HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence
The Guideline aims to help SMEs minimise the business impacts and financial losses affected by security incidents, and prevent and reduce the recurrence of similar cyber attacks.
Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained high in recent years, i.e. an annual average of around 8,900 incidents in the past four years and with 4,084 incidents in the first half of this year. To enhance the resilience of Hong Kong small and medium enterprises (SMEs) in dealing with unforeseen information security incidents, HKCERT has recently published the “Incident Response Guideline for SMEs” (the Guideline) providing tips and professional advice for SMEs with limited resources to maintain and upgrade the defence of their systems. The Guideline aims to help SMEs minimise the business impacts and financial losses affected by security incidents, and prevent and reduce the recurrence of similar cyber attacks.
With the Guideline, SMEs can become more familiar with the incident response life cycle, and learn to set up a security framework in the organisation, and define roles and responsibilities, etc. for SMEs to fully grasp the tasks to be performed before, during and after security incidents. Moreover, SMEs can understand the key steps in handling common incident scenarios for better identifying and responding to different types of security incidents such as distributed denial-of-service (DDoS), malware, phishing email, web defacement / intrusion, etc.
The Guideline also introduces how to formulate the standard operating procedure according to different incident scenarios, and provides the incident handling checklist, incident response procedure template, etc. Non-technical readers can easily absorb and understand how to create a proper incident response procedure in their organisations.
Mr Alex Chan, General Manager of Digital Transformation Division of HKPC and spokesman of HKCERT, said, “Cyber attacks have evolved rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to automation and higher computing powers. This leads to the increase of various cyber attacks targeting different organisations. As most SMEs lack resources to build a wider scope of cyber defence to prevent or block cyber attacks, this makes them an easy target. HKCERT hopes the Guideline can act as a catalyst for local SMEs to establish a clear, low-cost and easy-to-implement incident response mechanism. It aims to help them cope with the increasingly sophisticated, complex and frequent cyber attacks due to the accelerated digital transformation amid the COVID-19 pandemic and the application of emerging technologies such as 5G communications, Internet of Things, Metaverse and artificial intelligence, and thus improving the cyber security posture of Hong Kong.”
To address the above-mentioned issues, HKCERT has developed the “Incident Response Guideline for SMEs” to help SMEs and other organisations to:
Maintain and maximise their systems’ defences with limited resources
Minimise business and financial impacts in cyber incidents
Prevent and minimise the reoccurrence of similar cyber attacks
This Guideline defines and explains the Incident Response Life Cycle, and outlines the tasks to be performed before, during and after security incidents. It also includes advice on setting up a security framework in the organisation, defining roles and responsibilities, etc. Moreover, the key steps for handling common incident scenarios are highlighted to guide the organisation to fast-absorb different steps in response to security incidents.
In addition, the Guideline aims to help non-technical readers to easily absorb and understand how to create a proper incident handling procedure for their organisations through the following:
Scenario questions to formulate incident response procedure
Standard Operating Procedure for different incident scenarios
Incident Handling Checklist
Incident Response Procedure Template
Please click here to download the Guideline. For information security related incidents, for example, ransomware, phishing, denial of service attack, etc., please report to HKCERT through its online Incident Report Form at https://www.hkcert.org/incident-reporting. For other enquiries, please contact HKCERT by email: firstname.lastname@example.org or call its 24-hour hotline: 8105 6060.