According to a recent report, firms and organizations across Hong Kong are tightening their cybersecurity measures. The tightening up is a result of the rise in the rate of cybercrimes in Hong Kong, particularly in the banking sector.
As more digital banking solutions are introduced, cybersecurity risks have increased according to Chairwoman of the Hong Kong Association of Banks (HKAB).
The head notes that it is imperative for the banking sector to step up risk management to protect the interests of their customers.
Hong Kong has reportedly lost more than HK$2.2 billion (US$280 million) and suffered more than 9,000 cyber-attacks in the first nine months of last year. The region is clearly a major target for hackers.
Online scams such as false banking websites, phishing emails, and fake banking apps rack up to 142 cases in 2018. In 2017, there were 44 cases. The year before that (2016), there were only 35 incidents.
In the Hong Kong Monetary Authority (HKMA)’s year-end review presentation, it was announced that the financial sector will be stepping up its efforts to combat cybercrimes through the Cyber Resilience Assessment Framework (C-RAF).
C-RAF is a three-part assessment instrument that helps AI evaluate cyber resilience for the banking industry.
The first step in the framework is to assess the level of cybersecurity risk inherent in the bank’s existing systems and put them into buckets such as ‘low,’ ‘medium,’ or ‘high’ risk.
After that, an artificially intelligent (AI) algorithm can be used to determine if the level of the bank’s cybersecurity is mature enough. If it isn’t, the AI can be used to outline a plan to improve its resilience.
Finally, the framework will recommend a test that simulates real-life cyber-attacks.
At this point, there are still some concerns regarding the practicality of the simulation recommended by the framework, the HKMA intends to adopt a phased approach to ensure its effectiveness.
The Deputy Chief Executive of the HKMA stated at a recent media briefing that the HKMA will be monitoring the cyber-attack recovery competency of the banks in Hong Kong.
In another report, in September 2017, the HKMA announced seven measures to encourage banks to develop their fintech capabilities. The authority, Hong Kong’s de facto central bank, is due to issue the first virtual bank license in the first quarter of this year. Virtual banks operate online and have no physical branches.
HKMA’s Chairwoman noted that the agency will bring new energy and new services to the banking sector and allow technology companies to enter the industry.
She stated that virtual banks will focus on some new products and segments the traditional banks tend not to focus on or offer. This will increase financial inclusion to some customers who currently do not use many banking services. To do this they will need to have extremely robust cybersecurity measures.
It is important to note that there are no one-size-fits-all solutions with regards to cybersecurity, especially when it comes to the banking sector that presumably requires more attention to detail.
As banks climb the digital maturity ladder, hackers too will become more sophisticated. Banks, therefore, need to be more aware and vigilant in the coming months to keep their digital assets safe.
Managing cybersecurity is not going to be a walk in the part for IT professionals. However, banks must invest significant resources and pay attention to the trends in cybersecurity to safeguard themselves and their customers.