Read More
The Cyberport hacking incident reminds us of how vulnerable we are as we learn to adapt to the digital pace.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
It is never too late to wake up to the threat.
Among all the public bodies here, Cyberport - under the authority of the SAR's technology tzar Sun Dong - is supposed to be among the most secure against hacking.
The loss to criminals of 436 gigabytes of data shows that the confidence could be grossly misplaced.
The cyber villains at Trigona, the ransomware group that has claimed responsibility for the information theft, may have failed to get a dollar from Cyberport as it is against the organization's policy to pay ransom money for stolen data - but they have certainly given Cyberport a big slap in the face.
The question raised: is it as secure as we expect it to be?
According to Cyberport board director Eric Yeung Chuen-sing, investigators are trying to establish whether the affected data had been stored on a shared drive - on which only non-sensitive should be stored - and whether human error was to blame.
It would be imprudent to speculate or jump to a conclusion prematurely before the investigation is completed.
According to Firewall Daily, the stolen data include 208.50 GB of project files, 86.30GB of human resources-related data, 125.01GB of financial data, 2.56 GB of FinTechTeam data and 15.75 GB of leasing information.
The Trigona ransomware group is reported to have been active since October 2022 and has targeted mostly high-profile organizations with strong cybersecurity defenses.
That suggests the hackers have sophisticated tools to break into most systems.
The world's largest medical network, Brazil-based Uimed, had also reportedly been targeted by the ransomware group.
The secretary for innovation, technology and industry was right to condemn the theft and Cyberport was right to refuse to pay the hackers the demanded ransom in exchange for safety of the stolen data.
This, however, was not enough.
Did the authorities - primarily Cyberport - inform the affected individuals and companies as soon as they became aware of the cybersecurity breach in the middle of last month so that the victims could act quickly to limit probable damage caused by the leak?
If they had not immediately done so back then, they must be strongly condemned.
Perhaps, as the minister instructed Cyberport to strengthen its internet security to prevent similar occurrences in future, he should supplement the order with practical guidance containing elaborate steps for the affected parties, especially individuals, to take.
They should be instructed how to minimize the damage now that their most private information, including identity card numbers, bank statements and resumes, have been made public on the dark web by the hackers.
Sun certainly could do more in this respect to help the victims in the wake of the damage that has been done.
This will not be the last hacking attack. As we discover the convenience brought to us by internet technology, we are also exposed to increased risks.
Constant vigilance is increasingly part of the normal as we get more digital.

Sun Dong
















