Editorial | Hong Kong cannot be secure enough from hackers
- As the latest victim – Hong Kong’s Consumer Council – has warned, no system is apparently ‘bulletproof’ when it comes to cyberattacks, but vigilance is key

Days after the Cyberport ransomware attack triggered a security alert across the government and public bodies in Hong Kong, the Consumer Council became the latest target last week. The watchdog defended itself, saying its internet protection was as good as any. That raises concerns whether all data users are perhaps just as vulnerable when it comes to online security. A greater sense of vigilance is needed to avoid more government and private agencies falling victim to hackers.
As in the case of the government-owned technology park in Pok Fu Lam, the council cannot be faulted for refusing to pay a US$700,000 ransom to avoid the stolen data from being made public. It was still assessing the scale of the attack, but believed it may involve data of current and former staff, their relatives, job applicants, complainants, business partners and thousands of subscribers to its magazine. There were no reports of a data leak as of yesterday.
The watchdog has taken immediate action to strengthen the security measures of its system, and appointed a forensic expert to conduct investigations. It said its computer system safeguards and audits were also in compliance with necessary requirements. However, they still fall short of what is needed to fend off attacks.
But, as the council warned, no system is apparently “bulletproof” when it comes to cyberattacks. This is especially important for agencies that possess copious amounts of personal data. Failing to protect such information will not only undermine their reputation and credibility, but also may result in legal liability and financial losses.
The government is adamant that its computer set-up is subject to round-the-clock surveillance and security alerts, but concedes public bodies have their own systems and are responsible for online security. Be that as it may, officials must take more proactive steps to prevent such incidents.
Cyberattacks know no boundaries. The growing number of cases worldwide illustrates no system is too secure to escape intrusion. It will take more than just another routine appeal for greater caution to thwart further hits.
