IT & Cybersecurity

Next Level Phishing: Deepfake Scam

In the first half of 2024, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) handled countless cybersecurity incidents, whereas phishing cases account for around 62% of the total cases. Compared to the second half of 2023, the number of phishing cases has increased by nearly 70%.   As cybercriminals become more sophisticated, they are employing advanced techniques in their phishing attacks, increasingly targeting specific individuals rather than casting a wide net. Alarmingly, there have been multiple reports of deepfake audio and video being used to impersonate senior-level personnel, leading to substantial financial losses for organisations.   Deepfake technology leverages artificial intelligence and deep learning algorithms to create hyper-realistic videos, images, and audio that convincingly depict fictional scenarios. While innovative, this technology poses significant risks as it becomes more accessible and easier to manipulate, expanding the threat landscape for individuals and businesses. As the line between reality and fabrication blurs, it is essential to understand the implications of deepfakes in cybersecurity and develop effective strategies to mitigate these evolving threats.

Requirements on Documentation Submission on GL20 Assessment

The Insurance Authority's Guideline on Cybersecurity (GL20) outlines three key requirements for documentation submission related to the GL20 assessments that authorised insurers must complete.

AI: Model Personal Data Protection Framework

In June 2024, the Office of the Privacy Commissioner for Personal Data has published the Artificial Intelligence: Model Personal Data Protection Framework with the aim of guiding Hong Kong enterprises in capturing the benefits of AI technology while brushing up on personal data privacy protection.

Hong Kong's New Critical Infrastructure Cybersecurity Law

Our IT experts delve into the details of the newly introduced Protection of Critical Infrastructure (Computer System) Bill and its implications for businesses regarding vendor oversight and compliance.

Navigating the Cloud Security Landscape: Why CSA STAR is Essential for Trusted Cloud Transformation

Cloud computing has become the backbone of modern business. Global businesses are confronted by pressing challenges around cloud security, data security, data privacy, and managing multi-cloud environments. The Cloud Security Alliance (CSA) and its STAR programme are essential for addressing the security challenges associated with cloud computing.

The Importance of Data Privacy: Safeguarding Sensitive Information in the Digital Age

Our IT & Cybersecurity experts delve into the types of PII, the common cybersecurity threats they face, and the data privacy best practices that individuals and organisations can adopt to safeguard this sensitive information. By understanding the importance of data privacy, we can all play a role in creating a more secure digital landscape.

Importance of SOC Reporting in the Post Pandemic Era

Prior to the pandemic that affects the world since earlier last year, many sectors were already redesigning their operating models to enhance efficiency and effectiveness in the digital era. These efforts are now even more relevant than ever as companies require leaner, more adaptive digital enterprises that can change and respond quickly. We see that transitioning certain functions to cost effective shared service centre or outside the enterprise entirely via managed service or outsourcing relationships with third parties are high on the list of many enterprises planned actions in the Post Pandemic Era.    Many organisations are able to function more efficiently and effectively by outsourcing tasks or entire functions to another service organisation. These outsourcing relationships may increase revenues, expand market opportunities, and reduce costs for the user entities and business partners, they also result in additional risks arising from interactions with a service organisation and its systems. In supporting their risk assessments on service organisations, user entities and business partners may request independent reports on an examination or review of controls from the service organisation. This is where assurance standards for reporting on service organisation controls such as SOC Reporting and ISAE 3402 were developed.  

Cybersecurity preparedness in time of COVID-19

The unprecedented COVID-19 crisis has posed a huge change in many aspects, for instance, remote working has become a trend to reduce the spread of virus. This has provided insights for company’s management and board on cybersecurity preparedness. Regardless of company size, IT expenditure is unavoidable in order to maintain operations during the crisis. The related cybersecurity investment due to regulatory and compliance measures have since increased.  Most companies are caught off guard by the coronavirus. On one hand company’s computing resources are limited to support remote working, at the same time employees in general have not subscribed adequate firewall protection and antivirus packages to work remotely on their personal computers. With remote working becoming the new norm for companies worldwide amid the COVID-19 crisis, cybersecurity is even more crucial than before to support thousands of workers working from home accessing their companies’ networks.

How cyber security breaches impact personal data protection in particular in relation to the European Union General Data Protection Regulation (GDPR) on Hong Kong businesses

The news of cyber security breaches come waves after waves. Cathay Pacific leaks information consist of passengers’ names, nationalities, dates of birth, travel document numbers and historical travel details. The hacking of Marriott’s Starwood reservation system exposes data of up to 500 million guests. Just over a week ago, Hong Kong credit reporting agency TransUnion was forced to suspend its online services over unauthorised access of personal credit information.   Hong Kong business has largely ignored the EU General Data Protection Regulation (GDPR) that replaced the preceding data protection laws in all European Union (EU) countries on 25 May 2018. The potential impact of GDPR on Hong Kong business with ineffective cyber security measures could be severe.