Interview with Dr. Frank Tong – Chief Executive Officer and Dr. Duncan Wong – Vice President, Financial Technologies of the government-funded Hong Kong Applied Science and Technology Research Institute (ASTRI) – Part II
Discover the second part of Sia Partners’ interview with Dr. Frank Tong, CEO of ASTRI, and Dr. Duncan Wong, Vice President, Financial Technologies of ASTRI, who shared their view on the current cybersecurity landscape, development, and what ASTRI can do to contribute to the HK industry.
Sia Partners (S.P.): What is the current global landscape on Cyber threat? Which Cyber threat worries you most?
Duncan Wong (D.W.): The current global landscape of cybersecurity threat and defense is like an arms race. There are many new attacks. To be more responsive, you will need to have more defenses. At the same time you need to predict what kind of new attacks are forthcoming, and you need to pro-actively think of what kind of defenses need to be deployed before any real disaster happens.
Out of the numerous cyber threats, one worries me most still is the Advanced Persistent Threat (APT); even though nowadays many people are talking about ransomware, but it is actually more seasonal instead of something new. Ransomware has been around for a decade, but now the attackers are finding it easier to collect the ransom through bitcoins.
The main problem to the industry is still APT as this kind of attack is more organized and the attackers have a well-planned attack methodology. The entire process may take from six months to almost a year and sometime even few years, to infiltrate the entire system. This could result in huge damage. Most of the APTs are undetectable.
(S.P.): What are the most effective ways to mitigate more and more sophisticated Cyber threat nowadays?
(D.W.): In terms of defense, you need to do it in a consolidated effort rather than in silos. In this regard, the intelligence is very important because you will be able to know in advance what kinds of APT or cyber-attacks may be launched by the attackers.
You also need to deploy defense systems such as firewalls, intrusion detection systems, or even data analytics. By using data analytics, you can identify system abnormalities by analyzing system logs and could have cybersecurity experts looking at the individual cases subsequently. It requires a whole sequence of efforts you need to do in order to make your system secured and get ready against a future attack, so it is not just reactive but also proactive.
(S.P.): What is ASTRI’s view of the impact of Cyber threats on corporations and society in Hong Kong as well as worldwide?
Frank Tong (F.T.): As per the report coming from Hong Kong Police Force, increase in the financial loss due to the cybercrime is 15% per year. In term of financial loss in dollars, it is approximately HKD1.8billion. Meanwhile, physical crime has reduced to a relatively low level. Given that cybercrime has no borders, it makes defense even more difficult.
Even though there are cybercrime statistics from the Hong Kong Police Force, but the actual figures may be higher than what reported because some organizations have not reported cases due to reputation risk.
(S.P.): What do you think about the current maturity level of Cybersecurity risk management for banks, insurance companies, blue chip companies and government in Hong Kong? Are they doing well enough to combat the threats posted by Cyber-attacks?
(F.T.) HKMA has recently launched a Cybersecurity Fortification Initiative (CFI). It has three pillars and one of the pillars is the Cyber Resilience Assessment Framework (CRAF) which sets out the standard framework, so that consulting firms like SIA Partners can assess the banks’ maturity level of cybersecurity risk management consistently. Right now, there is no standard to assess whether the bank is doing well or not in its cybersecurity risk management, so it is great that HKMA has launched this initiative and hopefully HK can move a step forward in this area.
Another pillar of CFI is the Cyber Intelligence Sharing Platform. The idea is we build this infrastructure for sharing information for the banking sector first and then for the entire financial services sector including securities, asset management and insurance. Ultimately, the goal is also for other industries to access the platform and benefit from it.
Link to other parts of the interview:
Copyright © 2016 Sia Partners. Any use of this material without specific permission of Sia Partners is strictly prohibited.