Search Menu
Language Menu
Mobile Menu
OGCIO
09-07-2018

Keynote Address by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity), at the “(ISC)² Security Congress APAC 2018”


Dr. Charest (Dr. Kevin Charest, Chairperson of Board of Directors, (ISC)² USA), David (David Shearer, Chief Executive Officer, (ISC)² USA), Dr. Lee (Dr. Lee Jae-Woo, Chairperson, Asia Pacific Advisory Council, (ISC)²), Clayton (Clayton Jones, Managing Director, (ISC)² APAC), distinguished guests, ladies and gentlemen,

Good morning. I am delighted to be here at the (ISC)² Security Congress APAC 2018 today. This conference provides an excellent opportunity for all industry leaders, security practitioners and professionals to share insights, knowledge and experience in cyber security landscape, information security management and industry practices. I would like to extend my gratitude to (ISC)² for bringing this conference to Hong Kong, and my warmest welcome to all local and foreign participants.

The theme for this year’s conference is “Enrich, Enable, and Excel”. Today, the Internet links up the world and enriches our daily life. Enabling by innovation and technology, the business and industry sectors embrace the opportunities for connecting customers in the globe to provide them with personalised services. Advancements in new technologies such as artificial intelligence, conversational platforms, big data analytics and so on further create increasing impact on personalised services and excel in improving customer satisfaction. While the overall user experience is enhanced, new cyber security risks and challenges are also introduced. In recent years, the number of cyber attacks and their severity have increased significantly in a global scale. Take ransomware as an example: According to the report from a cyber security solution provider published in May this year, the number of ransomware attacks has grown over 400% in 2017 as compared to 2016, and over 300 new types of ransomware were discovered in 2017. As cyber attacks become more and more diverse and sophisticated, it is also more and more crucial for organisations to understand their own defence capabilities and implement suitable protection mechanism to safeguard their digital environments. Here, I would like to share some key aspects in the prevention of cyber attacks.

The first aspect is about human management. Raising security awareness and enriching knowledge of information security among staff members in an organisation is instrumental in protecting information systems and data assets. To support various businesses and industries to face today’s security challenges, the Government of Hong Kong collaborates on various fronts with the Hong Kong Computer Emergency Response Team (HKCERT), which is the centre for coordination of computer security incident response for local enterprises and Internet users. For example, we collaborate to organise awareness promotion events regularly, such as seminars and forums, to continuously promote information security in the community.

The Government also puts together practical advice, guidelines, tips and techniques on information security protection for organisations and general users, and disseminate them via our website, portal and social media platform. Businesses are encouraged to visit our InfoSec website (www.infosec.gov.hk) and Cyber Security Information Portal (www.cybersecurity.hk) for the afore-mentioned references.

The second aspect is technology management. While organisations are keen to deploy technology to increase operation efficiency and facilitate business or organisation growth, it is also important to understand the risk in deploying technology so that proper measures can be implemented. Monitoring vulnerability reports and applying the latest security patches promptly are some effective measures for cyber attack prevention. Moreover, security risk assessment and audit for information systems should be conducted regularly to discover and correct security issues.

Another important aspect I would like to share with you is collaboration. Information sharing and collaboration among various stakeholders have become a pre-requisite of effective cyber security protection today. In Hong Kong, OGCIO works closely with HKCERT to handle local computer security incident response. We also establish ties with regional and international computer emergency response teams for timely sharing of security information.

To promote closer collaboration among local information security stakeholders of different sectors, the Government is also launching a community-driven collaborative programme – the “Cybersec Infohub”, to facilitate effective exchange of cyber security threat information, mitigation strategies, best practices and knowledge. Through the programme, we aim to disseminate analysed information with actionable insights to the community so as to enhance the overall cyber resilience of Hong Kong against territory-wide cyber attacks. The sharing platform of the programme will be launched in September this year and we have already received positive responses from local organisations of different sectors regarding participation.

To conclude, cyber attacks are no longer isolated events and cyber security is a shared responsibility across all stakeholders. By being proactive and employing effective security strategies and tools, along side with continuous awareness in the community and business sector, our economy would build up a much stronger protection against emerging cyber threats.

Lastly, may I wish the event a great success, and all participants ample and fruitful takeaways. Thank you.

- ENDS -