Fireside chat with Mr. Sam Chan, Head of Mergers and Acquisitions
Hong Kong-listed Wai Chi Holdings (HKEX stock code: 1305)
GIE: In general terms, what is cybersecurity?
Sam: Cybersecurity is the practice of protecting hardware, software and online data from cyberattacks. These cyberattacks target to access, change or destroy sensitive information (personal and financial data); and at the enterprise level, they disrupt normal business processes.
GIE: Why should we be concerned with cybersecurity? Were there more vulnerabilities to cyberattacks during the COVID-19 pandemic?
Sam: Cybercriminals have taken advantage of the COVID-19 pandemic and the substantial increase in remote working from home by attacking both technical and social vulnerabilities. Accenture’s State of Cybersecurity Resilience 2021 report revealed that companies experienced 31% more attacks in 2021 compared to the previous year. On average, organizations experienced 270 cyberattacks and most of them targeted expanded data access. Eg, a reputable hotel giant was suffering from cyber-attack in early 2020 and exposed at least 5.2 million customers’ personal information, including names, addresses, date of birth, emails, phone numbers, credit card details etc.
According to the Verizon Data Breach Investigations Report, a total of about 5,000 confirmed data breaches occurred in 16 different industries and four world regions was recorded in 2021 and a sharp rise from around 4,000 confirmed breaches in 2020. Phishing spiked by over 500% from January to February 2020 alone.
Moreover, according to IBM’s Cost of a Data Breach 2021 report, between 2020 and 2021, the average data breach cost rose almost 10%, reaching almost USD 4.5 million. This is the highest growth rate seen in the past seven years.
GIE: How has this rise of cybercriminal activities impacted companies or the overall cybersecurity industry?
Sam: In order to protect increasingly digitized businesses, online payment, Internet of Things (IoT) devices, global spending on cybersecurity products and services will increase. More than USD 1.5 trillion cumulatively for the five-year period from 2021 to 2025 is expected to enhance cybersecurity measures.
GIE: How do cyberattacks affect IOT?
Sam: IoT devices are no longer only confined to homeware products, such as some smart curtain and light bulbs. They are growing in several sectors including manufacturing, healthcare, retail, among other sectors.
According to Statista, the number of IoT devices worldwide is forecasted to almost triple from 9.7 billion in 2020 to more than 29 billion IoT devices in 2030.
According to the X-Force Threat Intelligence Index 2022, the number of vulnerabilities discovered annual has risen steadily, however, the vulnerabilities related to IoT increased at an even faster rate than overall vulnerabilities, with experiencing a 16% year-over-year increase, compared to a 0.4% growth rate in the number of vulnerabilities overall.
On the other hand, this significant demand for more IoT devices in the coming years provides opportunity for new market players to capture the growth. However, you may encounter some less experienced players who rush to market with their low-cost devices which may not have comprehensive security protection. So buyers be ware.
GIE: What are the most common types of cybersecurity threats?
Sam: Phishing is the most common type of cyber-attack which is the practice of sending fraudulent emails that resemble emails from reputable sources. Phishing targets to steal sensitive information like credit card numbers and other personal login information.
Ransomware is a type of malicious software. It is designed to extort money by blocking access to data or the system until the ransom is paid. However, paying the ransom does not guarantee that the data will be recovered or the system can be restored.
Malware is a type of software designed to gain unauthorized access or to cause damage to the hardware or software.
Social engineering is the psychological manipulation technique to trick users into making security mistakes or revealing sensitive information
GIE: How can we protect ourselves from these cyberattacks?
Sam:
Keep the IoT devices with the latest software updates - good IoT devices manufacturers are expected to always look for ways to improve device security and figure out how to prevent the potential cybersecurity threats. Once a fix is identified, IoT devices manufacturers code that into their software update.
Antivirus software - Installing antivirus software and enabling automated threat detection can provide additional layer to prevent the potential cybersecurity threats.
Use encryption - IoT devices collect massive data, which is often the primary target of hackers. One of the most effective ways to avoid hackers is to encrypt the data. Encryption tools make data unreadable for unauthorized users.
Use authentication tools - Including authentication tools in device-level security can put additional layer of security between user information and outside users.
Track all connected devices - Once a device connects to the network, it potentially provides an entry point for hackers to choose to hack in. The users should know exactly what devices are on the network and ensuring that they're safe and secure and disable unused devices and other entry points.
Regularly review the network - Assessing security by reviewing the network regularly and keeping a log of activity can help monitor for strange activities and irregularities
GIE: Any emerging technologies that may help advance cybersecurity?
Sam: With the current advancement of technology, we envision that both artificial intelligence and machine learning would heavily impact the development of cybersecurity by 1) keeping up with the latest and changing cyber-attack patterns; and 2) automating enterprise responses to counter incoming cyber-attacks.