![Analysis of Cyberattack Incidents: Remediating Vulnerabilities to Prevent Data Breach]()
Recently, multiple public and private organizations in Hong Kong have been targeted by cyberattacks, leading to the leakage of a large amount of personal data. Some sensitive data have even been put up for sale on the dark web, severely damaging the reputation of these organizations. The Office of the Privacy Commissioner for Personal Data (PCPD), Hong Kong, recently released two investigation reports that detail the vulnerabilities of the cyberattack incidents on Hong Kong’s well-known digital community and the statutory body for consumer protection. This blog will delve into the causes of these two incidents and provide recommendations for preventive measures.
The Course of Two Cyberattack Incidents
The first of the two cyberattack incidents involved a ransomware attack on the information system of a local well-known digital community. According to the PCPD’s investigation report, over 400GB of data was leaked, including the personal data of 13,632 employees, job applicants, and former employees. The data was subsequently put up for sale on the dark web.
About a month later, a local statutory body for consumer protection also experienced a ransomware attack on its information system. The investigation report from PCPD indicated that the incident resulted in the malicious encryption of 93 systems, the hacking of 11 servers and endpoint devices, and the unauthorized access of four personal data files. This affected the personal data of over 450 individuals, including complainants, employees of IT service providers, and current and former employees.
Below are the five major deficiencies revealed by the reports:
|
Vulnerability |
Digital Community
|
Statutory Body for Consumer Protection |
|---|
|
1. Detection and Protective Measures |
Lack of effective detection measures in information systems |
Failure to properly configure the cybersecurity solutions adopted to detect and block cybersecurity threats |
|
2. Multi-Factor Authentication |
Failure to enable multi-factor authentication for remote data access |
|
3. Security Audits and Measures |
Insufficient security audits of information systems |
Lack of sufficient safeguard to prohibit or prevent the storage of personal data on testing servers |
|
4. Policies on Information Security |
Lack of specificity |
Lack of specificity and comprehensiveness |
|
5. Handling of Personal Data |
Unnecessary retention of personal data |
Inadequate awareness of information security and data protection |
Vulnerabilities found from both incidents show similarity which reflect the common inadequacy in the comprehensive cybersecurity strategies of current enterprises and organizations. Relying solely on measures like firewalls is insufficient to withstand the increasingly sophisticated and diversified cyberattacks in today's digital landscape. Here are suggestions based on the vulnerabilities identified in the two incidents:
Vulnerability 1: Lack of Effective Detection and Protection Measures
With hybrid work model and remote working becoming the new normal, the number of endpoint devices such as desktops, laptops, and mobile devices continues to rise. Coupled with the need for connecting to public Wi-Fi anytime and anywhere, every endpoint becomes a potential entry point for cyberattacks.
Solutions:
Enterprises should adopt a diversified, multi-layered defense strategy.
-
Asset Identification: Identifying all assets accurately is the critical first step in establishing an effective cybersecurity strategy. By adopting asset identification service, enterprises can accurately identify all digital assets, especially high-value business-critical assets (e.g., Personal Data), in order to access the risks and prioritize the implementation of relevant measures.
-
Information Assessment: With all digital assets identified, conducting information assessment is the next crucial step for enterprises to identify potential vulnerabilities in network infrastructure and applications. Necessary correction should be made afterwards based on the assessment report to prevent future cyberattacks.
-
Endpoint Security: Given the increasing number of endpoint devices, enterprises should employ Endpoint Detection & Response (EDR) service to rapidly respond to threats like Phishing, ransomware and malware by leveraging its automatic threat detection, monitoring, and remediation abilities.
-
Diversified Protective Measures: A wide range of protective solutions should be employed, including Web Application Firewalls (WAF), Next-Generation Firewalls (NGFW), User and Entity Behavior Analytics (UEBA), Network Traffic Analysis (NTA), along with Managed Security Services (MSS) to intercept evolving cyber threats.
Vulnerability 2: Failure to Enable Multi-Factor Authentication for Remote Data Access
Solutions:
-
The simplest and most direct method is to implement Multi-Factor Authentication (MFA) for accounts with remote data access. Regular review should be made for access permission for all accounts, reducing the accessibility of data in the event of account compromise.
-
With the increasing usage of cloud services, Secure Access Service Edge (SASE) is recommended for enterprises due to its Zero Trust Network Access (ZTNA) capability, offering identity-based authentication and granular access control to empower enterprises with secure private access to cloud-native platforms or applications. It can also conduct threat detection for all network users and immediately mitigates threats, providing an additional layer of security for all access points that directly connecting to cloud data.
Vulnerability 3 & 4: Insufficient Security Audits and Lack of Specificity in Cybersecurity Policies
Solutions:
-
Enterprises should adopt Managed Security Services (MSS) from service providers and enjoy 24x7 proactive monitoring, and vulnerability identification and analysis provided by a team of security experts. Monthly review meetings will also be held in order to identify and correct any unexpected deficiencies to avoid insufficient security audits.
-
With the ability to oversee the entire picture, the team of security experts can prioritize threats, develop and refine security policies and processes for enterprises, forging a comprehensive security strategy.
Vulnerability 5: Handling of Personal Data
The mis-handling of personal data reflect the lack of cybersecurity awareness among employees.
Solutions:
-
Regular internal training should be organized to enhance overall security awareness and implement strict measures for employees to adhere to relevant security guidelines.
-
Cyber Attack and Defense Exercises should also be conducted regularly. With active participation, it can enhance employees’ engagement and awareness, enabling them to adeptly handle sensitive data and respond effectively to potential threats.
TrustCSI™ 3.0 – Cybersecurity Redefined with Intelligence
As your trusted TechOps Security Enabler, TrustCSI™ 3.0 utilizes AI to revolutionize the core capabilities of SOCs. Our TrustCSI™ Managed Security Service (MSS) leverages three of our self-deployed and self-managed SOCs and our team of security experts to provide 24x7 proactive monitoring, identify and analyze vulnerabilities, prioritize threats as well as refine security strategies and enterprise processes.
The team of security experts can also assist enterprises to conduct “AI-Red/Blue Cybersecurity Practices” regularly to “stress test” scenarios and systems, elevating employee defense capabilities and identify the potential risks of enterprise for fast remediation. It facilitates asset identification, vulnerability assessment, and the identification of potential threats through AI penetration testing. Coupled with our series of protective solutions, including Secure Access Service Edge (SASE), Unified Threat Management (UTM), Next Generation Firewall (NGFW) and Web Application Firewall (WAF), User and Entity Behavior Analytics (UEBA), and Network Traffic Analysis (NTA), along with email security solutions, we forge multiple layers of defense barrier for enterprises to mitigate the increasing risks of phishing attacks, spam emails, and computer viruses, enhancing network and application access control.
To minimize discrepancies in security measures, our security experts can assist enterprises in standardizing security strategies and provide a range of services from professional consultation, solutions design and implementation, transforming passive protection to proactive defense, significantly reducing the risk of data breaches. Contact our information security experts now to learn more and enhance your cybersecurity strategy!
