Field day for cyber warriors

PUBLISHED : Saturday, 07 January, 2012, 12:00am
UPDATED : Saturday, 07 January, 2012, 12:00am


Current trends in connecting personal smartphones and mobile devices to company operating systems can help increase convenience and connectivity, but also amplify the risk of lost data and cyber attacks.

This connectivity practice is known by the acronym 'bring your own device' (BYOD) in information technology (IT) circles. Lawrence Li, engineering manager for Symantec Hong Kong, says that allowing employees to connect their smartphones and hand devices to company IT systems creates security risks that many companies overlook.

'Devising ways to control the risks of lost data will certainly create more work for IT engineers,' says Li.

Hong Kong enjoys one of the highest mobile subscriber bases in the world, with a 197 per cent penetration rate, according to the Office of the Telecommunications Authority. Gartner predicts that mobile phones will overtake personal computers as the most common web access device by 2013. According to government data, about 60 per cent of Hong Kong people currently own smart phones.

Li says that, unlike most company IT systems, smartphones have little in the way of firewall protection. He says office IT departments need to introduce policies on how employees use and store company information on their smartphones, and the procedures if a smartphone is lost or becomes compromised.

Against the risk BYOD poses, benefits include keeping up with the rapid consumerisation of enterprise IT, Li adds. Using BYOD concepts can also attract a younger generation, promote flexibility at work and boost productivity.

To combat the risks posed by using smartphones linked to company IT systems, Symantec has developed data-loss prevention software. 'If a personal smartphone or device registered with us is lost, we can remotely wipe any important data,' says Li.

With smartphones now accounting for over 50 per cent of new phone purchases, the quantity of malware - or malicious software - targeting smart devices will increase, says Roy Ko, manager for the Hong Kong Computer Emergency Response Team Coordination Centre.

'The consumerisation of IT is leaving companies vulnerable to security threats as IT departments become the unwilling facilitators of the adoption of personal mobile devices in the enterprise,' says Ko, adding that public awareness of mobile phone security is poor.

Meanwhile, to help local employers and IT professionals define IT-related job titles in different competency levels, the Hong Kong Computer Society (HKCS) has designed a roadmap to identify and evaluate IT professional certification.

The scheme formulates its job-title definitions based on the government qualification framework.

In addition, the HKCS says the roadmap aims to enable IT professionals to fully understand their personal needs and career development directions.

The seven job categories include software engineering and development, quality assurance, project management, IT architecture, service management and operation, information security, and multimedia.

According to Theresa Lui, HKCS project director for the certification roadmap, the review was based on the complexity, the scale and unprecedented challenges inherent in a job.

The HKCS believes the roadmap will help employers to define precisely the skills and experience required when hiring.

'The certification roadmap project is not about validating, evaluating or endorsing any existing certifications,' says Lui. 'It is a continuous process where a periodic review of available certifications is required. This way, our roadmap will stay relevant to the industry.'