Home > HK
Monday, July 18, 2016, 10:30

Experts call for stepped up efforts by companies to beat hackers

By Feliks Cheang

An international cyber security expert has called for the setting up of an assurance scheme that allows for rigid and trustworthy assessment of security capabilities on digital devices, networks and system as part of efforts to combat cyber attacks.

“How(could) we realize the potential of big data and the connected world if we can’t trust it to protect us and our information,” Dave Kleidermacher, chief security officer at global mobile communications leader Blackberry, told the TEDxHongKong forum held in the SAR.

“We have to get that trust back,” he said. Statistics show there are thousands of flaws in an information system, and it’s dubious if users can trust the cyber security companies when they are getting hacked aswell, Kleidermacher said.

Big data and cloud computing are now seen as essential for businesses to improve their costefficiency and scalability. Yet this emerging technology is also a doubleedge sword, especially when it comes to cyber security.

Besides users’ privacy, cyber attacks also associate the industries with huge costs. Healthcare companies, such as hospitals, pharmacies and medical facilities, fell victim to more cyber crimes than any other industry last year, according to IBM data. Cyber attacks now cost the US healthcare industry US$6.2 billion annually, according to the Ponemon Institute.

Kleidermacher suggested that one possible solution would be to launch an assurance program, citing DTSec — a medical device cyber security standard led by Blackberry. Sucha scheme,he said, would help assess a product’s ability to withstand attacks from wellsourced cyber criminals. The working group has set its nearterm sight on protecting the safe functioning of diabetes devices, such as bodyworn insulin pumps. A life-saving treatment formillions of people worldwide, those devices are increasingly exposed to the security risks of wireless network.

Regarding data security, governments alsohave a leadership role to play, Kleidermacher told China Daily. “You have no way to evaluate how safe those security firms can secure data,” he said.

He urged regulatory bodies to spearhead a mandate, trustworthy security assessment, assuring consumers of the security of the products by having them regularly evaluated and certified, especially when there is a low economic drive for the companies to evaluate their systems’ security standard.

“But, it’s still not perfect, it just means somebody has taken a look at it,” he added.

“Nothing is completely secure.”

Despite the absence of amandate security assessment in Hong Kong, the city’s legal sector has also called for a data protection reform, forcing businesses to rethink how to legitimize their use of personal data, and stiffen penalties for data breaches.

Conventus Law — a local online legal platform — said earlier this month Hong Kong’s data protection laws are among the most sophisticated in Asia although they are now more than 20 years old.

Singapore will also introduce legislation to protect sensitive data used bymobile app developers and other companies as the city state intensifies its push to become a leading global technology hub, according to Bloomberg.

Latest News