Exposed and at risk: firms are too slow to respond to cybersecurity threats
Businesses recognise that cybersecurity is a priority, but many still lack the commitment to invest in the tools needed to defend from attacks
Last month, the world watched helplessly during a cyberattack when the WannaCry ransomware exposed weaknesses in government institutions and corporate organisations alike.
Major security vulnerabilities were exposed in over 230,000 systems in over 150 countries within 24 hours, while data from organisations such as Britain’s NHS and Spanish tele-communications giant Telefonica was held hostage via encryption and only returned when a Bitcoin ransom was paid.
It’s an issue that Hong Kong’s auditing industry is all too aware of. “WannaCry showed the world once again just how unprepared we are to defend against cyberattacks,” says BDO’s director and head of risk advisory Ricky Cheng.
With new cybersecurity threats emerging constantly, it’s worrying, Cheng says, that “some businesses that have not adopted basic practices in information security, leaving them exposed to both new and legacy threats”.
“RSM has invested significantly in this service area over the past year, as we have seen a significant increase in demand for IT and cybersecurity review services. In light of the recent high-profile ransomware attack, it’s crucial that companies not only respond but also prevent similar situations. It’s something that is occurring slower than many would like.
“Major economies around the world have started or already enacted relevant cybersecurity laws or regulations to curb the potentially catastrophic damages that can be caused by cyberattacks on major infrastructure industries,” Yau says. However, a lack of substantial policy and planning for these types of events, and a general lack of awareness over potential risk exposure, often leads to authorised users failing to adhere to security policies.
