Hong Kong banks lag in threat intelligence

He pointed out that for a CISP to be effective in monitoring, detecting and preventing cyber threats, it must have one key feature.

“There must be global collaboration and a culture whereby everyone actively contributes to the pool of intelligence rather than simply passively absorbing as much information as possible.”

HK banks pull their own weight on CTI

According to Leung, during the absence of any effective cyber intelligence sharing platform, bank have individually arranged cyber threat intelligence feeds from relevant parties, including the Hong Kong Police’s cybersecurity and technology crime bureau, HKMA, industry parties and various security-related service providers such as PCCW, RSA and Websense to name a few.

“I wouldn’t call it effective, but what’s there today does allow banks to react quickly to any spontaneous attacks and other incidents. Privately though, we CIOs do talk to each other from time to time and share some information. It could have been better and easier if a shared intel platform was there.”

He added that running CTI within a bank’s IT infrastructure is not an easy task.

“Within their IT infrastructure, banks usually have several generations of hardware, software and a large number of business specific systems – old and new, big and small. Most of these systems and applications are protected behind layers of firewalls and secure containers. The challenges, therefore, are how to assess potential impacts on these systems, if any. And what to do in the events of threat, many of those we might not have come across or experienced before,” Leung said.

Meanwhile, CTI relies on two basic concepts, Jackson pointed out.

“Firstly having a process in place (either in-house or through a vendor) to receive comprehensive and actionable intelligence relating to their bank. Secondly, it requires a process to actually act upon this intelligence in a timely manner to ensure the threats are addressed,” he said.


“The process sounds simple, but in reality it is extremely difficult to implement CTI in practice. Cybercrime is global in nature so threats can come from anywhere. Ensuring that you are aware of all threats is a complex business. Coupled with this is that inter-bank sharing in Asia is still not at an ideal level. Better sharing of intelligence on ‘indicators of compromise’ would allow banks to learn from incidents that may affect other banks,” Jackson said.


Research Notes News and Opinions