Far too many companies in Hong Kong have left themselves vulnerable to cyberattacks, according to a new police review that should warn all operators to immediately step up their game. Regular security checks are required by law for private firms with infrastructure deemed “critical” for the normal functioning of society. The rules in place since March apply to an undisclosed list of players in sectors such as energy, information technology, banking, communications, maritime, healthcare and transport.
Police recently found that about 5 per cent of publicly accessible technology assets owned by such operators were vulnerable to online attacks. A first-of-its-kind review turned up loopholes in 4,500 out of 90,000 pieces of technology assets examined. The force also revealed that it had received over 440,000 pieces of intelligence on cyberthreats targeting the city last year. Hacking cases have been rising, with losses surging over the past two years. Greater diligence is required.
Regulated firms have more than just a fear of hackers to prompt better security. Under the law, they may be fined up to HK$5 million for failing to keep their systems up to date. The companies are also now obliged to notify authorities of any breach within 12 hours.
It is encouraging that police have quickly carried out an initial review. They found 495 assets at critical or high risk with issues such as staff login credentials exposed, unused subdomains that risk being taken over by hackers, or cloud services exposed to external access.
Raymond Lam Cheuk-ho, chief superintendent of the cybersecurity and technology crime bureau, said if those “critical or high-risk loopholes” were exploited, serious disruptions would be “extremely likely”.
Companies involved have already taken steps to remedy loopholes discovered in the survey, but it is worrying that cyberattacks exploited obvious vulnerabilities such as insufficient monitoring of remote access computers, outdated security software, or poor cyberthreat response policies.
Click Here For The Original Source.
