23 Oct 2019
The Greater Bay Area: Cyber ‘Resilience’ for Better Business
Cyber security is a major concern across the world as governments and companies grapple with the twin problems of cyber crime and state-sponsored cyber attacks. Hong Kong, as well as other business centres in the Guangdong-Hong Kong-Macao Greater Bay Area (GBA), is at the cutting edge of solving such problems, according to Ferenc Frész, Chief Executive Officer of Hungarian firm, Cyber Services Zrt. Frész warned that the scale of online security threat is vast, saying: “The aggregate income globally from cyber crime activity, including financial and drug-related crimes, amounts to US$2 trillion. State-sponsored actors, however, move not only against industries, commercial and financial systems, but on a geopolitical level, which I believe is ultimately a bigger threat.”
Such considerations are sobering. Cyber Services drew on its connections with the United Nations and European Union (EU) as it identified regions rather than countries in need of its services, including both corporate and government clients. Hong Kong and the wider GBA is a priority region globally for the company’s focus, providing its specialised consultancy and software. This is due to the huge business opportunities arising in the GBA and the need to ensure secure, controllable and predictable IT processes, according to Anett Mádi-Nátor, the firm’s Director of International Operations.
Hong Kong Connections
Cyber Services was quick to develop a collaborative specialised training and workshop schedule with the Hong Kong Productivity Council (HKPC) in 2016. It also developed similar programmes with a Hong Kong-based multinational as well as a smaller Hong Kong company as it made initial connections in the SAR. Perhaps more significantly, the company has recently entered a partnership with Hong Kong-based e-Walker Consulting (HK) Limited, a 14-year veteran in the regional cyber security market, aimed at localising Cyber Services’ offerings.
Mádi-Nátor said: “Cyber Services’ strongest business line in the GBA may be strategic cyber security consultancy for Hong Kong companies that aim to deliver business in the GBA. We offer our semi-automated NIST cyber security compliance tool for this purpose and e-Walker is partnering with us in localising the tool to include local information, data security and protection regulations.”
NIST, a cyber security framework first formulated in the US, allows organisations to assess and improve their abilities to prevent, detect and respond to cyber attacks and is now used by businesses to proactively and effectively respond to cyber risks and instil risk management. Adding to Cyber Services’ NIST software development and cyber expertise, e-Walker provides IT security consultancy, advisory, assessment and auditing services related to Hong Kong and across the Asian region, including in the GBA.
The Power of Trust
Cyber Services, established in Budapest in 2015, was formed as a cyber security related IT consultancy and services firm primarily aimed at businesses and governments internationally. Mádi-Nátor said: “We provide tailor-made services and differentiate ourselves from major online companies in that we are more independent commercially, backed by state-owned Hungarian banks aiming to develop export relations abroad.
“We operate on a person-to-person trust basis as we develop our relations and collaborate in the GBA. Hong Kong presents a great opportunity for us.”
Cyber Services has developed its network of contacts to introduce specialised training workshops and seminars with companies and governments to deliver strategic, theoretical and practical advice on cyber security life-cycle support, including pro-active defence, cyber threat analysis, cyber intelligence and multi-level security awareness programmes.
In collaboration with the HKPC, for example, training courses have focused on ‘knowledge transfer’, of how to harmonise with the EU under its new General Data Protection Regulation (GDPR), effective since 25 May 2018, which differs from Hong Kong’s established data protection laws.
Mádi-Nátor was positive about the company’s experience of working in Hong Kong, saying: “We are trying to enable Hong Kong companies to understand EU compliance. The striking experience we have with GDPR is that Hong Kong service providers, whether in banking, logistics, e-commerce or other sectors are keen to understand and comply with the changes, how these are applicable in an Asian environment – and our training has been very successful.
“Legal firms in Hong Kong and other centres cover compliance but do not necessarily provide the required insights into the GDPR’s technical background.”
With its extensive work in the global business-to-business sector Cyber Services has run different regional cyber exercises with the United Nations-led International Telecommunications Union (ITU) based in Geneva, responsible for IT issues of concern. As well as focusing on Hong Kong and the GBA, Cyber Services has concentrated its attention on Europe, Saudi Arabia and Singapore as regions of major IT development and therefore need for cyber resilience.
Unlike many commercial entities, Cyber Services concentrates on information presentations across a number of meetings on a pre-investment basis before reaching the bottom line of imposing fees. That only happens usually after a year-and-half of assessing individual goals. Frész said: “We are involved in the broad range of cyber security involving self-assessment and a framework to develop tailored risk, statistical assessment under different jurisdictions, looking at providing data bases to reduce data compromises, business losses and data losses or any such combinations.”
Industries that may take advantage of such advice are finance, medical, pharmaceutical and logistical firms. The company also advises on air traffic navigation issues and is in talks with local Guangdong administrations and entities in business-to-government and business-to-business areas.
Cost and Opportunity
After working on international, state-sponsored cyber espionage and cybercrime cases, Frész said that many organisations and companies do not believe they need ‘insurance’ against cyber attacks until these actually happen, as preventive costs appear to be too high. He said: “Cybersecurity is not cheap and at, say, US$100,000 companies have to take a deep breath and invest. Alternatively, many are only too happy to pay three times that amount after the cyber event they suffer.”
With its commitment to the GBA, Cyber Services envisages establishing an office in Hong Kong within a period of about five years to provide its specialised expertise in the east Asia region and enhance its partnerships, possibly also covering its operations in Japan and Korea. Mádi-Nátor saw the SAR a good base for the regional market, saying: “In Hong Kong we are in a good position to evaluate the east Asian region and due to Hong Kong’s global connectivity we would be in easy reach of the wider region and Europe.”
While the company’s specialist expertise can be easily brought in to Hong Kong, the company sees local talent as invaluable for marketing, sales and after sales.