■本港屢受惡意軟件攻擊,有人認為政府要加強支援中小企業,並培訓更多網絡保安人才。圖為韓國一家公司受勒索軟件WannaCry攻擊。 資料圖片【原文】香港電腦保安事故協調中心1月18日表示,去年處理的保安事故(cyber security incident)較前年增加7%,其中惡意軟件(malware)攻擊增加八成之多,估計未來的攻擊數字會繼續上升。
中小企欠人才
建設安全的網絡環境是發展資訊科技的前提(prerequisite),近期黑客入侵、客戶資料被盜(data breaches)的情況增加,本港企業借助互聯網發展業務,須重視網絡安全。
政府更須適切支援中小企業,為本港培養更多網絡保安人才(information security talents)。
近年勒索軟件(ransomware)出現,黑客活動已變成一門「生意」,其主要手段就是盜竊資料、勒索贖金,甚至直接盜取網上賬戶的金錢。類似WannaCry等勒索軟件愈發猖獗(rampant),去年本港有多家旅行社先後被勒索軟件偷取客戶資料,要求企業支付贖金(ransom)。
專家:港落後西方5年
若網絡保安不足,不僅會造成企業慘重經濟損失,更會打擊市民對資訊科技的信心(confidence),降低新技術的應用(application)速度。
有網絡安全專家指出,本港的網絡保安水平至少落後於西方國家及地區5年,亦缺乏相應人才。
有市場研究公司的報告亦發現,95%香港的受訪企業在相關方面只處於基礎階段(early stages of security preparedness),缺乏監測網絡攻擊的措施、專責人手,議題亦不在企業管理層的會議議程(meeting agenda)內。
滯後3原因
究其原因,一是本港資訊科技發展相對滯後,電子商務(e-commerce)、網絡支付(online payment)等技術都比內地和歐美發展為慢,大部分企業尤其是中小企仍然依賴(rely on)傳統的支付模式,容易忽視網絡安全的重要性。
二是網絡保安需要高門檻的設備(high-end equipment),中小企在資源上力不從心。
三是人才不足,香港金管局(Hong Kong Monetary Authority)曾多次提醒,本港網絡保安人才不足,估計未來幾年相關人才缺口達700人。
政府有必要增加資源,培養網絡保安人才和援助(assisting)中小企-支持大專院校(tertiary institutions)增加相應學科學額,為中小企提供適切的培訓課程和技術支援。
與此同時,本港企業亦需要轉變觀念,與時並進,投入更多人力物力(manpower and resources)加強網絡保安建設(security infrastructure),才能抓住、拓展商機。 (標題及小標題為編輯所加) (摘錄自香港文匯報社評19-1-2018)
Cyber security is facing serious challenge as malware surges
【譯文】The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) revealed on 18 January that the number of cyber security incident reports rose by 7 per cent last year, with malware cases surging by almost 80 per cent. Experts believe such attacks will continue to proliferate in the future.
SMEs lack related talents
A well-established cyber security readiness is the prerequisite for information technology development. As cyber attacks and data breaches become more commonplace, local enterprises must place more emphasis on information security while they enjoy the benefits of the Internet. The government should also offer more support to local small and medium-sized enterprises (SMEs) for the sake of nurturing more information security talents.
Since the emergence of ransomware in recent years, cyber crime have evolved into a kind of "business" that engages in data theft, ransom-based attacks and sometimes even direct attacks on bank accounts. For instance, a number of local travel agencies fell prey to WannaCry as the ransomware ran rampant in 2017. Client data were reported to be stolen and the agencies were extorted to pay a ransom.
However, the business sector losing money is not the only consequence of insufficient network security measures. Network insecurity would also undermine the public's confidence in information technology and ultimately slow down the application of new technologies. Information security experts have pointed out that network security levels in Hong Kong are lagging behind the West for at least five years, whereas the number of IT security talents are also severely lacking.
According to a market research report, 95 per cent of the local corporate respondents are only in the early stages of security preparedness, as they lack the adequate security measures and specialists to monitor and detect cyber attacks. Cyber security is apparently not on the senior leadership's meeting agenda.
3 factors of lagging behind
There are several factors to this issue: First, IT development in Hong Kong is relatively slow, and the implementation of e-commerce and online payment technologies are also lagging behind mainland China and the West. As most local businesses, especially SMEs, still rely mainly on traditional payment options, network security is often neglected.
Second, network security systems require high-end equipment that most local SMEs generally would struggle to afford.
Third, there is a severe lack in talents that are equipped with relevant skills. The Hong Kong Monetary Authority has already pointed out that the city will be short by 700 information security professionals in a few years.
It has become necessary for the government to put more resources into nurturing network security talents and assisting SMEs. Authorities should sponsor more places in tertiary institutions for the relevant disciplines, and provide suitable training and technical support to local SMEs. At the same time, enterprises should also keep up with technological advancements and commit more manpower and resources into the network security infrastructure, only then can they seize every opportunity to further expand their business.■Jeffrey Tse [ywc_jeffrey@hotmail.com]
Exercise
1. 網絡釣魚
2. 勒索
3. 木馬程式
4. 阻斷服務攻擊
5. 加密
Answers
1. Phishing
2. Extortion
3. Trojan horse
4. DoS attack / DDoS attack
5. Encryption