Read More
Cybersecurity threat reports in 2021, published by GovCERT.hk, a governmental computer emergency response team, have identified three primary trends: remote access vulnerabilities, phishing scams and Internet-of-Things hacking.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
There are more remote access vulnerabilities as more people have been working from home. The 2021 Gartner CIO Survey finds 64 percent of employees are able to do so, and two-fifths are actually doing it.
Working from home typically involves remote access of some sort. Employees have to access work data on cloud networks and many of these networks were built or expanded hastily at the start of the pandemic.
Many firms rushed or even sidestepped long security measures that are usually required. As a result, hidden vulnerabilities are created in virtual private networks, virtual meeting systems and remote desktop protocols.
It is important to manage vulnerabilities as remote access is expected to remain. A 2020 poll conducted by Lingnan University revealed that more than 80 percent of respondents prefer WFH for at least one day a week even after the pandemic.
Organizations will need to probe their current cloud infrastructures for areas of weakness and plug any security gaps.
In the future, when they again need to expand their remote infrastructure, they should not rush their designs and ensure that security is assessed at every stage of the expansion. If they buy outside products, they should request proof of concept and test products before full implementation.
As for phishing attacks, working from home is once again to be blamed: as we increasingly look online for products, entertainment and even medical information, we invariably come across and open more scam e-mails.
It has been noted that many hackers took advantage of the public concern over the epidemic by disseminating false information or pretending to be health groups seeking donations. They then lure victims into visiting malicious websites, thus gaining access to sensitive information.
In 2020, there were 3,483 phishing cases reported in Hong Kong, an increase of 66 and 35 percent over 2018 and 2019. The number is expected to rise further this year and 988 incidents have been identified in the first quarter.
To combat scam e-mails, individuals must treat e-mails from unfamiliar addresses with caution. They should report suspected phishing e-mails.
Organizations should continue to improve filtering systems.
As for the last threat, IoT is the technology that allows multiple platforms and services to generate and exchange data with minimal human intervention.
With the proliferation of IoT, consumers are bringing more internet-connected devices into homes. New products and services like smart televisions and smart home control hubs have saved us time.
But with innovation comes opportunity for exploitation. In 2016, a virus called "Mirai" infected millions of IoT devices worldwide and then weaponized them as "thingbots" against targets, creating some of the largest bandwidth attacks the internet has ever seen. A thingbot is something with an embedded system and an internet connection that has been co-opted by a hacker to become part of a botnet of networked things to send spam or malware.
In 2018, the total number of IoT devices involved in distributed denial-of-service attacks was more than 230,000. The main targets of such attacks were routers and cameras, including webcams, which accounted for over 94 percent of all attacks.
We must ensure the network security of IoT devices. For example, products must use Wi-Fi Protected Access (WPA2/WPA3) encryption with complex passwords. We should check the IoT device settings regularly. If settings were suspiciously changed, reset the device immediately.
Dr Jolly Wong is a policy fellow at the Centre for Science and Policy, University of Cambridge
