Key Information

inSight
Speeches
Speeches by Speaker
Norman T.L. Chan
Peter Pang
Eddie Yue
Arthur Yuen
Raymond Li
Edmond Lau
Esmond Lee
Meena Datwani
Vincent W.S. Lee
James Lau
Joseph Yam
Y K Choi
William Ryback
David Carse
Tony Latter
Andrew Sheng
Hans Genberg
Simon Topping
Michael Taylor
The Honourable Donald Tsang
Chen Yuan
Dai Xianglong
Don Brash
Jaime Caruana
Andrew Crockett
Mario Draghi
David Eldon
Stanley Fischer
Timothy F. Geithner
Stephen Grenville
Kenneth G. Lay
William McDonough
Ernest Patrikis
Glenn Stevens
Jean-Claude Trichet
Tarisa Watanagase
Zeti Akhtar Aziz
Press Releases
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
Press Releases by Category
Bogus Voice Message Phone Calls
Banking in Hong Kong
Fraudulent Websites, E-mails and Telephone System, and other fraud cases
Granting of Banking Licences
Exchange Fund
Table of Multiples of Notes and Payments for Allotted Amount under non-competitive tender
Table of Multiples of Notes and Payments of Application Amount under non-competitive tender
Tender of Exchange Fund Bills and Notes
Tender Results of Exchange Fund Bills and Notes
Tentative Issuance Schedule for Exchange Fund Bills and Notes
Appointments and Departures
HKMA Pay Review
HKMA Publications
Speeches
The Hong Kong Mortgage Corporation
Hong Kong Note Printing Limited
Hong Kong Institute for Monetary Research
Exchange Fund Investment Limited
Others
Hong Kong Financial Infrastructure
International Relations
Investment Products Related to Lehman Brothers
Monetary Policy
Notes and Coins
Renminbi business
Credit Card Lending Survey
Monetary Statistics
Residential Mortgage Survey
Year 2000
Others
Guidelines and Circulars
Guidelines
Circulars
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
531.2511

insight

Cybersecurity: Practice what you know

(Translation)

This inSight article talks about cybersecurity.  Just as reminding people to take care of their personal property or to eat a balanced diet, our well-meaning reminders to the public to pay attention to cybersecurity often fall on deaf ears.

While cybersecurity is something known by even primary school students, it is easier said than done.  A lot of people are probably not aware of the consequences of inadequate cybersecurity protection, and therefore still fail to pay proper attention to this issue.  According to a survey conducted by a cybersecurity firm, the most commonly used password of Internet users in the US and Europe last year was still “123456”.  This is tantamount to an open invitation to criminals.

Recently, some online securities accounts of individual banks in Hong Kong were compromised by fraudsters for conducting unauthorised share trading transactions.  It is believed that the fraudsters probably gained access to the accounts by either (i) planting malwares on the customers’ computers through the Internet and stole their Internet banking passwords; or (ii) using computer programs to “crack” users’ login names and passwords with repeated guesses.  To help avoid such cases, we should at least use passwords that are difficult to guess and different from those we use for other Internet services.  (Please refer to the “Major Safety Tips on Using Internet Banking Services” on the HKMA website for smart tips on using Internet banking services).

The banks concerned have acted swiftly to further enhance their security measures to better protect the securities accounts of their customers.  The HKMA has also discussed with the banking industry the ways to further strengthen measures to prevent and detect suspicious online share trading transactions.

Hackers employ sophisticated and varied methods to launch their attacks.  For example, in the recent Bitcoin extortion cases, hackers gained unauthorised access to the computer systems of some corporations, encrypted their confidential files, and then demanded Bitcoins as “ransom” in exchange for decryption of the files.  Invariably, financial institutions are the main target of cyber attacks.  Last year, the HKMA received 19 reports in relation to “Distributed Denial of Service” (DDoS) attacks against banks (DDoS is an attempt to make an online service unavailable by overwhelming it with network traffic).  Six of the cases involved blackmailing banks with the threat of launching DDoS attacks against them.  Fortunately, bank services were not severely affected by the DDoS attacks.

There is an old Chinese saying: “to know and not to do is not yet to know” (知而不行,是為不知).  The incidents above are timely reminder that not only should we “know” about cybersecurity, but more importantly we should “do” what we know.  Bank customers, financial institutions and regulators should all “practice what we know”, paying attention to and implementing cybersecurity measures.

The banking sector plays a pivotal role in the Hong Kong’s economy and the day-to-day functioning of the society.  Internet banking has even become an indispensable part of our daily lives.  Indeed, for those local banks offering Internet or mobile banking services, nearly half of their customers use such services, and the number of Internet banking accounts has already surpassed the 11 million mark.  The transactions handled through Internet banking are increasing steadily every year in terms of both amount and volume.  In 2015, the average monthly transaction volume was as much as 17 million, with amount reaching HK$7.3 trillion.  Therefore, the ability of banks to prepare for and manage cyber risks is crucial in maintaining public confidence in the banking sector.

How can this be done?  Well, encouraging the smart use of Internet banking is one way, but what else can the HKMA and banks do?

In March this year, we established the Fintech Facilitation Office (FFO) to promote the development of financial technologies (fintech) in Hong Kong.  Cybersecurity is a core element in developing fintech.  As the first major initiative to be undertaken by the FFO, the HKMA will launch the Cybersecurity Fortification Initiative for the banking industry at the Cyber Security Summit next week.  The Initiative comprises cyber risk and preparedness assessment, training programme and information sharing platform.  Allow me to stop here for now, and I will “share” more details about this Initiative later.

 

 

Norman Chan
Chief Executive
Hong Kong Monetary Authority

12 May 2016

Last revision date: 12 May 2016
ABOUT THE HKMA
The HKMA
Tender Invitations
Careers@HKMA
Legislative Council Issues
Links
The HKMA Information Centre
KEY FUNCTIONS
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
PUBLICATIONS & RESEARCH
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
Research
MARKET DATA & STATISTICS
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
KEY INFORMATION
Press Releases
Speeches
Guidelines & Circulars
Forthcoming Events
inSight
OTHER INFORMATION
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery