AUG 03, 2017 | CHINA
Survey shows that one out of ten companies in Hong Kong have faced a ransomware attack
BSA | The Software Alliance launches survey findings on ransomware and cloud readiness
August 1, 2017, Hong Kong – With an average of 7 million hacking attempts daily worldwide,1 Hong Kong faces serious risk as a global financial center. The widespread use of technology by businesses to process data heightens the risk of data falling prey to hackers and malicious software, which could lead to significant monetary and reputational loss. BSA | The Software Alliance (BSA) and The University of Hong Kong Social Sciences Research Centre (HKUSSRC) today presented the findings from their survey on ransomware and cloud readiness, which shed light on the extent of cyberattacks faced by Hong Kong enterprises, how they are handling data backup, and whether they are aware of cloud options in tackling the problem.
The survey sought to gather data from IT professionals in Hong Kong’s companies, especially small and medium business enterprises. Conducted in two phases, the survey took the form of telephone interviews using the Computer Assisted Telephone Interview (CATI). The baseline survey was carried out between March 28 and April 24, 2017 before the WannaCrypt attack, while the follow-up survey was carried out between June 29 and July 12, 2017 after WannaCrypt. We received 255 qualified responses in the baseline survey while 101 out of the 255 respondents were successfully re-interviewed in the follow-up survey.
The survey reveals that around 20% of businesses in Hong Kong backup less than once a month or never perform backup. While some of the companies have performed backup more frequently after WannaCrypt, many are still resorting to more traditional ways of backup without leveraging cloud as an efficient and secure off-site backup option. Through these findings, BSA aims to start a conversation about the need for Hong Kong businesses to more actively consider cloud usage, in data backup as well as in their overall cybersecurity defense strategy in the future.
“This survey shows Hong Kong businesses currently lack an understanding of what the cloud has to offer in enhancing their overall cybersecurity defense strategy”, said Mr. Tarun Sawney, Senior Director of APAC, BSA. “The findings also reveal a significant gap between the level of awareness and the actual efforts local enterprises undertake in protecting themselves against future cyberattacks. Our cloud readiness survey, hopefully, can serve as a call to action for local businesses to strengthen their data protection efforts by considering harnessing cloud usage.”
Major findings are summarized as follows:
- 9% of the respondents reported that their companies had faced a ransomware attack in the baseline survey: In the past three months alone, 4 out of 101 respondents (3.6%) reported that their companies had faced a ransomware attack.
- Over half of the respondents worry about the company’s data being at risk if facing a ransomware attack: 5% of the respondents in the baseline survey said they were extremely worried or somewhat worried about their companies’ data being at risk (Follow-up survey: 51.9%).
- It is extremely important to have data backup: Most of respondents felt that it was extremely important or somewhat important to have data backup in their companies (Baseline survey: 87.9%; Follow-up survey: 4%).
- Frequency of having data backup in companies significantly increased in the follow-up survey: More than 3 times a week (Baseline survey: 33.5%; Follow-up survey: 4%).
- Awareness of the public cloud data backup services and whether their companies had ever used this data backup service: A majority of the respondents were aware of the data backup services powered by public cloud (Baseline survey: 85.2%; Follow-up survey: 4%).
- The most common reasons given for using data backup services powered by public cloud were convenience, ease of sharing data, and corporate practice.
- Security issues were the main reason given for not using data backup services powered by the public
“Recognition of the importance of having data backup is critical, but taking concrete steps to perform offsite secure backup which may include public cloud backup is a different story,” said Professor John Bacon-Shone, Associate Dean (Knowledge Exchange) of Social Sciences, Director of the Social Sciences Research Centre and Professor at The University of Hong Kong, who presented the survey findings. “The local regulation has long required data users to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use. The new EU law on data protection (General Data Protection Regulation (GDPR)) is due to become enforceable in May 2018. This will include much stronger sanctions (up to 4% of global annual turnover or 20M euros, whichever is the greater) and requires a risk-based accountability. This is why there is an essential need for corporates to implement offsite secure backup, which may include public cloud backup, but will require careful choice of trustworthy providers of backup services.”
“When considering the choice of trustworthy providers of cloud services (CSP’s), corporates should carefully consider the quality of service offered, particularly in relation to the four key pillars – privacy, security, compliance and transparency,” said Mr. Tarun Sawney. “When choosing CSPs, corporates may also refer to international standards such as ISO 27018, ISO 27017, ISO 27001, and other national standards, and whether the CSPs are compliant with those standards. Given the prevalence of cyberattacks and the difficulties businesses face in constantly protecting themselves against cyberattacks, cloud provides a very cost-efficient viable option for businesses.”
1 Denise Tsang (2016, May 16). Hackers have their sights on Hong Kong, cyber security experts warn. South China Morning Post. Retrieved from http://www.scmp.com/news/hong-kong/economy/article/1944676/hackers-have-their-sights-hong-kong-cyber-security-experts