Complacency puts websites in danger
It is a sad reality of the internet that no website can be considered safe from hackers. Even if the best protection is in place, those with malicious intent can bombard servers with spam to bring them to a grinding halt. The latest reported targets of cyber criminals are websites of eight members of the Chinese Gold and Silver Exchange Society, which operates Hong Kong's biggest commodities floor. Police are investigating blackmail claims and investors have been inconvenienced by the shutdowns, reminding us yet again of the need to better safeguard on-line services and information.
We should not need reminding. Website hacking takes place all the time in Hong Kong, just as elsewhere. The problem is that the embarrassment caused means we usually learn of it only if we are affected or high-profile victims are involved - as with the attacks on the stock exchange's information pages seven months ago. With the websites of governments and so many of the world's biggest companies having been breached, it is easy to be numbed by reports.
But when it comes to internet security, nothing is more dangerous than complacency. Perhaps, for that reason, while hackers are criminals, they should also be thanked. If it were not for their dogged determination to break through security barriers, whether for the thrill or the challenge, to vandalise or to steal data, they at least highlight vulnerabilities that have been overlooked. It is for this reason that some firms hire hackers to seek out failings so that websites can be as watertight as possible.
Where sensitive information and finances are involved with websites, governments, organisations and companies have to show the greatest possible openness. Their determination to prevent cyber attacks has to be reflected in investment in preventative and protective measures. Authorities have to ensure that police have the means to track down the culprits and bring them to justice, no matter where in the world they may be. Half-measures and sloppy oversight have no place in website security.