Technology Updates - April 2021 Issue

Innovation and technology are drivers for organisation growth and the key to enhance competitiveness of different industries. Just as technology rapidly evolves, so does the sector. In every monthly issue of our ‘Technology Updates’, it will include the latest updates from cybersecurity, emerging technology & data privacy.

Hong Kong is pushing forward to require all virtual asset-trading platforms to obtain license and enhance IT and cybersecurity controls

The legislative proposal, introduced by Hong Kong’s Financial Services and Treasury Bureau in November 2020, recently completed a three-month consultation with the industry and members of the public. The proposal will now turn into a bill and possibly become law later in 2021.

The proposed law would require virtual assets services providers — including crypto exchanges, custody services providers and virtual assets financing services — to apply for a license from the Securities and Futures Commission (SFC).

Whilst SFC issued a position paper, the position paper covers number key IT and cybersecurity controls as followings:

Protection over client crypto-assets
Trading platform and cybersecurity
Record keeping
IT risk management
Hot & cold wallet management
Key management

Whilst there have been reports of crypto platforms being hacked with investors suffering substantial losses, the SFC has set out number of IT risks associated with virtual assets and classified the safe custody of virtual asset. Cybersecurity are the major concerns for platform operators.

Cybersecurity standard on virtual asset exchange

To ensure that cryptocurrency transactions are safe and secure, company can enhance their IT controls according to different standards. Eg the Cryptocurrency Security Standards (CCSS). CCSS is a set of requirements for all information systems that make use of cryptocurrencies. This standard is designed to complement existing information security standards (ie ISO 27001:2013) by introducing guidance for IT security best practices with respect to cryptocurrencies such as Bitcoin whilst CCSS covers a list of 10 security aspects of an information system that stores, transacts with, or accepts cryptocurrencies.

A comprehensive cybersecurity review is important to crypto-exchange platform. The review result details a company’s unique threat profile, upon which a threat-based cybersecurity approach can rely on to mitigate cybersecurity risks.

KYC data of 3.5 million users exposed from mobile payment service provider in India

Popular Indian mobile payments service MobiKwik came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach in March 2021.

As per an independent researcher Rajshekhar Rajaharia, millions of personal data of Mobikwik users have been leaked online. First reported by TechNadu website, private information of 3.5 million users has appeared for sale on the dark web. However, Mobikwik has denied the claims. Undoubtedly, the Indian payment systems giant did process many personal data. As of July 2020, MobiKwik serves 120 million users and 3 million retailers across the country according to the annual report published in their official website.

What personal data may be leaked?

The security researcher, Rajaharia, had tweeted details of the leak on 26 February 2021: “11 crore Indian cardholders’ card data, including personal details and KYC soft copy (PAN, Aadhar, etc) allegedly leaked from a company’s server in India. 6 TB of KYC data and 350 GB of compressed mysql dump”. In summary, the possible personal data leaked includes:

Email ID
Phone
Password
Physical address
IP address
GPS location
Mobile phone information

What is the recommended approach to address data leakage risks?

According to policy of ‘Identifying and Protecting Assets and Data Against Data Breaches’ published by US National Institute of Standards and Technology (NIST) in 2019, there are number of best practices to address data leakage risk. For example, companies should identify and inventory data and data flows. ie to understand and track status of data security in every data flow between system and business operations.

We recommend a threat-based cybersecurity approach to address data security risks and mitigate costly data breaches. Threat-based cybersecurity is forward-looking that it uses analysis of a company’s unique threat profile to identify risky areas and protects against probable types of cyberattack. The threat-based approach includes proactive steps among which a comprehensive cybersecurity review is first and foremost.

China continues to pursue its main goal of becoming a self-reliant technological manufacturing powerhouse after 14th Five Year Plan

China is becoming the home of the most bleeding-edge advanced manufacturing facilities after the latest Five Year Plan which focused heavily on seven key ‘frontier technologies’ as China’s top policy priority. This has also led China to ahead the other competitors such as European Union, the United States and Japan according to South China Morning Post.

The World Economic Forum has added five Chinese factory sites to World Economic Forum’s Global Lighthouse Network list of the world’s most technological advanced factories that have successfully adopted new technologies such as Industry 4.0 to revamp and transform business models as well as value chains.

