11 Apr 2018

Lines Of Defence

John Bensalhia

The boom in cloud technology in the 21st century offers a wealth of benefits. Businesses using the cloud can save time and money while boosting efficiency and profits. Everyday lives are made easier and more comfortable in a wealth of spheres from travel to healthcare.

But if there's a downside, then it's the risk of cyber attacks. Kok-Tin Gan, Partner, Cyber Security and Privacy of PwC Hong Kong, says that the current tech landscape has seen a rise in cyber attacks in the last few years. “These have been targeted at all kinds of business from banks to travel and chain stores.”

“A notable trend is that more attacks have been aimed at small to medium enterprises, some of which do not have enough resources or investment to do something about them,” says Kok-Tin. “Whereas larger enterprises have more strength and power to combat cyber attacks. In order to successfully deal with cyber attacks, every business, whether large or small, must ensure that they have the right investment, training and facilities.”

High target for cyber criminals - Tourism, Bank, Healthcare

Global cyber attacks can strike anywhere, including Hong Kong and other Asian countries. But as Chalee Vorakulpipat, Head of Cyber Security, National Electronics and Computer Technology Centre (NECTEC), explains, the tourism industry is a notable area of vulnerability. “Hong Kong is one of the main destinations for tourists from around the world, so the tourism industry is dependent upon reliable computer systems such as an online reservation and payment system. If these systems are attacked, not only the tourists cannot access to the systems, but also they will no longer trust, resulting in choosing to visit another country.”

In terms of which industries are most affected by cyber attacks, Chalee says that this is dependent on how much each industry invests in security protection. “Basically, attackers need a motivation to attack. If an industry exhibits a lot of system vulnerabilities mostly due to low investments, and it can give an impact to the national level, this industry will be the main target. In the most cases, critical infrastructure sectors meet these criteria.”

Banks are still a high target for cyber criminals, as Kok-Tin Gan explains. “Because more people bank online today, areas such as money transfer and stocks are targeted by cyber criminals. Last year saw a lot of attacks and hacks on stock making companies.”

Another risk area is healthcare. “In the Smart Healthcare and Smart Hospitals of the future, smart medical devices and applications are connected to form the 'Internet of Medical Things', or IoMT, in short,” says Bryan So, Principal Consultant (Smart Healthcare, MedTech & Optics), Hong Kong Productivity Council. “Smart enabling technologies (for example, smart health analytics of critical vital signals, digital persona for chronic disease management, and AI-health management) permeate the whole network, which are linked by data exchange platforms.”

Bryan explains that with IoMT in place, the medical services will benefit from improved quality and enhanced efficiency. But the ever-increasing network interfaces and growing volume of data flowing across various untrusted or non-standardised security networks will also put the sector at the mercy of cyber criminals. “The disruption of medical and healthcare services, loss of critical data such as patient’s medical history, delays in treatment, or even fatal accidents can be some of the undesirable results. Therefore, sound cyber security capabilities are critical for medical professionals to ensure their service quality in the smart era.”

In recent years, there have been several cyber attacks targeting the local healthcare sector. A 2014 example saw the personal details and health history of more than 10,000 liver and digestive disease patients forcibly encrypted in a ransom attack. In 2016, the Immunisation Record System of the Department of Health’s Clinical Information Management System was suspected to be intruded. “The hacker had possibly gained access to the temporary files generated under the system, which involved about 17,000 files of personal and clinical information of clients of the Department,” says Bryan.

“These cyber attacks pose different impacts to relevant stakeholders,” says Bryan. “For example, local device manufacturers may not have sufficient knowledge in implementing the appropriate cyber security measures due to the product and risk management concerns. This may hinder the IoMT product realisation.”

“Some medical device distributors may not be fully aware of the potential loopholes during the installation and maintenance of connected device, which may lead to the increase in cyber security vulnerability to the users’ environment.”

