Hong Kong corporations can no longer ignore threat of a cyberattack
Michael Gazeley says the spate of cyberattacks in the wake of the Occupy protests should raise the alarm on organisations' vulnerability
The threat of cyberattacks has escalated in Hong Kong. During the past month, the Anonymous collective - a global network of hacker-activists - has declared cyberwar on the Hong Kong government and police force, in support of the Occupy Central movement.
Further, it is clear that Anonymous was not the only group of hackers taking direct action, with websites on both sides of the political divide being targeted. Some were brought to a crawl using the "distributed denial of service" attacks. This is when so much artificial traffic is sent to the targeted system that it can no longer function properly. Other websites were attacked in different ways or simply defaced.
However, what everyone needs to understand, and urgently, is that these attacks are actually the least important cybersecurity dangers we face.
In today's increasingly connected world, it is estimated that over a million devices are being added to the internet every three hours. More and more of these are not computers in the traditional sense. There are smartphones and tablets, but also televisions, fax machines, printers, telephones, CCTV systems, fridges, baby monitors, and even next-generation light bulbs. That's not all. One also needs to add power plants, traffic lights, oil rigs, cars, aeroplanes, drones, ships, and even medical devices like pacemakers to the list.
We are collectively rushing headlong into what is commonly called the "internet of things", without realising that this also means we are fast heading towards the "vulnerability of everything".
If all this sounds like science fiction, note that former US vice-president Dick Cheney had his pacemaker's wireless feature disabled in 2007, fearing assassination by a hacker.
Our company monitors cyberattacks in real time. Attacks are legion, and, despite being ranked as one of the world's most connected cities, Hong Kong still has a very long way to go in terms of cybersecurity.
I have spent the past 20 years advising organisations in Hong Kong on how to improve their cybersecurity, so I felt more than a little sceptical when I recently read that 96 per cent of the city's top executives fear the impact of a cyberattack on their business. In my experience, management complacency is the top reason cybersecurity is so poor in so many Hong Kong organisations. The vast majority of senior managers believe their organisation is not a target, so there's no need to worry too much.
Upon looking into the 96 per cent figure, however, things made a lot more sense. The figure came from a survey conducted during a series of seminars on the business impact of cyberattacks. That's like conducting a survey at a gym, asking the people working out if they think exercise is important.
Corporations move at the "speed of red tape", while hackers move at the speed of the internet. This needs to change. Senior management in Hong Kong need to take cybersecurity seriously and take meaningful action to protect their organisations.
As Abraham Lincoln famously said, "You cannot escape the responsibility of tomorrow by evading it today."
Michael Gazeley is managing director of Network Box Corporation