Another Day, Another (Preventable) Data Hack18 October 2023
Recent cyberattacks in Hong Kong further underscore the importance of organizational data governance and security.
October 2023 marks the 20th annual Cybersecurity Awareness Month, which is an opportunity for organizations across the globe to renew their commitment to protecting their IT infrastructure from evolving and increasingly complex threats. While great strides have been made to improve cybersecurity technology and processes over the past two decades, cybercriminals are employing sophisticated tactics to access systems and data for monetary or political gain. Despite many organizations’ best efforts, bad actors are relentless in their pursuit to exploit even the slightest vulnerability.
Back-to-back hacks in Hong Kong
A recent spate of cyberattacks in Hong Kong serves as a stark reminder of the importance of secure data handling and cyber hygiene. Over a span of only two weeks, Cyberport and the Hong Kong Consumer Council both fell victim to ransomware attacks that compromised hordes of consumer, employee and business data.
Following the Cyberport hack, confidential personal identification information such as employee contact details, human resources-related data and credit card records surfaced on the dark web. The perpetrators, a hacker organization known as Trigona, also placed business-critical information such as audit reports and financial and utility documents online for bid. Meanwhile, the Hong Kong Consumer Council saw 80 percent of its systems incur damage due to an attack that also put data belonging to its employees and some 8,000 CHOICE magazine subscribers at risk.
Amid the attacks, Hong Kong Technology Minister Sun Dong said the government was “highly concerned” and immediately called for government departments and public companies to strengthen their security controls and policies.
Targeting organizations across all sectors
Unfortunately, no organization is safe in the age of ransomware. Hospitals, technology providers, law firms, real estate offices, government organizations and critical infrastructure are all prime targets for cybercriminals given the potential to access troves of data.
As cyberattacks proliferate and threat actors continue to refine their tactics, any organization that handles sensitive data — i.e., customer payment information, legal documents, intellectual property or company financial data — needs to continually validate its document-sharing workflows and security capabilities against regulatory requirements and industry best practices. Recent events have shown that failure to do so can leave an organization’s operational viability, compliance standing and long-term reputation hanging in the balance.
How can organizations maintain control and visibility of the flow of information without creating friction or slowing down business processes? As the well-worn saying goes, “Cybersecurity is a team sport.” Yet, while it’s essential to build a culture of security awareness at every level through continuous employee training, ongoing technology investment is also critical to helping security and business leaders protect data from emerging threats.
Choose your technology partners wisely
When it comes to secure file-sharing platforms, the technology options are seemingly endless. Software-as-a-service (SaaS) platforms like virtual data rooms (VDRs) provide a secure environment for data storage, allowing seamless collaboration between internal and external stakeholders. However, not all VDRs are built the same.
With so many breaches originating within third-party networks, it’s critical to first consider the cyber health of any current or potential external vendor during the selection process. Many established platforms have been victimized by third-party breaches, as was the case in the recent MOVEit ransomware attack which impacted more than 1,000 organizations. Choosing a trusted technology partner that enforces strict data security protocols to mitigate internal and third-party risks can go a long way toward keeping your organization out of the headlines for all the wrong reasons.
Still, when it comes to protecting your organization’s digital assets, there’s more to consider than external malicious actors. Insider threats also represent a significant portion of data leaks, whether due to negligence or nefarious intent. That’s why it’s critical to use a file-sharing platform that provides granular permission controls. Ensuring users can only access the resources they need to perform their job functions helps prevent confidential information from falling into the wrong hands.
Why take the chance? How SS&C Intralinks can help
With so much on the line, why stake your organization’s financial and reputational success on questionable file-sharing methods, outdated technology, weak internal protocols or insecure vendors? When choosing a VDR platform, partner with a world-class provider that can streamline mergers and acquisitions (M&A) deals, private equity fundraises and other business processes that require secure document exchange — while always achieving global and industry-specific security and compliance requirements.
To help determine if your provider’s security protocols offer adequate protection, we put together a comprehensive checklist of key vendor-selection criteria — from access management capabilities to application security — so you can quickly pinpoint potential red flags and take the necessary steps to keep your organization’s data safe.
Click here to read the Security Checklist.
Jenkins Fung is the team lead of Advisory and Corporate Development. He's dedicated to supporting investment banks and law firms in Hong Kong, Macau and Taiwan. Jenkins works with clients on improving cross-enterprise collaboration and securely facilitating company sales, M&A and capital raising in the early, preparatory phase through due diligence, ultimately leading to successful execution.
Stay IN the know
Sign up for our newsletter for must-read market analysis and thought leadership, delivered right to your inbox.