14 年報 Annual Report 2022-23 我們的服務 HowWe Serve 網絡安全 Cyber Security 舉辦香港旗艦網絡安全峰會「資訊保安高峰會 2022」。峰會主要探討企業在各種網絡保安挑 戰和面對不斷升級的網絡威脅環境下如何成功 進行保安轉型,講題涵蓋新興網絡攻擊和技 術、最新的保安防禦框架和風險管理方法等。 公布「HKT香港企業網絡保安準備指數2022」 調查結果。 • 整體指數連續第二年上升,更首次突破50 點,顯示企業對網絡保安的重視和資源投 放有增無減。然而,員工的保安意識仍為 最難提高的範疇,情況或與網絡攻擊的種 類、數量和複雜性增加,尤其是網絡釣魚 攻擊有關。 香港電腦保安事故協調中心(HKCERT)為本地 企業及互聯網用戶提供資訊保安事故的訊息和 防禦指引,提高市民資訊保安意識,協助中小 企及早預防網絡攻擊。其工作包括: • 處理共8,348宗保安事故。 • 提供24小時免費事故報告熱線。 • 舉辦免費研討會。 • 與業界、政府機構及國際協調中心合作, 進行監察、收集及分析攻擊模式,盡早為 企業發出重要資訊及保安警報。 • 為企業提供建議,以應對網絡攻擊、人工 智能、Web 3.0及其他新興科技的保安風 險;並出版「中小企保安事故應變指南」, 包含保安事故應變程序清單及範本,協助 企業以有限的資源,維持並增強系統防禦 以減低受網絡事故影響引致的業務和經濟 損失。 • 為個人用戶提供實用資訊,如啟用多重身 分驗證、保護個人資訊、提防釣魚攻擊或 可疑電郵等。 Organised Hong Kong’s cyber security flagship event “Information Security Summit 2022”. The Summit focused on how enterprises transform their defence on cyber security successfully against prevailing challenges and escalating cyber threats. Topics included emerging trends of cyber attacks and technologies, new security defence framework and risk management methodologies. Released the results of “HKT Hong Kong Enterprise Cyber Security Readiness Index 2022”. • The overall Index continued to rise for the second successive year and surpassed 50 for the first time, showing that enterprises were attaching more importance to cyber security and investing more resources in it. Yet, staff awareness of cyber security was still the most difficult area to improve, likely attributed to the continuous need to update and enhance their security awareness as cyber attacks increased in variety, volume and complexity, especially phishing attacks. Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) facilitates the dissemination of information on computer security incidents for local enterprises and internet users and promotes information security awareness among citizens, preventing cyber attacks to SMEs. It had: • Handled 8,348 security incidents. • Provided free 24-hour hotline services for incident reporting. • Organised free seminars. • Collaborated with the industry, Government bodies and international coordination centres to monitor, collect and analyse attack patterns and issue alerts and vital information to enterprises as soon as possible. • Offered advice to enterprises on dealing with cyber attacks and other emerging security risks involving AI, Web 3.0 etc.; and published “Incident Response Guideline for SMEs”. It contained an incident handling checklist and incident response procedure template which helped SMEs maintain and maximise their systems’ defences with limited resources so as to minimise business and financial impacts from cyber incidents. • Offered useful information for individuals, such as enabling multifactor authentication, personal data protection, awareness of phishing attacks or suspicious emails, etc.
RkJQdWJsaXNoZXIy Mjk0NjMy