Page 18 - Demo
P. 18

Underpinned by three pillars, the CFI 2.0 initiative focuses on key areas: the Cyber Resilience Assessment Framework (C-RAF); the Professional Development Program (PDP); and the Cyber Intelligence Sharing Platform (CISP). Following a financial industry consultation and review, LEE said the results show that the banking industry is strongly supportive of the CFI 2.0. Over 90% of banks found the C-RAF useful; especially in identifying previously unrecognised cybersecurity assessment gaps.
Recalling how he had introduced CFI 1.0 at the HKIB Cybersecurity Solutions Day event in 2016, LEE said the HKMA's CFI 2.0 initiative is necessary to combat an expanding and increasingly sophisticated range of cybersecurity risks and vulnerability scenarios. Since the launch of the CFI in 2016, LEE said the global cybersecurity landscape has continued to evolve and banks have undergone further digital transformation. He explained how the rapid shift to working from home over the last eighteen months, and the evolution of touchpoints this has created, is an illustration of how the cybersecurity landscape
has changed. In addition, widespread use of video conferencing platforms and internet access to provide customer services and staff connectivity had also added their own cybersecurity risk touchpoints. At the same time, he said cybersecurity criminals are using new types of cyber-attack strategies specifically targeted at mobile channels and work from home vulnerabilities. LEE cited cybersecurity breaches that compromised the personal details of more than 500,000 Zoom users and the attack on US information technology firm SolarWinds that spread to its clients and went undetected for more than a month. He also highlighted how the shift to digital online banking and finance services, accelerated by the COVID-19 pandemic, had seen malware and phishing attacks more than double. “There is a lot at stake,”
he said, “Without the right cybersecurity systems in place, the losses can be financial, actual or reputational.”
李達志回想於「網絡安全解決方案日2016」首 次 推 出「 網 絡 防 衛 計 劃 1 . 0 」,認 為 現 時 有 必 要 推出「網絡防衛計劃2.0」,以應付日趨擴張和繁 複的網絡安全風險和漏洞。他表示,自「網絡防 衛計劃」於2016年推出至今,銀行已經歷進一 步的數碼轉型,而全球網絡安全格局亦不斷演 變 ,從 過 去 1 8 個 月 ,人 們 轉 向 在 家 工 作 ,繼 而 衍 生出新一代的網絡接觸點。此外,業界廣泛使 用視頻會議平台,以及利用互聯網提供顧客服 務和聯繫員工,增加了企業網絡安全的風險。李 達志指出,網絡安全犯罪分子正使用新型網絡 攻擊策略,專門針對流動平台和在家工作的漏 洞而進行攻擊。他舉例,曾有超過 50萬名Zoom 用戶的個人資料受到入侵;美國資訊科技公司 SolarWinds亦曾被攻擊,而行動竟禍及公司客 戶達一個多月還未被發現。李達志強調,銀行 和金融業近年積極推動數碼在線服務,加上新 冠肺炎疫情,令勒索軟體和網絡釣魚等攻擊增 加超過一倍。他說:「風險的確是無處不在。如 果沒有適當有效的網絡安全系統,所導致的財 務損失,無論是實質或聲譽方面,都在所難免。」
「網絡防衛計劃2.0」由三大支柱組成,包括 「網絡防衛評估框架」(Cyber Resilience
 Assessment Framework, C-RAF)「、專業培訓計劃」 (Professional Development Programme, PDP)
和「網絡風險資訊共享平台」(Cyber Intelligence Sharing Platform, CISP)。李達志指出,金管局 於計劃推出後進行了廣泛的業界諮詢和檢討, 結果顯示業界非常支持「網絡防衛計劃2.0」,有 超過九成銀行認為「網絡防衛評估框架」可以 幫助他們找出以往未能識別的網絡安全缺口。
ISSUE 119 • 2021
“With a structured implementation timeline starting in mid-2021 and continuing through 2023, to ensure systems remain secure and credentials protected, the enhanced CFI 2.0 scheme reflects the latest trends in technology and incorporates recent developments in global cybersecurity practices.

   16   17   18   19   20