Hong Kong must reform corporate culture, step up data security to avoid harm to I&T hub ambitions after cyberattacks, industry veterans say
Just a day earlier, the Hong Kong College of Technology also said it was hit by a “highly targeted and unusual cyberattack” in February which leaked personal information concerning about 8,100 students. A ransomware group was believed to have stolen 450GB of data and shared the information on the dark web earlier this week.
IT industry veteran Joseph Leung Wai-fung urged companies to revamp their corporate culture and pay more attention to cybersecurity.
“[The senior management of organisations] have not put this topic as a high priority. Thus they have not provided adequate resources,” said Leung, a lecturer at Polytechnic University’s school of professional education and executive development.
He also said the recent hacks could damage the city’s image as it planned to develop into an I&T hub in the Greater Bay Area, Beijing’s ambitious plan to transform Hong Kong, Macau and nine mainland Chinese cities into an integrated hi-tech, economic powerhouse by 2035.
“This might affect investors who planned to set up offices in Hong Kong. They might think Hong Kong does not have enough qualified IT security experts or that it does not take a serious attitude towards data privacy,” Leung said.
The incidents could also affect overseas customers’ purchases of products or services both online or offline as they might fear their personal data would not be properly protected, he added.
Veteran cybersecurity expert David Ip Ching-yeung, the founding chairman of the Hong Kong China Network Security Association, shared similar views.
“Hong Kong is currently suffering heavily from the lack of cybersecurity talent and low awareness [of the risks] among top management across many industries,” Ip said. “Therefore, Hong Kong can be an easy target for hackers or criminal organisations.”
He warned the city might face challenges in developing itself into an I&T hub if it failed to meet the requirements of its bay area partners or customers in cybersecurity and data protection standards.
Ip noted that Chief Executive John Lee Ka-chiu had announced in his policy address last year that the first cybersecurity law in Hong Kong would be implemented in 2025.
But the cybersecurity specialist said the law mainly focused on critical infrastructure sectors, such as energy, telecommunications, transport and finance.
The hiccups prompted the government’s top information technology unit – the Office of the Government Chief Information Officer – last Sunday to ask all bureaus and departments to review their computer security and report back within a week.
link