HKPC has urged Hong Kong enterprises to adopt “security by design” IT security principles in the wake of a 55% rise in security incidents in the city last year.
The Hong Kong Computer Emergency Response Team (HKCERT) Coordination Centre received 10,081 security incident reports last year, up 55% from 2017.
Cases involving botnets were both the largest category of incidents, involved in 37% of cases, and the one with the biggest surge, up 82% from the prior year. Malware (3,181 cases or 32%) and phishing websites (2,101 cases or 21%) were the other principle sources of the reports.
HKCERT has attributed the rise to increased availability of one-stop attack services for criminals with lower technology skills, which has lowered the entry bar for conducting a successful attack. The exposure of IP addresses of infected computers as a result of global Botnet takedown efforts also inflated the numbers.
While the number of ransomware incident reports meanwhile declined slightly in 2018, there were still 2,426 cases of computers infected with the Wannacry ransomware.
HKCERT has advised that it expects cyber criminals to intensify their attacks against larger organizations holding large volumes of personal and financial data in the coming year. The rise of new technologies including mobile payment and IoT devices will also stimulate more attacks in these areas.
As a result, HKCERT has urged enterprises to enhance their security risk management processes to negate the growing threats.
This should involve applying security by design in new service and technology development, such as through the implementation of measures such as two-factor authentication, regular patching of security vulnerabilities, reducing exposure to the internet and regular data backups.
HKCERT has also advised enterprises not to let time to market and convenience of use override baseline security concerns, to avoid giving excess privileges to staff, to raise employees' security awareness, and to assess the security risks arising from partners and service providers.
HKCERT plans to organize a number of security briefings for Hong Kong organizations processing significant volumes of personal data in the coming year.