Hong Kong internet traders: Invest in cybersecurity or risk losing business

According to the Global Financial Centre Index, Hong Kong ranks as the third leading global financial centre after London and New York. In 2017, the number of transactions reached 610 million in the local securities market, with stock connects to Shanghai and Shenzhen bourses bringing in even more business. This is one reason why the Hong Kong financial services industry remains a favourite target for cyberattacks.

From the “State of Cybersecurity in Asia Pacific” survey, 69 percent of Hong Kong respondents said they had been financially impacted by cybercrime. Apart from money, they feared both loss of client information (31 percent) and company downtime while the breach was being fixed (31 percent).

The financial services industry is being targeted by cybercriminals because the amount of sensitive data and funds held is a major incentive to attackers seeking illegal financial gain. Major financial institutions have complex IT networks comprising a mix of old and new technologies making cybersecurity a challenge. There is also the issue of many third party enablers having access to corporate networks that again pose a threat to security.

Following a spate of attacks on internet brokers, the Hong Kong’s Securities and Futures Commission (SFC) recently issued cybersecurity guidance to help internet traders and financial institutions reduce and mitigate risks associated with cyberattacks. The SFC have, for several years, added additional layers of guidance on cybersecurity highlighting the importance traders should take to protect network intrusion and protecting sensitive client data. One key control, was the implementation of two-factor authentication for clients to log on to their internet trading account, which took effect on 27 April 2018; an important means to prevent fraud.

Internet trading offers faster, executable trades and accessibility to information but the downside to this is an increased risk of a breach occurring resulting in financial loss. Cybercriminals have stepped up their attacks through the usage of advanced technologies such as artificial intelligence, machine learning, and behavioural analysis. This development means it is imperative for internet traders to invest in cybersecurity and secure their networks.

Be prepared or risk losing business
The sad irony is that when major data breaches and ransomware attacks occur, along with financial and reputational loss, the publicity surrounding such attacks raises public awareness about the problem. But when there is a drop in reported attacks, a false sense of security pervades. All businesses must be continuous in their efforts to eradicate threats and stop an unauthorized network entry. If not, they stand to losing business.

Cyberattacks are not specific to any industry sector. Rather, everyone is at risk as evidenced by the recent attacks on travel agencies and in the health sector. Any private or public organization, irrespective of size, with information considered sensitive or valuable to business operations, is at risk.

In the last two years, the majority of attacks have targeted the endpoint – desktop, laptop, mobile - as this is where valuable data is most accessible. Because of this, the most common threats are those designed to compromise the user which is why ransomware, Trojans, and information stealers are the top threats in Hong Kong.

Best practice to secure networks
The additional guidelines that came into effect in Hong Kong on 27 July 2018, are designed to further enhance cybersecurity management at all licensed or registered persons engaged in internet trading. The SFC has asked that twenty baseline requirements be introduced to enhance cybersecurity resilience to reduce and mitigate hacking risks.

Only by incorporating IT risk management and cybersecurity best practices can internet traders ensure breach prevention and securing of sensitive information and keep financial assets safe.

For example, the establishment of a dedicated function with sufficient resources to handle daily IT risks and cybersecurity-related matters. This dedicated cybersecurity function equips employees with the right skills, the right knowledge, and the right behaviour ensures key staff have the relevant professional qualifications, training and experience.

With so many basic and sophisticated attacks taking place, security teams are often overwhelmed by alerts, threat data, security updates, warnings, and are unable to identify high level threats in the clutter of information overload.

This can be overcome by subscribing to cyber intelligence sources and the pre-emptive monitoring of emerging threats, allowing security teams to get the jump on cyberattacks through accelerated analysis, correlation and prevention workflows.

Segregating breaches
It follows that any security solution must be robust enough to block security breaches and attacks at the endpoint to halt any ransomware, malware and other exploits from gaining access to the company’s crown jewels. Another best practice is to move away from one internal network and shift to a segregation model.

Like a ship that has several airtight compartments designed to keep the vessel afloat if there is a hull breach, this same principal can be applied to a network environment. By having different segments – ‘compartments’ - with access controls attached to each means an attacker is confined to one area rather than the entire network. This segregation gives network administrators the ability to isolate the breached compartment, without endangering the whole system.

The new guidelines from the SFC may add more layers to risk management and IT security, yet these are only the minimum of what is expected. A thorough and regular evaluation of existing security measures gives a continuous threat assessment and the ability to implement additional measures to remove any vulnerability at the infrastructure level.

Today, more than ever, security is a major consideration for customers as they want to ensure their sensitive data and accounts are secure. Companies that get attacked and are shamed publicly, will see customers migrate to a provider who has taken the requisite preventive measures in securing sensitive information.