to implement disinformation countermeasures by 2028. However, waiting until then is neither realistic nor safe,” she cautioned. “Cybersecurity must be a board-level priority right now, not an afterthought.”
Ganapathy also discussed the role of AI in enhancing security measures. AI technologies are increasingly being integrated into existing security tools to improve threat detection and response capabilities. For example, in endpoint detection and response (EDR) systems, AI helps identify polymorphic malware by analyzing behavioral patterns and detecting anomalies. ManageEngine aims to leverage AI to enhance its threat detection solutions, making them more effective against advanced threats and misinformation-driven attacks.
Looking ahead, Ganapathy expressed optimism about the future of cybersecurity. As organizations begin to adopt AI in their security operations, the maturity of these systems will likely improve. “In the coming years, we can expect organizations to close skill gaps with better tools and training, and governance around AI to solidify,” she concluded. As disinformation and cyber threats continue to evolve, the need for robust countermeasures has never been more critical.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
