- HKBN co-organizes a free anti-phishing exercise with Green Radar.
- The goal of the event is to increase SPO employees’ awareness and skills in detecting phishing attempts.
- The results of this campaign reveal the surprising sensitivity of the SPO to phishing attacks.
Alarming vulnerability exposed
A recent initiative by HKBN in collaboration with Green Radar aimed to bolster the defenses of Social Purpose Organizations (SPOs) against phishing attacks. Conducted in February, the simulated phishing email exercise targeted approximately 10,000 employees across 10 participating SPOs, presenting them with convincingly crafted phishing emails. These deceptive messages offered enticing incentives, urging recipients to click on embedded links and disclose personal information.
Also read: Can firewalls prevent phishing?
Also read: How can generative AI be used in cybersecurity?
Widespread susceptibility unveiled
Despite the varied levels of internal cybersecurity measures implemented by the participating SPOs, the results were concerning. Shockingly, all 10 SPOs demonstrated susceptibility to phishing emails, with nearly 10.7% of the 10,000 employees failing to identify them, almost doubling the global nonprofit average failure rate of 5.5%. Furthermore, 43.6% of these failures resulted in employees clicking on the malicious links and divulging sensitive personal information, including names and email addresses. This underscores the urgent need for heightened vigilance within the Hong Kong SPO community against phishing attacks.
Urgent need for strengthened defenses
Four out of the 10 SPOs reported losses due to phishing attacks, while eight acknowledged a lack of sufficient cybersecurity knowledge among their staff. Despite some SPOs having internal cybersecurity measures in place, such as attack alert mechanisms and regular security updates, over half admitted to either not providing any cybersecurity awareness training or offering it only once in the past year.
Wilson Tang, Co-owner and Chief Information Security Officer of HKBN, emphasized the escalating threat landscape: “The rapid evolution of artificial intelligence has led to a surge in phishing attacks. Last year, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recorded the highest number of phishing incidents in five years, reflecting the pressing need for enhanced cybersecurity across sectors. SPOs, serving the public and handling data from numerous stakeholders, face risks no less significant than those of private enterprises.”
Lee Tin Lun, Executive Director of Hong Kong Christian Service, highlighted the budgetary constraints faced by most SPOs, prioritizing resources for operations and community care. He expressed gratitude for HKBN’s support and called for increased industry resources to safeguard stakeholders’ data and interests.
As part of its commitment to promoting digital inclusivity, HKBN established the HKBN SPO IT Club in 2023, offering voluntary services such as cybersecurity and IT training to the community. Individuals seeking further cybersecurity support are encouraged to join the HKBN SPO IT Club for free consultation services.
About HKBN
HKBN has a steadfast mission: to disrupt markets and catalyze transformation, driving value for consumers and enterprises alike. Under the HKBN, HKBNE, and JOS banners, we furnish comprehensive solutions spanning broadband, data connectivity, cloud services, Wi-Fi management, IT services, digital transformation, and cybersecurity. Our reach extends to over 2.55 million households and 8,090 commercial sites, serving half of Hong Kong’s businesses and one-third of its households. Beyond our shores, we actively expand, aiding Hong Kong multinationals entering China and supporting Chinese firms venturing into Southeast Asia. From pioneering the world’s largest metro Ethernet network to delivering 1,000Mbps fiber-to-the-home services, and launching OTT entertainment and MVNO mobile initiatives, HKBN has evolved into a premier integrated telecom and systems integration solutions provider. Our commitment to advancing people, businesses, and society in this digital era is underscored by our region-leading professional technical team, ensuring top-notch services spanning multi-cloud architecture, system integration, and cybersecurity.