bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

sponsorType

urlAlias

moreOnThisArticles

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

A leading cybersecurity expert has warned that companies and organisations in Hong Kong are ill-prepared to deal with cybersecurity risks.
Many companies focus on detecting specific malware and other hacking tools rather than concentrating on the attackers themselves, said Bryce Boland, Asia-Pacific chief technology officer for security firm FireEye.
"Most organisations today aren't aware of how easily they can be exploited," Boland said in an interview with the South China Morning Post.
"If the mindset is 'Can I detect malware?' that's failing to deal with the problem," he said.
READ MORE: US cybersecurity firm claims to be 'first' to successfully stop Chinese hackers mid-attack
Hacking has become more of a concern in recent years after a slew of high-profile cases such as North Korea’s suspected hacking of Sony Pictures in December, which led to the dismissal of some of its top executives, and an attack on eBay early last year that resulted in the theft of the personal information of over 145 million of its users.
The number of detected cyber attacks worldwide rose 48 per cent on-year in 2014, according to a recent PricewaterhouseCoopers report. It is expected to keep rising at a similar rate this year. Over 100,000 attacks currently take place every day, PwC said.
A recent poll of over 1,400 public and private companies worldwide by insurance firm Aon found that cyber risks emerged as a "major concern" for the first time, according to its Global Risk Management Survey.
"The high-profile cyber attacks in the news only represent the tip of the iceberg," the report said.
"Every company that has a website or smartphones has global exposure to such risks."

While general awareness of the risks has increased, many companies are still unwilling to come forward or acknowledge that they have been hacked. Boland said.
"Particularly in Asia, there's an attitude that you can't tell people you were attacked," he said.
But greater transparency should be encouraged to promote security across sectors as most companies have been attacked at some point, even if they don't realise it, he added.
Of the companies FireEye has consulted within the Asia-Pacific region, Boland estimated that over 97 per cent “were breached by malware that was not detected".
Even those companies with tools in place to detect malware often catch on too late to prevent significant data loss or their systems in other ways being compromised.
Boland said it takes 205 days on average for a victim to realise that their network has been compromised.
Unlike in the past, when anti-virus software was able to detect known attacking tools based on common code signatures, most hacks today use specially constructed malware targeting a specific company's system and employees.
Modern security systems use behavioural analysis and big-data modelling to try and find attacks when they occur, but this can be expensive in an area where many companies are reluctant to set aside large budgets.
"It's hard to do security well," Boland said. "The economics are definitely in the attacker's favour."
The annual cost of cyber crime and economic espionage to the global economy could be as high as US$445 billion, or one per cent of global income, according to the Centre for Strategic and International Studies, a Washington-based think tank.


Hong Kong plans to revive privacy law requiring firms to report data breaches

South Korea’s Bithumb gives away over US$40 billion in a bit of a blunder

Hong Kong’s innovation goals must go hand in hand with cybersecurity

Greece arrests forces member for espionage with suspected links to China

Cybersecurity

Hong Kong companies ill-prepared to deal with cybersecurity threat: expert

Hong Kong firms are operating on outdated ideas about cybersecurity, according to FireEye's Bryce Boland. Photo: May Tse

Hong Kong firms are operating on outdated ideas about cybersecurity, according to FireEye's Bryce Boland. Photo: KY Cheng

eBay suffered a major data breach in 2014, affecting millions of users. Photo: Reuters

Tech

Enterprises