Mitigating Risks: Strengthening Cybersecurity Awareness in Hong Kong

Despite a decrease in successful phishing cases in Hong Kong so far this year, a test run by the city’s police and the Hong Kong Internet Registration Corporation revealed that cybersecurity awareness is still “lacking.”

While the drop in phishing email cases can likely be attributed to implementing tools and policies that make it more difficult for threat actors to distribute their malicious emails, the results of the drill reveal that individuals remain a weak link. Despite having a strong cybersecurity programme in place, organisations will remain vulnerable if their staff do not follow best practices. Robust processes and advanced tools are defenceless against an individual who mistakenly clicks a link containing malware, potentially infecting the entire network.

Organisations in Hong Kong should work to increase cybersecurity awareness and mitigate risks from phishing and other social engineering attacks. This can be achieved through:

• Tailored training programmes designed to test employees with fake phishing emails, which will teach and explain warning signs and red flags.
• Table-top exercises that replicate real-life cyber attack scenarios. The learnings from these simulations are designed to increase overall awareness and teach employees how to respond to scams and cybersecurity incidents.
• When encountering abnormal or suspicious activities, employees are advised to promptly report and seek guidance from the company's IT and cybersecurity team.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.