(Hong Kong, 8 February 2023) The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council (HKPC) held a briefing today to summarise the information security situation in Hong Kong in 2022 and release the security forecast for 2023, and invited scholars from the Hong Kong Polytechnic University (PolyU) to share the latest security risks of the Internet of Things (IoT) and Web 3.0. The widespread use of information technology (IT) has accelerated the digitisation process in all industries, and at the same time the number of cyber attacks using new technologies has increased. To prevent cyber criminals from taking advantage of the situation, HKCERT urges enterprises and the public to continue to raise awareness of information security and strengthen protection against cyber attacks to avoid losses.
HKCERT summarised the information security situation in Hong Kong in 2022. Last year, HKCERT handled 8,393 security incidents, an increase of 9% over 2021, the first increase in four years. The majority of the incidents was botnet (4,858 cases), up 40% from 2021; whereas the second major incident was phishing (2,946 cases), which was 21% lower than in 2021, but the number of URLs involved (15,736 links) increased by 4%, with more than 60% of them related to e-commerce, online banking and cryptocurrency.
Mr Alex CHAN, General Manager, Digital Transformation of HKPC, and spokesman of HKCERT, said, “While global economic activities and business transactions have gradually resumed normal over the past year, the reliance of enterprises and individuals users on the internet and emerging technologies has increased, and so has the variety, volume and sophistication of cyber attacks. HKCERT will continue to actively study the trends of cyber attacks and security technologies, and assist the community in meeting the ever-changing security challenges through various channels, such as issuing early warnings of cyber attacks, security recommendations, etc. We will also organise large-scale international conferences and competitions, including the Information Security Summit and the Hong Kong Cyber Security New Generation Capture the Flag Challenge, to raise awareness of information security locally and nurture the next generation cyber security talents.”
The report also identified five major information security risks that warrant attention in 2023:
To address the above five information security risks, Mr CHAN urged all sectors of the community not to take it lightly. He said, ”It is important to protect personal information carefully. Today's personal information includes not only date of birth and ID card number, but also biometric features such as fingerprints and voiceprints, which we should beware of being used by cyber criminals. It is also important to pay attention to the best results provided by search engines and the English spelling of website domain names to prevent malicious and phishing websites. In addition, it is important to understand the security threats posed by new technologies such as AI, blockchain, cryptocurrency and metaverse, and to develop relevant security strategies and countermeasures. Enterprises should prepare for the integration of connected industrial and IoT devices with adequate security, for example, by establishing a security framework with reference to international security standards. The integration will also require an update of corporate security policies and operational practices. In addition, the security of networks and systems should be regularly assessed, and the configuration of all connected internet equipment should be continuously monitored.”
In response to the increasing sophistication and diversity of phishing attacks, HKCERT will organise an anti-phishing campaign with publicity booths in different districts of Hong Kong to raise the awareness and capability of the public in combating phishing attacks; work with internet service providers and computer emergency response teams around the world to remove suspicious and malicious websites; release cyber security publications to alert the public on emerging risks; proactively collect and analyse malware samples; and provide the public with solutions and advice on how to tackle cyber security incidents. Furthermore, it will actively promote the information security awareness of the IoT and OT to enterprises. Seminars and training courses will be organised in collaboration with trade associations of different industries to enhance SMEs' information security knowledge and response capability.
Today’s briefing also invited Dr Daniel LUO, Associate Professor, Department of Computing, PolyU, to share the latest security risks of IoT and Web 3.0. He said, “If IoT devices connected to the Internet fail to have their default passwords changed or their outdated software updated, hackers can exploit these weaknesses to launch attacks. Moreover, IoT companies should adopt a holistic approach to enhance the security of their IoT systems, such as securing IoT's hardware and firmware as well as AI algorithms, apps and server, and network protocols and connections, and implementing the Zero trust architecture. Also, more attention must be paid to the cyber security risks of Web 3.0 because of the existence of many (un)known vulnerabilities in blockchains and smart contracts as well as many malicious smart contracts and sophisticated attacks. Developers of blockchains and smart contracts should adopt a systematic approach to secure their products, such as code audit and testing, security assessment of algorithms, software hardening, transaction monitoring and online defence, detection of malicious smart contracts and frontend applications, etc. PolyU's research institute for artificial intelligence of things (RIAIoT) and research centre for blockchain technology (RCBT) have conducted extensive research on these areas with fruitful results.”
Enterprises or the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting , or call the 24-hour hotline at 8105 6060. For further enquiries, please contact HKCERT at firstname.lastname@example.org.
- Ends -
SUBSCRIBE TO OUR NEWSLETTERS
Share the latest information of HKPC to your inbox