Mitigating business risks through cybersecurity

According to Hong Kong Police statistics, financial losses due to cybercrime reached $2.77b in 2018 in the territory, almost doubling the figure for 2017. As technology becomes more sophisticated and ubiquitous, cybercriminals’ skills and tools are evolving and cybersecurity experts are having to work harder to catch up.

When we hear about data breaches or other types of cybercrime, our immediate response is often to perform a ‘self-check’ and see how the problem relates to our companies and ourselves. Recent prominent cybercrime cases have affected royal families, government officials in France and the UK, and individual citizens all over the world. With our world becoming ever-more digitised and cybercriminals becoming ever-more cunning, the defence of ‘that would never happen to me!’ is becoming ever-more flimsy.

A ‘Cyber Security Breaches Survey’ conducted this year in the UK revealed that 32% of businesses had had a cybersecurity breach in the last 12 months. The most common attacks were phishing emails, others impersonating their organisation online, viruses and ransomware. Clearly, cybercrime is more than ‘just a technology issue’, it presents a clear and present danger for businesses.

Phishing, by far the most common type of cyberattack, involves the mass distribution of email messages with links which appear to come from banks, insurance agencies, credit card companies, telecom providers and other seemingly reputable institutions. When the recipients reply to or click on links in these emails, they are encouraged to give away passwords and other important information– opening the door to a company-wide cyberattack or online banking fraud and triggering financial losses, identity theft and other types of fraud. Unfortunately, there are many examples of ‘successful’ phishing, even in Hong Kong.

Ransomware involves malicious software that invades a user’s computer and creates a threat to publish the victim's data or perpetually block access to it unless a ransom is paid. Advanced ransomware totally encrypts a victim's files, making them inaccessible until a ransom is paid to decrypt them.

Unfortunately, ransomware attacks are becoming more frequent in Hong Kong, so much so that the Hong Kong Police have formally joined an international anti-ransomware initiative run by Europol, the Dutch National Police and two cybersecurity companies. This global project hosts an online platform (www.nomoreransom.org) and provides a number of free services to those unlucky enough to have been affected.

Whether we are at work or at home, we are all at risk of becoming a victim of cybercrime. As the world becomes increasingly reliant on tech, the losses associated with cyberattacks are becoming larger and more unpredictable.

Successfully warding off attacks requires a coordinated effort across all levels of all businesses. In Hong Kong, company IT teams should be constantly working to protect the company’s data and assets, whilst management should be encouraging cybercrime awareness and vigilance to every staff member and promoting a ‘cybersecure’ culture across the business. Everyone in every company should get into the habit of making IT security a part of their job.

There are simple things we can all do. A major cause of phishing attacks is the use of the same password across multiple platforms. People often use the same password, or a very similar password which changes just one or two digits, for their company email addresses and other platforms like LinkedIn, social media and even online banking. First and foremost, change your passwords frequently and create different passwords for different platforms.

Introducing two-factor authentication, which requires a user to input both a password and a generated code, adds an extra layer of security. This code can be produced from a physical device carried on the person like an online banking security device, by a software token, or can be delivered by SMS.

Do not be complacent. Awareness, training and constant vigilance are the keys to building a robust and effective culture of cybersecurity in your business – and making life more difficult for cybercriminals in Hong Kong and around the world.