Loading...


2020 January
HK Badly Needs Cybersecurity Specialists

A survey found that Hong Kong enterprises need to improve security management, staff awareness and proactiveness. Are Hong Kong enterprises on track in terms of developing cybersecurity? And does the market provide enough relevant specialists?
 

 

According to the SSH Hong Kong Enterprise Cyber Security Readiness Index Survey released by the Hong Kong Productivity Council, Hong Kong enterprises had continued to improve their level of cybersecurity readiness and performed best in technology controls, reflecting their willingness to invest more resources to deal with cyberattacks. However, the survey also found that some enterprises were using technologically outdated protection measures that were not sufficient to cope with the rapidly evolving cybersecurity issues. The report recommended enterprises to address new threats to cybersecurity by further improving their performance in security management, staff awareness and proactiveness.

 

Escalating financial losses is evidence of serious problem

The findings of the above-mentioned survey show that there had been a significant increase in cyberattacks on Hong Kong enterprises over the past year, with 41% of respondents indicating that they had experienced external attacks, compared to only 26% in 2018. The most common forms of attacks encountered were phishing email (77%), ransomware (42%) and other malware and botnet (22%). Edmond Lai, Chief Digital Officer of HKPC, believes that the increase in the figures was due to the sale of email accounts obtained by hackers.

 

According to the Hong Kong Police, there were 401 reported cases of email scams in the first half of 2019, similar to the previous year, but financial losses amounted to HKD1.13 billion, an increase of 48% over the same period in 2018, reflecting a serious problem. “Apart from ransomware, currently malware is constantly being updated.” According to Lai, such software can lurk in the computer undetected for a long time and spread over the Intranet, penetrating deep into the network or collecting sensitive data without the user’s knowledge for the hacker to sell in the black market for profits.

 

Avoid overlooking basic security for convenience

Lai said that to effectively improve cybersecurity effectiveness, the key lies in user awareness and perception, especially the attention to third-party security risks. He recommended enterprises to reduce their systems’ vulnerability to cyberattacks at both the procedural and technical levels by adopting measures such as two-factor authentication, ensuring configuration security and patching security loopholes.

 

He believes that enterprises should also do their utmost to raise staff awareness of cybersecurity, avoid giving employees excessive system privileges for convenience, and carefully assess the cybersecurity risks of partners and service providers. He cautioned that enterprises should not lose sight of basic information security in order to catch up with market cycles and convenience. Instead, they should apply the principle of “security by design”.

 

Talent shortage

To raise staff awareness of cybersecurity, besides management’s proactive involvement, specialists can also help enterprises reduce risks. Lai revealed that the market is in high demand for cybersecurity specialists, with 2.6 million cybersecurity job vacancies waiting to be filled in the Asia-Pacific region alone.

 

According to Lai, the types of cybersecurity jobs can be broadly divided into three categories, including (1) administrators responsible for daily cybersecurity operations and front-line personnel responsible for security incident response; (2) information security consultants who assist enterprises in designing and implementing defence strategies, standards and policies; and (3) personnel who evaluate and audit the implementation of security measures.

 

He added that in general, those engaged in cybersecurity must have a bachelor’s or master’s degree in computer science or related disciplines, as well as an information security certificate. They also need to have some knowledge in areas such as security and risk management, cybersecurity/architecture, software development security or IT security, as well as Internet and cybersecurity.

 

Continue to enhance value to address challenges

As Hong Kong’s development in fintech and e-payment continues to accelerate, and technologies such as the Internet of Things (IoT), artificial intelligence (AI) and big data are becoming more and more widely adopted, Lai believes that the market will have a growing demand for relevant talents. He expects that with the development of smart cities and re-industrialization, coupled with the large-scale application of 5G services locally, Hong Kong will need a lot of IoT sensors and devices in the coming years, so it will require the involvement of more cybersecurity experts.

 

He reiterated that Hong Kong needs a large number of cybersecurity personnel to strengthen the defense of related systems against cyberattacks. However, he reminded that faced with rapid advances in technology, relevant talents must continue to enhance their value in various areas, such as cloud computing security, penetration testing, threat intelligence analysis and forensics, to meet market needs.