The government's top IT official on Friday warned organisations to step up security measures to protect sensitive information they hold, adding that human error is always a factor in data breaches.

His comments come after hackers struck at the Consumer Council on Wednesday, just weeks after personal information on various people was stolen from government-owned Cyberport. In both cases, ransoms were demanded, amid threats that the data stolen would be leaked on the internet.

Government Chief Information Officer Tony Wong said that while hacker attacks are common, organisations must take steps to protect their data.

"Human [error] is a very important part of every incident....for example, there are some security patches that [individuals] forget to do in the system. Or there are some individuals who forget to maintain a strong password, or accidentally click a malicious link," he said.

"Of course, as a responsible corporation, they also need to have sufficient data protection."

Wong said officials have been helping the technology park and watchdog, by sharing experiences and offering technical support.

Before the latest attack, Innovation, Technology and Industry Secretary Sun Dong said government departments and public organisations had been told to review their security measures and he had directed Wong's office to take action to avoid a repeat of what happened to Cyberport.

Meanwhile, Privacy Commissioner Ada Chung urged organisations to do what it takes to prevent a repeat of similar incidents, such as deleting personal data from time to time.

"In order to strengthen the data security systems to prevent malicious attacks on their systems, organisations should adopt security measures in a timely manner," she said.

"These security measures include, for example, the adoption of firewalls, and also anti-malware software, to protect computer networks. To regularly conduct vulnerability assessments and also penetration tests."

Chung said her office has received 76 enquiries and complaints regarding data theft at Cyberport, and nine Consumer Council-related ones so far.
_____________________________
Last updated: 2023-09-22 HKT 18:43