Financial Crime World

Cybercrime on the Rise in Hong Kong’s Finance Industry: Experts Warn

Hong Kong has become a prime target for cybercriminals, with technology crimes causing an estimated financial loss of HK$1.8 billion last year - a 50 per cent increase from 2014. According to risk advisory experts, Hong Kong was ranked ninth most targeted economy for cybercriminals in the banking sector in the first quarter of this year.

The Rise of Organized Cybercrime

Organised cybercriminals are behind the attacks on Hong Kong’s finance industry, with illegal activities following the money trail. While the number of cybercrime cases has not seen a drastic increase, financial losses have risen by 50 per cent.

Combating the Growing Threat

To combat this growing threat, control and governance are key factors. In May, the Hong Kong Monetary Authority launched the Cybersecurity Fortification Initiative (CFI), which provides guidelines for banks to follow based on their size and scope.

The CFI Framework

The CFI allows banks to evaluate their existing security status against the framework, enabling them to comply with HKMA standards. The framework also provides a common language and protocol for stakeholders to communicate more effectively.

Protecting Against Cyber Attacks

At a corporate level, there is growing awareness of the threats posed by cybercrime, with many firms implementing their own security protection measures such as:

  • Multilayer firewalls
  • Intrusion detection systems
  • Antimalware systems
  • Data loss prevention systems

However, people and processes are equally important in protecting against “backdoor” cyber attacks. Investing solely in threat and detection systems may not fully protect organisations from evolving cyber attacks, experts warn.

The Importance of Awareness Training

Awareness training can be a more effective way to avoid these types of attacks, but this is an area where Hong Kong firms have traditionally invested too little. The CFI has introduced a Professional Development Programme (PDP) and a Cyber Intelligence Sharing Platform (CISP) to address this issue.

The PDP and CISP

The PDP offers advanced skills for qualified security professionals, while the CISP provides a platform for banks to stay informed of what is happening across the region. While currently restricted to users from HKMA, police, and the banking sectors, experts anticipate it will be extended to other financial institutions in the future.

Preparing for the New Policies

Banks are advised to start preparing for the new policies by training staff, as well as welcoming the CFI, which lays the foundation of a cybersecurity protection framework for all.