Hong Kong business council issues warning over surge in cyber-attacks

Businesses must reassess their security posture, says HKPC

Amid the growing trend of financially-motivated cybercrime, the Hong Kong Productivity Council (HKPC) has urged enterprises and businesses operating in the Chinese Special Administrative Region to strengthen their defenses against ransom-based attacks in 2018.

The public sector organization, which aims to promote and assist Hong Kong businesses through the introduction of best practices and new technologies, issued its advice after the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) reported a rise in security incidents over the past 12 months.

HKCERT received more than 6,500 cybercrime reports last year, up 7% on 2016. For the second successive year, malware cases (2,041 cases or 31%) saw the biggest surge, rising by 79%, and joined botnet (2,084 cases or 32%) and phishing attacks (1,680 cases or 26%) as the principal sources of the reports.

“Financially-motivated cyber-attacks will continue to proliferate due to the wider availability of paid cybercrime and one-stop attack services for criminals,” said Wilson Wong, general manager of HKPC’s information technology division.

“The growing use of internet-enabled devices in all aspects of life, and the popularity of mobile payment services will attract more attacks on Internet of Things devices and mobile payment apps in 2018. In addition, more attacks targeting service providers with the aim to bypass users’ defense are anticipated.”

Offering advice to the business community in the former British enclave, Wong said enterprises must restrict the exposure of corporate data services to the internet and their service partners.

“Two-factor authentication should be applied for sensitive services and software updates must be tested before actual deployment,” he said. “Regularly backing up data and keeping an offline copy can also minimize the impact of ransomware attacks.

“Meanwhile, software providers and mobile apps developers should take steps to defend against infiltration in order to protect their customers in the downstream.”