Companies face data loss due to lax security preparations
Companies should step up their Internet security efforts in light of the explosive growth of the medium in Hong Kong, according to industry executives.
Daniel Cheng, general manager for China at US-based Symantec, said many companies lacked sufficient internal policies on Internet security and only turned to experts when problems were discovered.
'They should realise Internet crimes could damage their systems beyond repair, and the costs of losing business-critical data are difficult to assess,' he said.
His comments came after a series of high-profile hacker attacks on yahoo.com, eBay.com and eBuy.com, which paralysed their operations for hours.
These 'denial of service' attacks do not damage the companies' computer systems, but they could result in revenue losses and hurt consumer confidence.
'In the 80s, only computer experts could be hackers, but nowadays there are Web sites that tell you how to become a hacker. Basically everybody can become a hacker now,' said Computer Associates Asia marketing director Peter Kuo.
As the majority of companies would not report Internet crimes to the authorities for fear of bad publicity, it is difficult to estimate the extent of the problem.
Mr Cheng said according to a survey by the US Federal Bureau of Investigation, about 32 per cent of US companies reported Internet-related security problems last year.
In Hong Kong, only 138 computer-hacking cases were reported in the first eight months of last year, according to figures released by the Police Computer Security Unit.
Mr Cheng said the most common Internet crime was the implantation of program viruses, of which the most damaging type, 'trojan horse', could trigger unauthorised transfer, alteration or erasure of data.
He said anti-hacking products could help companies scan their systems and detect viruses and 'untrusted' software applications.
'There are also products that help you filter out untrusted Web sites and problem files,' he said.
Mr Kuo said the costs of implementing an Internet security system could vary widely, depending on the type and extent of protection desired.