Jason Pun, assistant government CIO (Cyber Security & Digital Identity) talks through cyber security in HK.
The cyber security landscape in Hong Kong, according to the figures of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), has about 6,300 incident reports in the first three quarters of 2020.
Although this represents a decrease of 13 per cent as compared to the same period last year, hackers took advantage of the public sentiments during the epidemic to launch large numbers of phishing attacks with subjects related to COVID-19.
This has made phishing attacks the most imminent cyber risk in our city. The Hong Kong Police Force has also indicated that the increase in deception cases remains a matter of concern.
The increase in the number, scale and coverage of online transactions and activities has given hackers more opportunities to deceive money, personal data, and valuable business information through means such as phishing and ransomware.
The unprecedented epidemic has reshaped the ways we work. As many organisations have adopted work-from-home, it becomes a challenge to secure our information systems and data assets when more and more devices are inter-connected, and the risk of phishing including fraudulent websites and phishing emails have been more rampaging than ever before.
As hackers are taking advantage of the rising trend of remote working and using a variety of attacking methods, it is imperative for enterprises to deploy a holistic approach of defence that combines various security measures, controls and tools over multiple layers of IT infrastructure, covering network, computer systems, applications and endpoints, to mitigate security risks.
The Hong Kong SAR Government attaches great importance to information and cyber security. The Government assists the public and business sectors in stepping up their efforts to establish multi-layer defence through a three-prong strategy, namely prevention, detection, and collaboration.
First of all, as the old saying goes, “prevention is better than cure”.
This is the golden rule in protecting corporate information systems and data assets from cyber-attacks. It is more cost effective to prevent a security incident from happening than to remediate after the incident has taken place.
As cyber-attacks are becoming more prevalent, complex, and sophisticated, it is vital for enterprises to maintain a good security posture, like setting up protection and monitoring tools, such as firewall, intrusion detection and spam filtering system, installing anti-malware software in the endpoint and servers, as well as applying regular signature updates to the protection software in order to mitigate emerging threats.
Under the epidemic, remote work and service has become a new trend. The Government is aware that many companies, in particular those small and medium-sized enterprises (SMEs), may not be able to fully bear the cost in supporting the new working mode. We have, therefore, launched the Distance Business Programme (D-Biz in short) under the Anti-Epidemic Fund to provide incentive for local companies to adopt IT solutions to continue their operations and services. The adoption of cyber security solution by implementing software, hardware, or services to defend against cyber-attacks is one of the twelve categories that are eligible for funding support from D-Biz.
Awareness is an indispensable part of prevention. Having regard to the latest trends of cyber threats, the Government has collaborated with various stakeholders to organise a series of promotional activities to raise public awareness of phishing attacks and cyber fraud. The activities include a one-stop thematic webpage “Beware of Phishing Attacks” and promotional design contest which publicise messages of cyber security to enterprises and the public and enable them to master the relevant knowledge. Within the Government, we completed a phishing drill campaign earlier this year to promote the awareness of phishing emails among government personnel.
Secondly, detection — another aspect of protection is the capability to detect cyber threats. As organisations implement remote solutions and services, the chance of successful vulnerability attack is also raised if software patches are not applied in a timely manner.
It is therefore of utmost importance to have early detection of software vulnerabilities to prevent attacks that would penetrate information systems and infrastructure. In view of the prevalence of advanced persistent threats (APT), organisations should also consider implementing security information and event management (SIEM) to enable quicker and earlier detection of anomalous activities.
To raise the alertness of the public to cyber threats, the Government financed the setting up of HKCERT two decades ago to facilitate incidents handling and information dissemination. The centre has since then been working closely and exchanging information with the international community of Computer Emergency Response Teams on global and regional cyber security threats. This enables HKCERT to provide quick and sound recommendations to the Hong Kong community on protecting their information systems and digital assets. Local companies are advised to subscribe the free-of-charge service of HKCERT to get timely alerts in order to take prompt and proper action.
Moreover, to further assist the SMEs in identifying potential security vulnerabilities as early as possible, the Government coordinates with the Hong Kong Internet Registration Corporation Limited (“HKIRC”) to offer website scanning service for SMEs with “.hk” domain names free-of-charge. Apart from scanning for vulnerabilities in their websites, HKIRC also suggests security improvement solutions and organises seminars and workshops for them. Since the inception of the website scanning service in the middle of last year, HKIRC has assisted over 1,400 local SMEs in identifying and mitigating security issues.
Thirdly, collaboration. Collaboration is another crucial element in guarding against cyber-attacks. Today, information systems and devices are interconnected. All industries across sectors will inevitably be affected when cyber-attacks are launched globally.
Therefore, it is imperative to establish a mutual relationship among different industry sectors to form a collaborative front of defence.
The early sharing of information among professionals and security stakeholders is also essential for the effective identification of emerging cyber threats.
To promote the sharing of cyber risk information among different industry sectors and different enterprises, the Office of the Government Chief Information Officer (OGCIO) launched in 2018 a Pilot Partnership Programme for Cyber Security Information Sharing, which is known as the Cybersec Infohub.
We recently collaborated with HKIRC to formalise the Partnership Programme, which enables industries and enterprises to share information on cyber security threats, mitigation measures and best practices. Currently, there are about 1,000 registered representatives from more than 300 organisation members across a wide range of sectors, including innovative and technology, finance and insurance, tertiary education institutions, as well as key industries such as banking, telecommunications, public utilities, and transportation.
So far, more than 1,500 pieces of cyber security information of various types have been posted on the sharing platform set up under the Partnership Programme. The information includes the latest security trends, advisories on vulnerabilities, malware analysis reports, etc. Among these 1,500 pieces, about 400 were released to the public with a view to raising the knowledge of cyber security in the community at large.
To nurture the collaboration and sharing culture, OGCIO will continue to join hands with the HKIRC to take forward the Cybersec Infohub Programme to encourage more organisations, including SMEs, to join. You are invited to join if your organisations have not yet done so. In addition to information sharing, a supporting alliance named “Cybersec Connect” has been set up under the Programme to answer cyber security-related enquiries from members and offer appropriate support to them.
To conclude, the COVID-19 epidemic unleashes changes that seemed unthinkable for many of us before. As cyber security presents an ongoing challenge to the world, the Government will continue to carry out measures to promote public awareness and strengthen the community’s capabilities to tackle cyber-attacks.