On November 14th, the Office of the Privacy Commissioner for Personal Data (PCPD), Hong Kong and the HKPC Cyber Security jointly released the results of the “Hong Kong Enterprise Cyber Security Readiness Index and Privacy Awareness” survey report. The report primarily assessed companies' comprehensive capabilities in network security and helped them understand their strengths and areas for improvement in different aspects to better address cybersecurity challenges and protect data security. To effectively address this crisis, the Hong Kong China Network Security Association (HKCNSA) suggested that companies should take measures to enhance their defenses against network attacks from different levels of the network environment to ensure their network security.
The Hong Kong Enterprise Network Security Preparedness Index continues to decline, indicating insufficient capabilities among Hong Kong's small and medium-sized enterprises (SMEs) in responding to network security challenges. According to the survey, this year Hong Kong companies' network security preparedness index dropped to 47 points, a further decline of 6.3 points compared to last year, marking the largest decline in the index's six-year history. Among the 378 companies surveyed this year, including industries such as retail and tourism, manufacturing, trade and logistics, and financial services, 309 were SMEs, which experienced the largest decline with a drop of 7.1 points to 43.6 points, while the 69 large enterprises participating in the survey saw their index drop by 4.2 points to 62.5 points.
Network security incidents in HK are on the rise, with phishing and botnet attacks being the most common. The majority of companies have experienced network security attacks, with phishing attacks posing the highest threat. Ms. Ada Chung, the Privacy Commissioner for Personal Data, pointed out that the Hong Kong Computer Emergency Response Team Coordination Centre(HKCERT)recorded over 13,900 incident reports in the first nine months of this year, marking a 20.4% increase compared to the same period last year. Among these incidents, phishing attacks accounted for 51%, followed by botnet attacks at 46%. The survey shows that a record-high 73% of companies have experienced network security attacks in the past 12 months, and similarly, 72% of companies have faced external attacks, reaching an all-time high. Additionally, a staggering 96% of companies have been threatened by phishing attacks in the past 12 months.
Phishing attacks come in various forms, including through emails, fake advertisements, phone calls, text messages, and social media, posing significant threats to business security. Among the types of phishing attacks companies have faced, phishing emails accounted for 79%, followed by fraudulent advertisements of other organizations at 45%, phishing phone calls at 35%, phishing text messages at 34%, social media phishing at 16%, AI or generative AI-based phishing attacks at 9%, and QR code-based phishing attacks at 8%.
To effectively address the increasingly severe cybersecurity crisis, the HKCNSA has proposed a series of practical measures for companies. By implementing the following measures, companies can better protect their network systems, avoid losses from network attacks and data breaches, and ensure the stability and continuous development of their businesses:
1. Physical Security: Securing physical access to hardware and infrastructure.
2. Network Security: Protecting the network infrastructure and data flow.
3. Perimeter Security: Controlling access to the network through routers and gateways.
4. Endpoint Security: Protecting the devices connected to the network.
5. Application Security: Securing the software and applications running on the network.
6. Data Security: Securing the storage and transmission of data on the network.
7. User Education: Educating users on best practices for cybersecurity.
In the future, the HKCNSA will strive to promote the development of the network security industry, enhance the network security awareness and capabilities of companies and individuals, and promote the security and stability of cyberspace.
Source: Cyber Security News