The council and the Office of the Privacy Commissioner for Personal Data interviewed almost 400 firms from six industries in September – to assess their cybersecurity status and the measures they have taken to tackle cyber threats.
It said almost 75 percent of surveyed firms have been attacked at least once in the past year, adding that so-called “phishing attacks” – illicit attempts to access data – remained the most common type of cyber security attack.
Alex Chan, general manager of digital transformation at the council, said companies need to do more to protect themselves.
“The zero-trust approach is always the number one principle when we guard against all these attacks… For example, go through the other official mobile apps, to verify if it is a real website or a real offering that you’re committed to,” he said.
“Also, there are free antivirus tools on the mobile apps that can help you detect whether the links are from a malicious website.
“For the AI deep fake as well, there are also other techniques where you can differentiate whether you are talking to a person that applied deep fake. For example, ask them to move some objects in front of their face before the camera to see any changes on the screen. If the AI algorithm is not fast enough, the face switch is not instantly reflected.”
Privacy Commissioner Ada Chung also said firms need to be extra vigilant.
“Awareness is the key… for example, if you go to any particular website for any enterprise, do check if the link is correct or not and be aware of fraudulent websites,” she said.
“If you receive any unknown calls or unknown SMS, you can always check with the sender to see if the sender is really your friend or relative.”