Cybersecurity is far behind the curve

A leading local travel agency's revelations on Monday that its customer database was hacked, putting its clients' personal information - such as Hong Kong ID card numbers and credit card information - at risk does not bode well for cybersecurity in Hong Kong. Such breaches continue despite repeated warnings by experts in the wake of this worsening trend.

This suggests online security and privacy protection in Hong Kong still need to be improved.

WWPKG Holdings rightly shut down its website and offices immediately after discovering the security breach. It has also reported the incident to the police and alerted its customers about the security breach. When unsuspecting clients are exposed to potential risks such as financial losses, swift action is essential.

Our cybersecurity situation does not look reassuring. Early this year, information security experts at the Hong Kong Productivity Council (HKPC) urged enterprises and the public to be more vigilant about a rise in ransomware attacks.

They reported a 23 percent rise in security incidents in Hong Kong last year, to 6,058, compared with 2015. Among all malware cases, ransomware contributed to 309 cases, a 506 percent jump from 2015. These figures suggest cybersecurity technology is inadequate at a time when online transactions such as e-shopping and e-payment are all the rage. This subsequent vulnerability makes it easy for IT-savvy fraudsters to commit crimes.

Corporations lose the most from cybercrime. The Securities and Futures Commission alone reported 20 hacking attacks against stockbrokers over the 18 months prior to April. This led to losses by investors of HK$110 million. It pays to heed the warnings by Hong Kong Applied Science and Technology Research Institute. The institute earlier said that with an average of 7 million hacking attempts daily worldwide, Hong Kong is at "serious risk". After all, the latest security breach as reported by WWPKG and the staggering figures reported by HKPC have attested to Hong Kong's vulnerability to cyberattacks.

The widespread use of financial technology, or fintech, in many aspects of consumer transactions involving banks, insurance companies, public utilities, airlines and public transport services, which require disclosure of large quantities of personal data, has to a large extent aggravated such vulnerability. Financial losses arising from cybercrime in Hong Kong rose about 51 percent to HK$1.82 billion in 2015 according to latest statistics.

In recognition of the worsening situation, more C-level executives than ever are directly in charge of cybersecurity, while all industries compete for talent over the chronic shortage of cyber experts.

Here perhaps lies the silver lining: Could we encourage more of our IT-savvy young people to use their considerable expertise to become cybersecurity guardians?

(HK Edition 11/08/2017 page8)