Common kinds of cyber attack - attacking, phishing, ransomware

Common forms of cyber attacks today include attacking availability such as DDoS and attacking privacy. “Attacking availability of critical infrastructure such as telecommunication, hospital and bank resulting in out-of-service violations can give huge impacts to the country and its people in terms of financial loss, safety loss, and loss of life,” says Chalee Vorakulpipat. “Also, attacking privacy can threaten homeland security and be highly related to legal issues. The best example is a case that a hospital discloses a patient's sensitive information to the third party without permission.”

Another of the most common kinds of cyber attack is phishing. “This is one of the most easiest and effective methods of getting into an organisation and creating disruption,” says Kok-Tin Gan.

One of the most common forms of cyber attacks on hospitals or clinics is ransomware, described by Bryan So as “a malicious software that encrypts or removes access to computer files until the payment is made to the attackers.”

“Multiple healthcare organisations or hospitals worldwide have been reported to be the victim of ransomware attack, with massive loss or encryption of patient’s information or medical history.”

“For example, in May last year, the WannaCry ransomware attack created chaos to tens of thousands of computers in over 150 countries. In the UK alone, over a third of its public health networks were affected by the attack. Victimised hospitals were unable to access basic medical records. At least 6,900 patient appointments and surgical operations were cancelled as a result.”

This form of attack can create a huge impact to healthcare organisations, as it can grow from a fringe cyber attack to widespread influence. “With one of the prominent characteristics of extremely quick encryption by the ransomware, a large amount of information can be affected within a short period of time,” says Bryan. “As a result, hospitals or healthcare organisations cannot operate functionally and smoothly with the inaccessibility of information.”

Ways to keep you safe from cyber attacks

The good news, though, is that there are many measures to successfully combat cyber attacks. Bryan So lists a number of examples: “Applying good password policy and strong authentication technologies to deter account compromise; implementing network segmentation of infrastructure and privileged account management to reduce the attack surfaces;  and effective operational procedures such as regular security patching to close security loopholes of healthcare devices.”

“Also, cyber security awareness training shall be organised to update stakeholders with contemporary security cyber threats and the latest knowledge in cyber defence.”

With regards to the future, in the long run, Bryan concludes that cyber security still poses numerous threats towards the healthcare industry from various aspects. These threats range from the adoption of electronic health record systems without up-to-date security control and the high-risk information sharing platform across end-point devices, to the heterogeneous systems with different security levels connected to the same networked system: “All in all, more channels mean more opportunities for the hackers to gain access into the system.”

As well as this, Bryan adds that the increase in the sophistication and variety of cyber attacks presents another long-term threat to the safe cyber environment of the healthcare industry.

So to minimise the risk of cyber attacks, the healthcare industry should speedily upgrade with the adequate knowledge, skills and resources. “For example, the organisation may incorporate more cyber security consideration in network architecture design,” says Bryan. “Also, a dedicated security incident response team can be set up to provide a more effective response to tackle cyber security breaches within the healthcare organisation.”

“Awareness and capability trainings are also recommended to all relevant stakeholders to enhance their understanding of the underlying principle of cyber security and preventive measures to weed out the chance of cyber attacks.”

Chalee Vorakulpipat says that people need to understand the importance of cybersecurity protection and prevention. It should start from the top-level management, and security should be implemented using a top-down approach. “This ensures that the top-give management explicitly show the direction on cybersecurity, so it is easy to enable any security programs.”

Because the threat of cyber attacks has become more serious in the last few years, Kok-Tin Gan concludes that a greater global understanding of this problem is required in order to take future action. “We have seen more high target organisations affected by cyber criminals, and one of the most unsettling aspects is that these attacks can happen from anywhere around the world.”

“So to help do something about future attacks, globally, we all need to co-operate. We need to have a greater understanding of the impact that such an attack can have. It's a scary thing having money or valuable information stolen. What global society needs to do is to understand the root cause of cyber attacks and analyse their nature.”

