While some of the companies have performed backup more frequently after WannaCrypt, many are still resorting to more traditional ways of backup without leveraging the cloud.
Hong Kong is facing a serious risk as a global financial centre, with an average of 7 million hacking attempts daily from around the world, according to a survey conducted by BSA-The Software Alliance and the University of Hong Kong Social Sciences Research Centre (HKUSSRC).
The survey estimated that 20% of businesses in Hong Kong back up their files less than once a month or never perform backup. While some of the companies have performed backup more frequently after WannaCrypt, many are still resorting to more traditional ways of backup without leveraging the cloud as an efficient and secure off-site backup option.
"This survey shows Hong Kong businesses currently lack an understanding of what the cloud has to offer in enhancing their overall cyber security defence strategy," said Tarun Sawney, senior director of APAC, BSA. “The findings also reveal a significant gap between the level of awareness and the actual efforts local enterprises undertake in protecting themselves against future cyberattacks. Our cloud readiness survey, hopefully, can serve as a call to action for local businesses to strengthen their data protection efforts by considering harnessing cloud usage.”
Figure 1: Professor John Bacon-Shone, associate dean (Knowledge Exchange) of Social Sciences, director of the Social Sciences Research Centre and professor at The University of Hong Kong, and Tarun Sawney, senior director of APAC, BSA, presented the findings from their survey on ransomware and cloud readiness, which shed light on the extent of cyberattacks faced by Hong Kong enterprises, how they are handling data backup and whether they are aware of cloud options in tackling the problem. (Source: BSA)
The survey also showed that 10.9% of the respondents reported that their companies had faced a ransomware attack in the baseline survey. In the past three months alone, four out of 101 respondents (3.6%) reported that their companies had faced a ransomware attack.
Meanwhile, over half of the respondents worry about the company’s data being at risk if facing a ransomware attack, with 56.5% of the respondents in the baseline survey said they were extremely worried or somewhat worried about their companies’ data being at risk.
The survey also found that most of respondents felt that it was extremely important or somewhat important to have data backup in their companies. Also, majority of the respondents were aware of the data backup services powered by public cloud. And while some of the respondents said they use data backup services powered by public cloud due to its "convenience, ease of sharing data and corporate practice," others were wary of the "security issues" involved with using the service.
“Recognition of the importance of having data backup is critical, but taking concrete steps to perform offsite secure backup which may include public cloud backup is a different story,” said John Bacon-Shone, associate dean (Knowledge Exchange) of Social Sciences, director of the Social Sciences Research Centre and professor at The University of Hong Kong, who presented the survey findings.
Aside from the local regulations that require data users to protect their personal data from unauthorised or accidental access, Bacon-Shone also noted that there will be a new European Union law on data protection, which "will include much stronger sanctions" of up to 4% of global annual turnover and requires a risk-based accountability.
"This is why there is an essential need for corporates to implement offsite secure backup, which may include public cloud backup, but will require careful choice of trustworthy providers of backup services," the professor said.
Sawney said companies should consider the quality of service offered, particularly in the areas of privacy, security, compliance and transparency.
“When choosing CSPs [cloud services providers], corporates may also refer to international standards such as ISO 27018, ISO 27017, ISO 27001 and other national standards, and whether the CSPs are compliant with those standards," said Sawney. "Given the prevalence of cyberattacks and the difficulties businesses face in constantly protecting themselves against cyberattacks, cloud provides a very cost-efficient viable option for businesses.”