Educate against cyberattacks because Asia is world’s most vulnerable region, Hong Kong companies told
Experts at the Information Security Summit in city warned Asia-Pacific is world’s most targeted area for attacks given the relatively low level of cybersecurity awareness among corporations
More education is needed for Hong Kong companies to better prepare themselves for future cyberattacks as Asia is the world’s most vulnerable region, according to experts.
The global ransomware attack in May called WannaCry caused only 40 incidents in Hong Kong, most of which involved home users, after it hit on a Friday afternoon in Europe when businesses in Asia had closed for the weekend.
This showed the need for more awareness about cyber intelligence to protect businesses, Hong Kong Productivity Council chairman Willy Lin Sun-mo told the Information Security Summit in the city on Tuesday.
“Since we may not have the luxury of two days to prepare for the next attack, we must make sure we have more information at our fingertips in the initial stage”, he said.
“If we have better and more knowledge on what is happening in other parts of the world or the attacks that our peers are facing, we can react faster to mitigate the risk of an emerging cyberattack”, Lin said.
The Asia-Pacific region is the world’s most targeted area for cyberattacks. However, even though its economy is becoming more digital, corporations’ cybersecurity awareness remains low.
Asian organisations take 1.7 times longer than the global average to discover security breaches, according to US cybersecurity firm Mandiant’s 2017 report. And hackers are 80 per cent more likely to target organisations in Asia, according to its 2016 report.
Educating employees was needed to curb the impact of cyberattacks, said Paul Jackson, head of Asia-Pacific cybersecurity and investigations for risk management firm Kroll and former head of the police cybercrime investigation team.
“The successful attacks succeed by exploiting employees, people within the company. It’s that area where not enough attention is paid. Most companies have checkbox approaches to compliance, to education. Do they really work? Do they really sink in to employees? No”, Jackson said.
Companies had to make their staff “want to not only apply security within a company, but also apply it to their personal lives. We carry data around with us wherever we go, and it extends beyond the walls of our companies these days. That’s where a lot of the problems lie, because you can go into systems from your home and if your home is infected, then they can piggyback” he added.
Although awareness by Hong Kong companies was improving, they had “a long way to go before it gets better. I think they have to have a greater understanding of the necessity of auditing cybersecurity and making sure they hold it accountable”, Jackson said.