Hong Kong No 2 in Asia Pacific for cyberattacks, says survey
More than 60 per cent of small and medium-sized businesses (SMBs) in Hong Kong have experienced a cybersecurity breach in the last three years, making the city No 2 in Asia-Pacific when it comes to being on the receiving end of cyberattacks, according to a new survey.
“Hong Kong is a financial hub for Asia Pacific, which means that a lot of financial institutions and logistics organisations are based here,” said Parvinder Walia, the sales and marketing director for cybersecurity company ESET. “This makes companies in Hong Kong an attractive target for cybercriminals as there is a lot of data stored here.”
At 61 per cent, Hong Kong ranked just second to India, where 75 per cent of SMBs surveyed said they had suffered a cyber breach in the past three years.
The breaches in Hong Kong occurred due to weak encryption methods, with 57 per cent of attacks due to failure of encryption, and 55 per cent caused by a lack of two-factor authentication.
While Hong Kong companies understand the importance of cybersecurity and have one of the highest installation rates of end-point software such as antivirus and firewalls, they often fail to invest in more sophisticated layers of security, which ends up costing them dearly when a breach does occur.
According to the ESET survey, Hong Kong has the highest costs incurred per cybersecurity breach in the region at US$43,607, 19 per cent higher than Singapore at US$36,690 per breach.
“In [Hong Kong] SMBs, people would rather invest money in their core business than spend it on IT security to protect themselves from cybercriminals,” said Walia. “You can either spend the money beforehand to have different layers of security to prevent these breaches, or [end up paying for the breaches] not just in dollar value, but also reputation.”
But he also cautioned that investing in technology is not enough – education is imperative as human beings are most often the “weakest link” when it comes to cybersecurity.
“It is the biggest problem within organisations – the lack of education and training. While we need the technology to protect ourselves, it is equally important to educate and create awareness among employees on how data can be misused and the common tactics employed by cybercriminals on a regular basis,” Walia said
“Common mistakes are checking your company’s webmail on a public computer or not implementing security measures on company devices, like a password or fingerprint login.”