MORE FROM KrASIA

China’s cybersecurity has improved but risk of financial malware still high, report says

High penetration of digital payments in China makes consumers an attractive target for criminals looking to deploy financial malware.

China’s cyberspace security level improved overall after Beijing introduced its cybersecurity law but it is still one of the countries most targeted by hackers using financial malware, according to a new report.

In a study of cybersecurity in 76 countries by tech research organisation Comparitech, China received a score of 29 this year. The metric reflects the chances of an attack, including from malware and cryptominers, based on the percentage of users attacked during the third quarter of 2019. The lower the score, the less risky the situation. Last year, China scored 41.

However, in the Comparitech report the world’s second-largest economy also ranked fifth in terms of financial malware attacks, behind Belarus, Uzbekistan, South Korea and Tajikistan, according to the report released on Tuesday. The ranking was based on the percentage of attacks in the third quarter of 2019, when 1.2% of Chinese netizens were under attack, compared with 2.9% in Belarus.

“The high penetration of digital payments in China makes local consumers an attractive target for criminals looking to deploy financial malware,” said Ben Wootliff, head of the Asia cybersecurity practice at risk consultancy Control Risks, who added that it may not be considered that high in proportion to the country’s relatively high level of digital payments usage.

Wootliff said Beijing’s cybersecurity law “is one of the key reasons why cybersecurity in China has improved over the past year or so”, but the big challenge is “about how to comply with a demanding set of regulations and what to do if you fall afoul of them.”

Beijing adopted a tough cybersecurity law in 2017, with dozens of departmental rules introduced in the following years. But instead of enhancing security, the regulations have faced growing concerns over individual and institutional privacy as Beijing strengthens its power as an internet regulator.

The law requires network operators to cooperate with Chinese crime or security investigators and allow full access to data upon request.

“There are still some ambiguities which are making it difficult for companies to operate, such as how much data they can export out of China, how and when to report issues around cybersecurity, and the level of security they should implement under the new regulations,” Wootliff said.

“These areas of ambiguity, combined with a tough enforcement regime, can still make it tricky for companies to operate,” he said.

Worldwide, most countries’ overall cybersecurity scores improved except the United States, Brazil, Japan, France, Iran, and Singapore.

The US slipped to a score 16 from 12 last year, due to a high 9.1% of computer malware infections, and a 4.7% level of telnet attacks coming from the country. Japan’s lower score came from an increase in cases of mobile ransomware, from 1.3% to 2.0%, and an increase in computer ransomware from 8.3% to 9.2%, the report said.

Denmark overtook Japan to become the most cyber-secure country in the world. Sweden was also the best-scoring country for financial malware attacks with only 0.1% of users affected.

“Whether they need to strengthen cybersecurity legislation or users need better protection on their computers and smartphones, there’s still a long way to go,” the report said.

This article first appeared in the South China Morning Post