Skip to content Skip to footer

Loading Results

Lack of basic cyber hygiene leading cause of cybersecurity risks in the age of COVID-19


View this page in: 繁體中文版

PwC announces top cyberattack trends in Hong Kong

Hong Kong, 2 December 2020 – The switch to remote working has seen a spike in cybersecurity incidences increase by ten times. The lapses in security are mainly due to lack of basic hygiene such as misconfiguration of VPN and firewall, and outdated software.  To better protect oneself from cyberthreats, it is all about securing the basics, which is also the theme of PwC's second HackaDay Cybersecurity Conference.

In 2020 alone, PwC Hong Kong helped clients respond to over 30 cases of active breach or network intrusion. The firm’s clients range from telco to airline subsidiaries to Hong Kong-based international conglomerates. The work involved end-to-end incident response cycle, from containment to threat hunting to post-incident security uplift.

“From over 300 techniques documented by PwC’s cyber team, we’ve learnt that the recurring patterns of these attacks include both front door break-ins like leaked credentials or exposed ports, and lack of internal monitoring like remote access and data sharing,” said Kok Tin Gan, PwC Hong Kong Cybersecurity and Privacy Partner.

Rapid changes in technologies and remote working due to COVID-19 had significant impact on organisations’ attack surface, providing opportunities for threat actors. Hackers are deploying both evolving and recurring tactics:

  • Ransomware incidents became the most common and damaging to organisations;
  • Threat actors have started to employ more manual hacking techniques during their intrusion, only deploying ransomware at the final stages of their computer network exploitation;
  • Business email compromise remains a threat to companies, with cybercriminals taking advantage of lack of interpersonal communications.

To cope with the rapidly growing threats, PwC is introducing Purple Teaming solution which enables iterative attack simulation and remediation to drive rapid risk reduction. The solution starts from gaining a threat-focused understanding of the organisation’s cybersecurity posture, to remediating security weaknesses as soon as they are identified. With Purple team in place, PwC professionals can iteratively improve protection, detection, and response capabilities, then ultimately increase the cost to an attacker of a compromising cyber environment.

Running concurrently with the Cybersecurity Conference is PwC’s annual Capture the Flag competition for undergraduate students in Hong Kong and Macau. It serves as a platform to raise the competency level of new talents to better prepare them for a meaningful career in cybersecurity.

“Students are the future of a company’s cybersecurity defence. We pride ourselves in helping to nurture these local talents which aligns with our PwC’s purpose of building trust in society and solving important problems,” said Felix Kan, PwC Hong Kong Cybersecurity and Privacy Partner.

Contact us

Shaun Soh

Manager, PwC Hong Kong

Tel: +[852] 2289 8470

Follow us