(Hong Kong, 19 January 2021) The Hong Kong Productivity Council (HKPC) today urged enterprises to quickly put in place cyber security strategy for the new normal and new technologies, in order to combat an anticipated surge in cyber attacks in 2021 arising from accelerated digital transformation amid the COVID-19 pandemic and the use of emerging technologies such as 5G communications, Internet of Things (IoT) and AI.
The number of overall security incidents reported to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of HKPC recorded a drop for the second year running, falling 12% year-on-year to 8,346 in 2020. Phishing (3,483 cases or 42%) went up 35% with cyber criminals exploiting the surge of online activities due to the pandemic. On the other hand, botnets (4,154 cases or 50%), which remained the top source of reported incidents, and malware (181 cases or 2%) fell 16% and 85% respectively. The latter was owed to more malware targeting enterprises for higher return instead of individuals.
Analysing the upcoming cyber security trend, Mr Alex Chan, General Manager, Digital Transformation of HKPC, said, “2020 has been a watershed for digital transformation. With the impact of pandemic, business and lifestyle quickly turned to contactless solutions such as remote work, distant learning, online shopping, tele-medicine, etc. Where safeguards cannot catch up with the swift online migration, higher cyber security risk is the consequence, especially for mobile financial services. Also, the application of new technologies such as 5G, IoT and AI may lead to more exposure of systems or data over untrusted network. Together with crime-as-a-service maturing, a proliferation of targeted and organised cyber attacks is anticipated for 2021.”
Furthermore, enterprises must brace for an escalation in supply chain attacks in which attackers leverage on the trust of an enterprise on its supply chain partners to bypass traditional defences and compromise a large number of computers.
Offering advice to the community, Mr Chan said, “Enterprises have to formulate cyber security strategy for the new normal and new technologies, include third party risks in their management plan, lock down any exposure to the Internet, adopt strong authentication, and conduct cyber security health check and monitoring. They should also raise cyber security awareness of their staff to cope with the changing attacks. Enterprises can also strengthen their cyber security by referencing the specifically compiled cyber security guidelines on work from home, web meeting, remote access and enterprise VPN, etc. which can be downloaded from HKCERT website (www.hkcert.org).”
Besides providing proactive advices for the new normal, security alerts, incident response and security awareness for enterprises and Internet users, HKCERT also promote cloud security and groom the next generation cyber security talent. HKPC would also assist the industry in cyber security health scoring and monitoring, and provide a secure authentication platform to ease SMEs and startups in secure application development.
- Ends -