“By having a greater understanding and awareness, we can be better prepared for future attacks and take the relevant steps to prevent them from occurring in the future.”

View all Interviews

Latest News



Platinum Sponsor



Platinum Sponsor



Platinum Sponsor



Gold Sponsor



Gold Sponsor



Silver Sponsor






Sliver Sponsor



Bronze Sponsor



Bronze Sponsor




Strategic Event Partner


Event Partner


Event Partner


Event Partner


Event Partner


Event Partner


Event Partner


Media Partner


Media Partner


Media Partner


Testimonials - Exhibitor

  • We have been here from the beginning. It is one of the largest tech events in Hong Kong so it is a really good platform to promote our presence. The traffic is good and quality of visitors is better than last year, and there are more quality exhibitor here too.
  • We obtained quite a lot of leads last year and we would like to target new audience other than enterprises and to gain more awareness among the SMB segment. Overall it has been a positive experience!
  • We have seen strong football to our stand over the last two days at Cloud Expo Asia Hong Kong. Events like this are an important brand awareness activity for us.
    Google Cloud
  • There are a lot of people having questions in their minds and they want to find answers here. We are bringing our answers to our clients so this is a very good platform that we can interact with our clients.
    TIBCO Software
  • We have really enjoyed hosting seminars on our stand this year - some talks attracted almost 70 people! It is a great opportunity to let the audience know the latest information and promote our offerings, innovations and business intelligence.
  • It is precious to have such an enormous Cloud event in Hong Kong because it gathers the majority of vendors and clients in Hong Kong, allowing us to meet various vendors and partners. We would absolutely attend the event next year.
    Crestron North East Asia
  • The audience traffic has been good over both days allowing us to generate many potential leads, particularly with system integrators and the ICT industry.
  • This is a wonderful event on cloud innovations, with a good combination of technology. I have met with many people who I could see myself working together with on pilot projects.
    Dr Chen-Yu Lee
    Director of Taipei Smart City Project Management Office
  • It’s fantastic – everything from analytics through to data centre and it is really interesting to see other parts of technology that I don’t necessarily work with. Some of the talks that I’ve been to are really eye-opening and not the usual presentations.
    Torquill Pagdin
    Director Technology (Data Engineering) - – an Expedia Group Brand
  • Nice to spend a day among the professionals in the field. Great event planning and experience. I love the network building opportunities and some in-depth discussions with fellow leaders in the market. Many thanks to the organizer had provided us a playground to showcase our products.
    Dr. Raymond Chen
    IT Director of Limited
  • Very interesting speaking sessions, realistic case studies, questions and answers are very practical and useful to the audience.
    Norikazu Takahashi
    Board Director of The Center for Financial Industry Information Systems (FISC)
  • It was very interesting to hear some of the conversations happening at the booths. There was also a good mix of tech-focused and digital roadmaps talks. This is the event for tech leaders to come together and talk about what are the best technologies for cloud and what suits their business needs.
    Anita Varshney
    Vice President, Strategy and Innovation - SAP Next-Gen
  • It is my first time to Cloud Expo, a fresh and wonderful experience. I believe such great events will help firms boost their digital transformation and achieve success in the age of customer.
    Forrester Research
  • This is my first time joining the exhibition. I came from Shenzhen with my group. We came here to understand the current tech trends and developments. The conference topics are interesting and leave me eager to find out more. I look forward to joining next year as well.
  • This is the second time I have visited Cloud Expo Asia; I am still very excited by the new information and new IT trends that I can access here. Big data is one of the most debated topics here and I have received many updates on industry news today. I will definitely visit again and recommend this great event to the others.
    JP Morgan
  • I have been a huge fan of Cloud Expo Asia over the past few years, witnessing its improvement right from the start. The show grows from strength to strength each year. I will be sure to come again to keep tabs on more new trends in the future.