CHINAGLOBAL EDITION
HOME
NEWS
FOCUS
OPINION
GBA
VIDEO
Visual News
ADVANCED
Published: 11:37, September 4, 2020 | Updated: 18:17, June 5, 2023
PDF View
Building up the wall against cybercrime
By Pamela Lin

Financial institutions have become a prime target for cyberattacks worldwide as the digital shift accelerates. Experts have advised companies to go the extra mile to defend themselves by adopting contingency plans and stepping up investment in cybersecurity. Pamela Lin reports from Hong Kong.

As the global health crisis rages on, cyberattacks and threats have spiked, with rapid digital transformation and working from home being the order of the day, forcing businesses to rethink their cybersecurity strategies.

The pandemic and the economic fallout has made it more conducive for cybercriminals to act — ramping up attacks and scouring for security loopholes to make a fast buck as web users and businesses of all stripes go digital to stay afloat. Their favorite prey — financial institutions.

From June 1 to July 15, up to 30 cyberattacks were mounted against financial institutions and banks in Hong Kong, involving mainly phishing scams, fraudulent websites, suspicious mobile applications, and denial-of-service attacks related to financial establishments.

Given the nature of the data held by banks and financial institutions that can be traded on “the dark web” by cybercriminals, they’re naturally a prime target.

According to Franco Lan, general manager of VMware Hong Kong and Macao, who provided the data to China Daily, the number of cyberattacks on financial institutions has soared amid the COVID-19 onslaught, as banks and other financial institutions expanded remote access due to work-from-home schedules — a move that increased their vulnerability to attacks.

The top priority for companies, he said, is to bring operations back to normal during the outbreak although they might neglect cybersecurity issues.

As Hong Kong struggles to contain its third wave of COVID-19 infections, the special administrative region government has again tightened restrictions to curb the spread of the virus. One measure is telling most of the city’s nearly 174,000 civil servants to work from home, while other organizations and private businesses follow suit.

Companies have become more reliant on digital technologies to facilitate working from home. For financial institutions, like most other businesses, they have told most of their employees to “re-imagine” daily operations and business continuity issues, and have required every nonessential worker to work from home, said Albert Yuen, counsel, head of technology, media and telecommunications at multinational law firm Linklaters.

Some financial institutions have information-technology infrastructure, equipment, training, support and processes better suited for the paradigm shift, but others are less well-equipped for the transformation, he said.

Hong Kong hasn’t been left unscathed in cybercrime although the city is not known to be among the world’s top 10 countries and regions targeted in significant cyberattacks. San Francisco-based cybersecurity authority RiskIQ says almost US$3 million is lost to cybercrime every minute worldwide on the internet, while another report projected a total loss of US$6 trillion to cybercrime for the world economy by 2021.

Besides financial institutions, small and medium-sized enterprises are also on cybercriminals’ radar as they do not usually have substantial resources in cybersecurity, said cybersecurity specialist Felix Kan.

Besides, SMEs are appealing targets for hackers because they lack the mindset of improving cyber defenses, and thus they invest less in cybersecurity, he said.

In the context of COVID-19, the number of cyberattacks has jumped, a development directly associated with the coronavirus, Kan said. He said attackers have made the attacks more destructive by using a more relevant and tense topic to lure victims.

The Hong Kong Computer Emergency Incident Response Team Coordination Centre, managed by the Hong Kong Productivity Council, recorded a 45.6 percent increase in cybersecurity incidents in the first quarter of this year compared with the last quarter of 2019. The growth was mainly attributed to the rising number of malware hosting incidents and phishing incidents.

Network Box — a security services provider in Hong Kong — found there were more attacks against users of online financial services rather than the services themselves as it’s hard for financial institutions to be accountable for everything users may or may not do.

With the growing popularity of online banking and other online interactions between financial institutions and customers, it’s frustrating for financial institutions that they not only have to protect their customers from being attacked by social engineers, but also need to secure their own platforms, said Michael Gazeley, managing director and co-founder of Network Box Corp.

Kan said that a company’s successful digital transformation has to embrace several essential factors. Firstly, to move a set of mature physical processes to a secured virtual platform, a company needs to insure data security by designing its cybersecurity strategy. It should consider its contingency measures. He said it would be safer for enterprises to implement a multifactor authentication method that verifies a user’s identity by requiring multiple credentials.

