Hong Kong Cybersecurity – Threats are on the Rise
Cyber Threat Response, Too Little Too Late
Hong Kong Cybersecurity threats are escalating at an alarming rate, impacting both individuals and businesses through online scams, phishing, and malware attacks. Despite these growing threats, many organisations continue to underestimate the risks, often recognising their vulnerabilities only after suffering significant breaches.
Cybersecurity Statistics
Recent data from the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) underscores this trend. In 2023, HKCERT received 9,017 cybersecurity incident reports, marking a substantial increase from previous years. The first quarter of 2024 alone saw a 65.2% quarter-to-quarter rise in cybersecurity incidents, highlighting the escalating threat landscape. (Source: Mayer Brown)
Online scams remain the most prevalent form of attack, with phishing and malware incidents also on the rise. The sophistication of these attacks is increasing, making it imperative for businesses to implement robust security measures proactively. However, many companies still adopt a reactive approach, addressing cybersecurity only after experiencing a breach—a strategy that proves costly in today’s high-risk digital environment.
Financial Impact
The financial impact of these cyber threats is significant. In the first five months of 2024, Hong Kong police reported a 37% increase in financial losses from online scams, despite the number of incidents rising by less than 1%. This disparity indicates that cybercriminals are employing more effective methods, resulting in greater financial harm per incident. (Source: Mayer Brown)
HKMA Response
Authorities are intensifying efforts to combat these trends. The Hong Kong Monetary Authority (HKMA), in collaboration with law enforcement, is expanding anti-fraud alerts to address suspicious activities both online and at bank counters. Additionally, new alert systems are planned for ATMs by the end of the year. The government is also proposing new cybersecurity legislation aimed at enhancing the protection of critical infrastructure. The proposed Protection of Critical Infrastructure (Computer System) Bill would impose fines of up to HK$5 million on operators who fail to secure their systems. (Source: Herbert Smith Freehills)
However, legislation and alerts alone cannot fully protect organisations. Our experience working with clients shows that real protection comes from proactive, managed cybersecurity solutions. With continuous monitoring, threat detection, and timely responses to risks, companies can significantly reduce their exposure to today’s threats. Yet the first step remains awareness—understanding that online threats are not hypothetical but present dangers that require serious, ongoing attention.
Data Breach at Hong Kong Hearing Centres
Summary
A ransomware attack on July 5 led to a significant data breach at Widex Hong Kong Hearing and Speech Centre and its subsidiary, Starry Hearing and Speech Centre. The incident impacted over 148,000 individuals, potentially exposing sensitive data.
Key Details:
- Attack Date: July 5
- Discovery and Notification: Breach disclosed on August 22; Hong Kong's Privacy Commissioner was notified on July 30.
- Affected Data: Personal details of clients (names, birth dates, contact info, and hearing records) and employee information (bank details, salary, etc.) of 30-50 staff members.
Broader Impact:
- Parent Company Involvement: WS Audiology, Widex’s parent company, reported similar access issues affecting operations in Australia and New Zealand.
Response Actions:
- Containment: Systems were secured following the attack.
- Advice to Affected Individuals:
- Update passwords and enable multi-factor authentication.
- Practice caution with suspicious messages and links.
- Ongoing Investigation: Widex is cooperating with authorities to determine the full extent of the breach and is committed to updating clients.
Protect Your Business
Cybersecurity should never be an afterthought. We strongly encourage organisations to take a preventive approach to their IT management and security. Waiting until after a breach not only costs time and money but can irreparably harm reputation and client trust. In today’s environment, a proactive, professionally managed cybersecurity approach is the most effective defence against the escalating risks Hong Kong businesses face.