Hong Kong firms urged to sharpen focus on cybersecurity
Financial technology firms must strike a delicate balancing act to achieve efficiency in operations, while protecting user data, say experts
Many private and public organisations in Hong Kong continue to lag in cybersecurity, raising the spectre of potential new breaches as advanced technologies like artificial intelligence and the so-called internet-of-things become mainstream applications in the city, a panel of experts told a forum held by the South China Morning Post on Friday.
“It’s already 2017, we need to wake up!” said Michael Gazeley, the managing director at international managed security services provider Network Box in Kowloon, during the latest edition of the Redefining Hong Kong Debate Serie s.
His concern was echoed by the three other panel members in their discussion on whether businesses in the city should put greater priority in cybersecurity amid calls for increased convenience and privacy in various industries.
Steven Lee Kun-tai, the founder and chief executive at online lending service provider MoneySQ.com, said financial technology outfits like his company, which use artificial intelligence to better know and serve customers, “must strike a delicate balancing act to achieve efficiency in operations, while protecting user data”.
Ted Egan, the vice-president for Asia-Pacific at security technology company ThreatMetrix, and Micky Lo, the chief technology risk officer for Asia-Pacific at The Bank of New York Mellon, both pointed out that educating senior management at organisations on cybersecurity must intensify.
That way, these decision makers can pursue strategies that can establish trusted identities and behaviour online, or offline, to help reduce data breaches at their specific organisations and the world in general.
“We are now all connected and most of our information are out there on the internet,” Egan said.
Lo indicated that regulation on protecting digital information in the financial services sector has progressed over the years, but cautioned that cybersecurity compliance and related initiatives do not exist in other industries.
In Hong Kong, weak security, complacency and possible hubris in the face of external and internal threats was exemplified by the recent theft of two laptop computers containing the personal information of 3.7 million Hong Kong voters, according to Gazeley.
The Registration and Electoral Office reported the two laptops were stolen from a locked room at the AsiaWorld-Expo in Lantau, but assured that the data on those laptops were encrypted.
Gazeley said that was no comfort to the voters whose addresses, mobile phone and ID card numbers have been compromised.
He said there are businesses in Hong Kong which say they are active on cybersecurity, but have balked at spending money for services “which only cost as much as what they pay their cleaning lady each month”.
Regulators have stepped in when necessary. The Securities and Futures Commission pursued a cybersecurity review of brokers in October after HK$126 million of unauthorised trades were reported in first three quarters of last year.