An IT expert on Thursday urged NGOs, schools, and hospitals to prioritise cybersecurity spending, warning they are particularly vulnerable to cyberattacks.
This advice came after the Office of the Privacy Commissioner for Personal Data estimated that roughly 470,000 people's personal data was stolen in a cyberattack against Oxfam Hong Kong last month.
Francis Fong, the honorary president of the Hong Kong Information Technology Federation and an Oxfam council member, told RTHK the council had instructed team members to notify all affected individuals.
Fong explained that a key reason NGOs were prone to attacks was because of widespread work-from-home practices adopted during the COVID-19 pandemic.
“After the pandemic because we used to work from home...We normally use a VPN to get into the office server so you can work remotely. But the problem is if you have not updated the firmware of the firewall, the VPN, the OS of the workstation server, even your antivirus or your security software, there are possibly many loopholes the hackers can attack the network and get the data from the server.”
He also said staff awareness was lacking, noting many attacks were caused by employees tapping on suspicious web links or phishing emails.
Fong pointed to the need for a shift in organisations’ mindsets over cybersecurity spending.
“In the past, we all thought this was just like one-off expense for security measures, but now because of so many attacks, these expenses [should] become like a regular expense, at least like a yearly expense,” he said.
“So you should actually update all your servers. You have to buy subscriptions of your firewall and your security software, so that you are being properly protected, and you have to do security audits at least once a year.”