Recurrent cyber hacking incidents in Hong Kong

Two local travel agencies have reported as victims of data breaches in the past week.  Significant number of sensitive customer information including passport details are compromised with ransom request.  They are the subsequent high profile security incidents in short period of time after hacking of HK Exchange listed travel agency, with over 200,000 customer sensitive information has been compromised November last year.

We see the trend that the hackers are acting quick to exploit known weakness of specific industry with relatively less mature security protection.  The attacks are sophisticated and with financial motivation. As more and more traditional industries like travel agencies enjoy accelerated business growth with going digital, the need for relevant cyber security provision becomes ever more importance.  The recent data breaches underline the importance to secure data throughout the whole data life cycle from creation, storage and transfer to destruction.

Firmly committed to cybersecurity, we urge business organizations to regularly review and update security controls around their data and digital assets to ensure confidentiality, integrity and availability. While a well thought through security strategy, governing processes and organization are vital, organizations could also deploy various technical controls to secure their data and promptly respond to potential data breaches, including multi-factor authentication, fine access control, intrusion detection system (IDS) and Data Loss Prevention (DLP), etc. for instance. As a recommended practice, organizations should deploy multiple controls in conjunction to establish layered defenses. Together with appropriate employee awareness training and policies, businesses will be able to mitigate the risk of similar unfortunate incidents.