Rise in cybercrime poses risk for smaller Hong Kong firms
Theft of customer credit card data at US retailers last month highlights the need to remain vigilant against internet threats,says security expert
Outspoken security expert Michael Gazeley has long warned that many businesses in Hong Kong are ill-prepared against internet threats.
Gazeley, the managing director at security services provider Network Box, famously said after the cyberspying revelations made by whistle-blower Edward Snowden last year: "Major companies in Hong Kong spend more on Christmas decorations than on cybersecurity."
His latest warning about the need for broader vigilance against threats to network security followed the recent massive cyberattacks that hit large retailers Target and Neiman Marcus in the United States.
Last week, Target said the names, phone numbers and mailing addresses of up to 110 million customers might have been stolen in a cyberattack last month.
The company initially reported that the debit and credit card data of 40 million customers were stolen during the holiday shopping season.
Customer credit card data from luxury department store Neiman Marcus and at least three other well-known US retailers were also compromised at the same time by a big cybercrime syndicate in eastern Europe, a Reuters report said.
"The biggest retail credit card breach in history has just happened," Gazeley told the South China Morning Post.
He said that what the Snowden revelations about spying and data harvesting should have taught businesses was that "Big Brother and everyone else are watching".
"Yet the vast majority of information-technology managers, and even well-known cybersecurity professionals, seem to be almost pathologically fixated on the last attack rather than the next attack," he said.
"Just as a bodyguard in the physical world needs to be able to protect clients from all sorts of harm, such as being shot or hit by a car, cybersecurity systems must also deal with a wide spectrum of threats."
The Hong Kong Computer Emergency Response Team Co-ordination Centre (HKCERT), the government-backed information security watchdog, has confirmed that threats have been increasing.
Leung Siu-cheung, a senior consultant at HKCERT, said: "The security landscape has changed significantly in the past decade. For instance, the number of malicious software has increased from about 1,000 in 1991 to millions in 2012, while other undetected malware have become tools used by cyber criminals."
Hong Kong-based Network Box, which provides "security appliances" and managed services that cover more than 1,600 corporate computer networks worldwide, released about 6.86 million security updates online to its clients last year.
"That is a very significant 53 per cent increase from the year before, reflecting the enormous number of new threats," Gazeley said.
Nicholas & Bears, an international brand of children's clothing that runs an online shopping site and more than 60 shops across Asia, acknowledged that the retail sector had become more security-conscious after the Snowden revelations in June last year, which revealed the extent of global spying by the US National Security Agency.
"I guess we all knew people were out there hacking and monitoring us on the internet. Snowden made it all a lot more real," said Elaine Cheung, the chief executive at Nicholas & Bears.
"In the retail industry, we obviously have to deal with customer payments and client data, so every story in the press about hacking, credit card information being stolen, or point-of-sale systems being compromised worries me a great deal. "We really don't have the time or knowledge to deal with network security, so we leave it to the experts. I would rather spend my time concentrating on my designs and operations."
Consultancy Frost & Sullivan said in a report that more companies in the Asia-Pacific region are outsourcing network infrastructure security because they lacked the resources to handle complex and multiple cyberthreats.
It forecast in the report that the managed security services market in the region would reach US$5.34 billion in 2019, from US$1.66 billion in 2012, as more companies "adopt security services as an add-on to their existing security set-up".
Gazeley said there had been some improvement over time in attitudes towards cybersecurity by the business sector in Hong Kong.
"But these are usually the large-sized companies, and they are still in the minority. About 98 per cent of businesses in Hong Kong are made up of small and medium-sized enterprises. It is this vast majority that remain most at risk today," he said.