Getting your Trinity Audio player ready...
|
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) convened a briefing session, where they encapsulated the information security landscape in Hong Kong for 2023 while also unveiling projections for 2024. As technologies like artificial intelligence (AI) continue to proliferate, they offer immense benefits to businesses. However, this advancement is accompanied by a surge in cyber-attacks, underscoring the need for heightened vigilance. Organisations and individuals must not underestimate the complexity of modern cyber threats but instead strive to bolster their understanding of cybersecurity and fortify their response capabilities.
Throughout 2023, HKCERT grappled with a total of 7,752 security incidents. Notably, phishing emerged as a dominant threat, constituting nearly half of all cases (3,752 instances, 48%), marking a significant double-digit increase from the previous year. The surge in phishing attacks underscores a pressing concern, with the number of related links exceeding 19,000—a double-digit annual escalation reflecting a worrying trend over four years. Predominantly, phishing activities targeted sectors like banking, finance, electronic payments, and e-commerce.
Mr Alex Chan, General Manager of the Digital Transformation Division at the Hong Kong Productivity Council and spokesperson for HKCERT emphasised the alarming pace at which hackers leverage AI to outstrip cybersecurity measures. He highlighted the proliferation of generative AI tools, significantly amplifying phishing scams’ prevalence.
These sophisticated techniques blur the line between authentic and fabricated content, posing challenges for both organisations and individual users. As the threat landscape evolves, the adoption of robust security protocols aligned with international standards becomes imperative.
Further insights were provided by Mr. Frankie Wong, Vice Chairman of the Professional Information Security Association and representative of the HKCERT Critical Infrastructure Cyber Security Watch Programme. He delved into the analysis of LockBit ransomware and underscored the importance of proactive measures against ransomware attacks, stressing the need for comprehensive network security reviews and prompt mitigation strategies.
Looking ahead to 2024, HKCERT outlined five key information security risks demanding attention:
- Weaponisation of AI: Hackers harness generative AI to orchestrate sophisticated cyber-attacks, manipulating AI-generated disinformation to circumvent conventional security measures.
- Next-Level Phishing Attacks: Phishing techniques evolve to include fake videos, social media impersonations, and SEO-driven phishing websites, expanding the scope of deception and victimisation.
- The trend towards Organised Cybercrime: Ransomware attacks and malicious app threats underscore a global trend towards organised cybercrime, necessitating proactive security measures.
- Attacks Arising from Smart Devices: The proliferation of smart devices amplifies cyber vulnerability, with varying security standards rendering them susceptible to intrusion and manipulation.
- Third-party Risk: Reliance on third-party IT services heightens the risk of supply chain attacks and insider threats, necessitating robust verification mechanisms.
In response, Mr Chan called for heightened awareness across all sectors, stressing the importance of understanding and mitigating AI-related cybersecurity risks. He urged vigilance against emerging phishing tactics and emphasised the severity of cybercriminal activities.
HKCERT pledged to bolster public awareness and cybersecurity measures through incident response strategies, proactive vulnerability analysis, and collaboration with international counterparts. Efforts will also include public education initiatives like Cyber Security Week and interactive campaigns to reinforce cybersecurity consciousness.
HKCERT’s proactive stance underscores the urgency of collective action to combat evolving cyber threats, emphasising the critical role of public awareness and collaborative cybersecurity efforts in safeguarding Hong Kong’s digital ecosystem.
OpenGov Asia reported that the Office of the Government Chief Information Officer (OGCIO) has unveiled a comprehensive set of measures to strengthen the management of large-scale and high-risk information technology (IT) projects within government entities. These are in alignment with the evolving cybersecurity landscape highlighted by HKCERT’s briefing session. The OGCIO introduced initiatives spanning project initiation to stress testing to ensure public trust and smooth IT system operations, aiming to bolster accountability, transparency, and efficiency in managing government IT projects and safeguarding Hong Kong’s digital ecosystem