Secretary for Innovation and Technology Xue Yongheng talks about the rise of cyber security incidents in the country during the pandemic.
In the past year or so, the COVID-19 disease has ravaged the world and changes the business model of enterprises and the living habits of citizens; remote business, working at home, remote learning and online shopping have become the new normal.
Under the new normal, all walks of life need to carry out digital transformation on the one hand, and on the other hand, they must also actively respond to the new cyber security risks brought about by the transformation.
According to statistics, a total of 8,346 information security incidents were handled in 2020, a decrease of 17 per cent and 12 per cent from 2018 and 2019 respectively. Although the overall number of accidents is on a downward trend, the number of phishing and fraud cases has risen to 3,483, an increase of 66 per cent and 35 per cent compared to 2018 and 2019 respectively.
“We have noticed that many hackers take advantage of the public’s concern about the epidemic, publish false information through phishing and fraudulent methods, or pretend to be a health organisation to request donations to trick victims into visiting malicious websites or disclosing sensitive information, or even defraud money, additionally the number of malicious software (mainly targeted at individuals) in 2020 dropped by 85 per cent from 2019 to 181,” said Secretary Xue.
There are signs that hackers are turning to companies or institutions as their main targets. On the other hand, although the number of distributed denial-of-service attacks (DDoS) is small, only 53 cases, it has increased by more than 43 per cent compared to 2019. It is estimated that this is due to the fact that various industries provide more online services during the epidemic, increasing the “attack surface.”
In addition, the Hong Kong Police Force (Police Force) recorded a total of 12,916 technology crimes in 2020, an increase of about 55 per cent from 8,322 in 2019. The average loss per case has decreased. From about 350,000 yuan in 2019 to about 230,000 yuan, the total amount of related losses is about 2.96 billion yuan, which is similar to that in 2019.
The increase in the number of technology crimes is mainly due to the increase in online scams (such as online shopping scams or online love scams), and fraudsters commit crimes through technology media such as the Internet, social media, and email. The breakdown of science and technology crimes and the losses involved in the past three years. The Accident Coordination Centre and the Police Department do not keep statistics on institutions, organizations and industries (including the healthcare industry).
The government has been in close contact with the Incident Coordination Centre to closely monitor the impact of the epidemic on global and Hong Kong cyber security risks. The Incident Coordination Centre expects that under the epidemic, targeted and organised cyber-attacks will increase globally. This is in line with the trend of cyber security in Hong Kong, and companies must be prepared to deal with related challenges.
“We will continue to adopt a multi-pronged strategy to deal with information security issues, such as supporting companies to upgrade their systems and network security measures through financial assistance (such as the Technology Voucher Scheme), thereby enhancing the level of information security in various industries, and registering and managing with the Internet in Hong Kong Co,” noted the Secretary. “And the Incident Coordination Centre work closely to release cybersecurity incident information and security recommendations to the public, and promote more public and private organisations to exchange cybersecurity through the cybersecurity information sharing partnership program and a cross-industry shared collaboration platform (Cybersechub.hk) News.”
The Incident Coordination Centre has also implemented a medical network security notification plan in 2019 to provide the Hong Kong medical industry with notifications of network security vulnerabilities and threats to reduce network security risks.