Alex Chan, head of the HKPC, suggested that online business operators use multiple layers of security defense, including HyperText Transfer Protocol, web application firewalls and anti-malware software.

According to Gartner, a global research and advisory firm, companies’ worldwide spending on information security and risk management technology and services will continue to grow through 2020, at 2.4 percent to US$123.8 billion this year.

On the Chinese mainland, it’s expected that this year’s overall spending on cybersecurity will reach US$8.75 billion — a 24 percent increase year-on-year — leading the global cybersecurity market, the latest IDC Worldwide Security Spending Guide showed.

While companies are investing heavily on cybersecurity generally, why are some of them still being easily exposed to cyberattacks?

Large companies usually deploy multiple cybersecurity products in their systems where products do not interact with each other, and such isolation may lead to breaches, Lan said.

He said that companies apply integrated cybersecurity products instead of sticking to the traditional ones that are threat-centered.

Lan pointed out that the common cybersecurity strategy is centered on threats but does not understand enough about the applications and infrastructure — what they should protect in the first place. And that has made security too reactive and too focused on yesterday’s attacks.

To tackle the problems, VMware brought up the idea of intrinsic security strategy and is actively acquiring companies in the field of cybersecurity.

In July, the company closed its acquisition of Datrium to expand the current VMware Site Recovery as a service (DRaaS) offering with Datrium’s cost-optimized DRaaS solution.

In May and June, VMware said it intended to buy security startup Octarine and Lastline, a breach detection platform provider.

The moves are to integrate security into all layers of infrastructure, Lan said, adding that VMware aims to help customers protect any application on any cloud, on any device.

In Hong Kong, companies might have lowered their guard on cyberdefense readiness from last year due to the need to prioritize their resources in coping with the business downturn, according to the latest SSH Hong Kong Enterprise Cyber Security Readiness Index Survey conducted by the HKPC.

Lan said a number of cybersecurity vendors have settled down in Hong Kong in recent years, providing resourceful cybersecurity products. In addition, with more IT resources, companies could consider recruiting more professionals to combat cybersecurity risks.

As a matter of fact, various financial regulators in Hong Kong, such as the Hong Kong Monetary Authority, the Securities and Futures Commission and the Insurance Authority, have implemented a number of guidance and framework measures for cybersecurity in the past few years.

They are increasingly seeing the greater risks cybersecurity threats pose to regulated financial institutions, and there are a number of cybersecurity-related frameworks and guidance that financial institutions need to follow to help them mitigate cyberthreats, Yuen said.

Training, education and planning ahead, building up cybersecurity protection within their IT projects, as well as infrastructure, are critical to staying on top of the ever-growing sophisticated cyberthreats, he said.

Contact the writer at pamelalin@chinadailyhk.com


TOP
VISUAL NEWS
ALSO READ
More
Scaremongering over NSL defies both facts and common sense
Western media coverage pushes Sinophobic story
Yeung: HK student associations should abide by security law
China says so-called 'Uygur Tribunal' a lie maker
China mulls stronger support for small businesses
Shell loses climate case that may set precedent for big oil
Switzerland scraps draft EU treaty talks
Taliban warn nearby nations against hosting US military
NEWS
Hong Kong
Nation
Asia
World
Business
Sports
FOCUS
Life & Art
In-depth China
Quirky
Photo
Graphics
Data
Culture HK
Global Weekly
Eye on Asia
OPINION
Editorials
Columns
Grenville Cross
Tu Haiming
Richard Cullen
Lau Siu-kai
Tony Kwok
Ho Lok-sang
Quentin Parker
Henry Ho
Xiao Ping
GBA
GBA Guide
GBA Life
GBA in Figures
GBA Pulse
VIDEO
Girl City
Drone and Phone
Asia Featured
China Daily DOCS
Tech Asia
Hong Kong Enquirer
Visual News
Readable News
The Gold
Beats of Taiwan
90 Sec Doc
CDHK In-Depth
Youth from Hong Kong and Macao
Peak Talk
ePaper
Hong Kong Edition
Global Weekly
More
Roundtable
Campus News Awards
Newsletter
Lifestyle Premium
Follow Us
CHINAGLOBAL EDITION
Copyright 1995 - 2024. All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily. Without written authorization from China Daily, such content shall not be republished or used in any form.