What is Industry 4.0?

Industry 4.0 optimises the computerisation of Industry 3.0. When computers were first introduced in Industry 3.0, it was disruptive due to the effectiveness and efficiency that bring into the operation and business. Now, and into the future as Industry 4.0 unfolds, computers are connected and communicate with one another to ultimately make decisions without human involvement. A combination of cyber-physical systems, the Internet of Things and the Internet of Systems make Industry 4.0 possible and the smart factory a reality.

How Industry 4.0 revolutionise manufacturing industry?

There are wide range of new technologies can be adopted in manufacturing industry to provide a positive impact to the daily operation, manufacturing decision-making or even company direction.

Internet of Things (IoT) is the bridge that allows granular insights provided by high tech solutions to join into a coherent, enterprise-level picture for modern manufacturers. IoT devices in manufacturing enables virtual tracking of capital assets, processes, resources and products which gives enterprise full visibility to streamline the business process and optimise the supply and demand.
Artificial intelligence and machine learning (AI and ML) used to handle the vast amount of data captured by the IoT devices and draw meaningful insight or apply various statistical model to the data to predict/forecast the future trend.
3D printing had been widely used in both personal and enterprise level. 3D printing can be effective in terms of both cost and time when the goal of the product was only a proof of concept or the product does not mean to be produce in large scale.

Industry 4.0 can certainly be value added to business operation but it also requires certain commitments and works of proof of concept (PoC). After the gap analysis and PoC, companies might then invest into newer technology and equipment. We have seen many success stories of adopting new technology to business operation. Don’t wait, contact our consultant today and understand how our technology consultancy services help your business adopt industry 4.0 technologies.

After Pop Mart IPO, blind boxes are helping China’s tech giants and luxury brands gamify e-commerce

Blind box approach had gained traction in retail business recently in China. Over the last year, this strategy has proven the adoptability and feasibility in the market. Companies have increasingly applied such strategy to virtual goods and e-commerce in WeChat mini-programs and during shop festivals. Despite China has sought to limit the use of loot boxes in video games due to the gambling-like properties. ‘Blind box’ approach is exploding in the country whereas toy designers industry worth 29.4 billion yuan in 2020 and ‘blind box’ market accounted for about 31 percent of it, market consultancy iiMedia Research reported.

The mystery toy concept has a long history, being popularised in Japan with the New Year’s tradition of ‘lucky bags’ called ‘fukubukuro’ and later showing up with ‘gashapon’ capsule toys. But the recent rise of blind boxes across Asia has been aided by e-commerce, according to Zhang Yi, CEO of iiMedia Research. “E-commerce channels have grown greatly over the recent year due to COVID-19, which has become a platform that blind box sellers rely on,” Zhang Yi said.

Along with sales moving online, influencer played a significant part in terms of popularising the concept of ‘blind box’. Influencers who share their purchases with their followers in social media had created a burgeoning virtual community.

What is gamification?

Gamification is the strategic attempt to enhance systems, services, organisations and activities in order to create similar experiences to those experienced when playing games in order to motivate and engage users. This approach has been widely adopted by retail companies to attract and retain customers.

How gamification enable business performance?

There are multiple CRM application (customer relationship management) that developed around the concept of gamification, customers can receive different vouchers and coupons by completing different quest in app. This can effectively draw customers’ attention and company can obtain more information on different customer’s behavior, preferences and expectations.

From that point, company can have a more accurate understanding of customers and the company strategy can be developed base on that.

As a result, customer experiences journey are enhanced by new technology application. Don’t wait, contact our consultant today and understand how our technology consultancy services help your business adopt new technology.

How can BDO help?

The BDO Risk Advisory Services (RAS) team is formed by a group of dedicated IT professionals. We are well equipped, qualified, experienced and well-prepared to assist your board or management to perform IT security assessments, data protection reviews, vulnerability assessments as well as penetration tests or any other IT matters relating to regulatory requirements. Please do not hesitate to contact us and talk to our consultants. We are pleased to provide further insight or assistance if needed.

Subscribe to receive the latest BDO News and Insights

Please fill out the following form to access the download.