Cybersecurity incidents are ever-increasing, but there are ways to prevent your company from becoming the next victim

According to SC Media, a firm providing market information and insights to cybersecurity professionals, the average cost of recovering from a ransomware attack in 2023 was US$1.82 million, excluding the ransom payment. The firm puts the number of the average ransom payout to be US$1.5 million. The amount never guarantees recovery of all stolen data, however.

In recent years, there have been several high-profile cybersecurity incidents in Hong Kong. In particular, data breaches have compromised sensitive personal and financial information belonging to numerous companies, their clients, and partners. Cybercriminals often demand a ransom for stolen data. These cases help to underscore the growing concern over data security and the need for robust protective measures and skilled talents. 

In light of the urgent need for skilled cybersecurity professionals capable of analysing, managing, and responding to the risks in the digital landscape, the Cybersecurity Centre at IVE (Chai Wan) has been dedicated to offering comprehensive cybersecurity training to cultivate cybersecurity talent over the years. With the recent establishment of the Hong Kong Institute of Information Technology (HKIIT), the 14th member institution of the Vocational Training Council (VTC) and the first dedicated IT tertiary institution in Hong Kong, the Cybersecurity Centre has expanded its reach to one more location at VTC Tsing Yi Complex.

The Centre is committed to equipping individuals and organisations with the critical skills and knowledge necessary to address cybersecurity challenges. Thanks to its advanced technological infrastructure and strategic partnerships with leading international cybersecurity firms, the Centre offers professional training and resources designed to prepare aspiring cybersecurity professionals for the demands of the industry. 

One of the most common cyberattacks is phishing. “Phishing attacks work in a way whereby users of an organisation are psychologically manipulated into performing actions desirable to an attacker and revealing sensitive information," explains cybersecurity specialist Kinsey Ng, lecturer of the HKIIT.

Phishing has been the most commonly reported incident to the Hong Kong Computer Emergency Response Team (HKCERT), followed by malware-infected robot networks, or botnets. Several reasons account for the frequency of phishing. “Phishing is difficult to trace, and it is a low-cost operation for attackers who potentially reap high rewards,” says Kinsey. “The fact that it exploits human mistakes makes it hard to neutralise from a technical perspective.” He advises employees to regularly attend training courses to spot phishing attacks. 

The cybersecurity specialist says a person with adequate training can identify phishing emails with ease by analysing email headers to verify the sender's authenticity and checking for mismatched or unusual domains. It is also important to check the actual address of the resources, also known as URL, before clicking one. Computer system users must also be cautious with unexpected attachments, especially those with executable files. They can also make use of advanced email filtering tools to detect and block phishing attempts based on known patterns while staying alert for red flags, such as urgent requests, poor grammar, and unfamiliar language, which often signal phishing attempts.

In response to the increasing prevalence of phishing attacks, the Cybersecurity Centre offers comprehensive awareness training designed to prepare employees with the skills needed to recognise and respond to such threats effectively.  The state-of-the-art Centre also boasts advanced facilities, including simulation-based cyber ranges that replicate real-world attack scenarios. In addition, it collaborates with major international cybersecurity brands to provide the latest technologies, thus offering aspiring professionals hands-on training that prepares them for various positions related to cybersecurity in the market. 

Besides, the Cybersecurity Centre frequently hosts seminars and workshops with collaborating organisations to raise cybersecurity awareness in the wider community. In its seminars and workshops, cybersecurity specialists like Kinsey use a hands-on approach to help the audience recognise ransomware, phishing emails and malicious websites, as well as the proper way of dealing with them. Importantly, they offer advice to non-IT staff on the appropriate actions to mitigate potential risks.

The Centre also brings SkillsUP in-service training programmes to organisations encompassing private commercial firms, non-government organisations, and government offices. Kinsey stresses the importance of tailor-making a solution for different sectors or industries, as the needs of a financial firm will be very different from those of, say, a healthcare provider. His duty involves frequent discussions with human resources managers who aim to enhance employees' cybersecurity skills to prevent data leakage. These professionals may find it challenging to get started as they lack cybersecurity expertise and are unsure what a comprehensive course should include to defend against attacks in an effective manner.

Given the needs, the team at the Cybersecurity Centre has come up with truly comprehensive recommendations for the management and technical support teams alike, across industries. Cybersecurity awareness training is a critical element when implementing a defence-in-depth strategy, the Cybersecurity Centre offers training for non-technical employees and technical training for staff responsible for monitoring system health and addressing ever-increasing cyber-related threats. The content includes cybersecurity best practices, phishing awareness training, and data protection strategies to engage all members in a cybersecurity culture. These are all practices designed to reduce cyber incidents, and ultimately enhance company branding.