(Hong Kong, 16 January 2020) The Hong Kong Productivity Council (HKPC) today urged enterprises and the public to keep up their vigilance against an anticipated surge in cyber attacks arising from the use of new technologies such as AI, Internet of Things (IoT) and 5G communications, after its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recorded significant hikes in Botnet and phishing website reports in Hong Kong for 2019.
While the number of overall security incidents handled by HKCERT reported a 6% year-on-year drop in 2019, totalling 9,458#, Botnet (4,922 cases# or 52%) and phishing websites (2,587 cases# or 27%), two principal sources of reports, still went up 30% and 23% respectively which were mainly attributed to rise in financial crime-related Botnets and phishing targeting financial organisations and enterprises. On the other hand, malware reports (1,219 cases# or 13%) fell 62% as more malware stayed stealthy after infection and ransomware targeted more on global enterprises for higher return instead of massive untargeted attacks.
Analysing upcoming security trends, Mr Edmond Lai, Chief Digital Officer of HKPC, said, “Year 2020 is a year of change. The wider use of new technologies such as AI, IoT and 5G will certainly lead to more network interfaces and larger flow of data over untrusted network, with their potential vulnerabilities creating new cyber security risks. Also, financially-motivated cyber attacks will become more blended and coordinated as cyber criminals seek to maximise their illicit returns. Moreover, computers running on older versions of Microsoft operating systems and Transport Layer Security (TLS) protocols for their browsers will face more security threats with the end of free official technical support.”
In addition, more cyber criminals will try to bypass defence of their target enterprises by going upstream to attack their partners as well as target new mobile payment services which are expected to proliferate in 2020. Further, the introduction of more data protection regulations with mandatory breach notification requirement worldwide will cause a rise in both data breach reports and fines handed down.
Offering advice to community, Mr Lai said, “Everyone should prepare upgrade, migration and contingency plans for end of support operating systems and protocols and implement them when required. Company management should also raise awareness of security risks arising from both internal and partners and service providers while striking a right balance between convenience and security. In addition, businesses must adopt a security-by-design approach for their daily operation such as locking down exposure to the Internet, authenticating mobile devices in BYOD, not giving excess privilege to staff for convenience, etc.”
In the coming year, on top of continuing to issue early warning, preventive advice, incident response and security awareness for enterprises and Internet users, HKCERT will aim to achieve better protection for Hong Kong’s patients’ data and the public and private healthcare system through the Healthcare Cyber Security Watch Programme. It will also publish technical guidelines on IoT security best practice and TLS secure implementation for adoption by local businesses and IT practitioners.
Note: #Preliminary figures
- Ends -