Are Philippine institutions being targeted or simply being probed? We don't know for certain. It could be either or both. Whichever comes first? What we can understand, with the success of such attacks, is that they have found their way. Really.   How hard or easy? The attacker knows, but probably, also, those being attacked. Inclination should be there no matter how sophisticated our security systems are. In cybersecurity, we do a very focused job. Making sure we disappoint whoever is trying to gain access to any resource without permission and authority regardless of the environment we are in. What happened is that every asset deemed to have every variant of resource built-in, operating, that makes up the entire system working whatever it is trying to employ, in that case the primary purpose. Meaning, we have to know if we are running our system in a manner that is really secure, provisioned properly during design stage and managed continuously afterwards, post-implementation. No

Any leading staff, if not the most responsible individual, in an organization decides if it follows either policy, favorable inclination of end-users to a certain product or service or a direction from management which is different from the views of the others. Then there is the preference of a vendor, if not the only the factor that's been considered.  Every proven policy is vague for every new project. Such inclination to a product/service, even a best practice, is detrimental. Such management direction is unhelpful. On top of it all during the acquisition period, no matter the size of a certain, if not just one of the forms in a bigger, project plan, the responsibility within the acquiring organization must be muzzy. Or the responsible individual lacks the role and know-how about the project's practical application and business value, first for the end-users, and the entire organization's operational requirement. This must have been elucidated before bringing in any vend