WITH 67 percent of Filipinos now concerned about online misinformation and disinformation — the highest level recorded for the country, according to the Reuters Institute Digital News Report 2025 — the Philippines is facing a growing credibility crisis in the digital space. The rapid rise of AI-powered deepfakes and coordinated false narratives is no longer just a political or social issue; it is becoming a serious business and market risk as well.
In conversation with The Manila Times, Subhalakshmi Ganapathy, chief IT security evangelist at ManageEngine, shares expert insights on why disinformation is now a board-level cybersecurity and business continuity issue and how organizations can strengthen resilience amid increasingly sophisticated AI-driven threats.
The Manila Times (TMT): Hello, Subha. Please introduce yourself to our Sunday Times readers.
Subhalakshmi Ganapathy (Subha): I am a seasoned cybersecurity professional with over a decade of experience spanning a wide array of domains, including threat detection and response, risk assessment and mitigation, regulatory compliance, and the implementation of comprehensive security frameworks.
TMT: Thank you for that. Please proceed on how disinformation campaigns have evolved, particularly with AI-powered deepfakes and false narratives that pose serious business and market risks in the Philippines.
Subha: Globally, the entry point for enterprise intrusions has changed significantly. Before, attackers focused on breaking into networks directly. Today, they increasingly rely on credential-based attacks, where attackers trick users into willingly giving up access.
A major driver of this shift is AI-powered phishing, with 57 percent of organizations experiencing phishing attempts daily or weekly. Phishing emails now look almost identical to legitimate messages, making them difficult to detect. When these emails are generated by AI, they are often more convincing than manually crafted ones. As a result, users are more likely to fall for them, giving attackers valid credentials instead of forcing them to break in technically.
Due to this, proactive security by blocking every possible attack in advance is becoming harder. Organizations are moving toward reactive resilience, focusing on detecting breaches quickly as well as containing and reporting incidents within strict timelines (e.g., reporting a breach within 24 hours, providing an update on containment actions within 72 hours, and a full root-cause and remediation report within about a month).
In the context of AI-powered deepfakes and false narratives, 67 percent of Filipinos are concerned about misinformation and disinformation in online news, to which these same principles apply. Attackers exploit geopolitical events, seasonal patterns (e.g., festive periods or year-end), and ransomware-as-a-service (RaaS) to craft highly targeted campaigns. Enterprises need to be prepared not only for technical compromise but also for reputational and operational impacts driven by realistic fake content and coordinated disinformation.
TMT: What then are the incentives or payoffs for cybercriminals to undertake such corporate and market manipulation? What are the reputational and financial risks involved for Philippine enterprises?
Subha: Today, cybercrime is highly incentivized and industrialized. Attackers operate almost like businesses, focusing on profitability and return on investment. A central example is ransomware, which remains highly disruptive, causing an estimated $57 billion in damages last year. It has been one of the most successful cyberattack models for over a decade, evolving from simple data encryption on a single machine to widespread operational disruption, data theft, and leakage.
As organizations invested heavily in backups and recovery, pure encryption-based attacks became less profitable. In response, attackers evolved their model. They now steal sensitive data and credentials before encryption. They threaten both business continuity and data exposure, increasing pressure on victims to pay. Stolen credentials and personal data are also monetized separately through dark-web trading. In the Philippines, over 52 million personal credentials were exposed in data breaches in the third quarter of last year alone, representing a 49 percent increase compared with earlier in the year.
The consequences for companies and markets are significant. Operational disruption can halt critical services and business processes. Data breaches trigger regulatory fines and compliance costs, loss of customer trust, and long-term reputational damage. When a company appears in headlines for a major breach or is fined for noncompliance, this can directly affect its share price, investor confidence, and overall market perception.
Therefore, sophisticated attacks like ransomware are not only a security problem; they also act as tools for market manipulation, affecting stock performance, growth trajectories, and revenue. This is expected to drive global cybercrime losses to $10.5 trillion annually.
TMT: Are these risks given enough attention, given that, according to Gartner, 50 percent of enterprises globally are expected to implement disinformation countermeasures by 2028? Why should countermeasures be installed two years from now? Why not start now?
Subha: Organizations are at different stages of security maturity, and this often depends on their industry. Highly regulated sectors like banking, financial services, and health care are generally further along because they handle sensitive data. Additionally, they are subject to strict regulatory and compliance requirements.
Right now, the Bangko Sentral ng Pilipinas (BSP) is pushing banks to adopt server-side biometric authentication such as fingerprints or facial recognition stored and verified on secure backend systems instead of traditional one-time passwords (OTPs) for enhanced security. This move, aligned with the Anti-Financial Account Scamming Act (Afasa), aims to reduce fraud, account takeovers, and phishing attacks. In short, cybersecurity must be treated as a board-level, business-critical strategy now, not a purely technical afterthought, and waiting until 2028 is neither realistic nor safe.
TMT: What kinds of AI-powered detection and monitoring tools are available to safeguard corporate credibility? What is ManageEngine contributing in this area of expertise?
Subha: AI in cybersecurity is not a standalone product; it is increasingly embedded in existing security tools and platforms. For example, in EDR and next-generation antivirus, AI is used to detect polymorphic malware, which constantly changes its appearance and behavior to evade traditional signatures. By learning behavioral patterns, AI-driven defenses can spot anomalies, correlate subtle signals, and detect never-before-seen threats.
In terms of ManageEngine’s role, our organization is integrating AI into its threat detection and analysis solutions to identify malware traces, reduce exposure to zero-day vulnerabilities, and improve detection quality and response speed. The function of AI remains the same — better detection, faster analysis, and increased productivity for analysts. This is where ManageEngine positions its platform as a key advantage in defending against advanced threats and misinformation-driven attacks.
Looking forward, there are reasons for optimism. Enterprises are beginning to adopt AI in security operations. Over the next few years, AI will become more mature in security, organizations will close skill gaps with better tools and training, and governance around AI will solidify.
