Hong Kong - Guidance On Anti-DDoS Protection.

In response to the growing incidence and sophistication of distributed denial-of-service (“DDoS”) attacks, the HKMA issued a circular on 25 November 2022 to provide AIs with additional guidance (the “Guidance”) on this specific area of cyber security. With reference to the findings of a round of thematic reviews completed recently by the HKMA to assess the effectiveness of the anti-DDoS protective measures maintained by AIs, the Guidance is grouped under four key principles:

(i) Undertaking regular risk assessment and vulnerability management – AIs should monitor the latest trends, tactics and techniques of DDoS attacks. They should have in place a robust mechanism regularly to identify, assess and mitigate vulnerabilities in their networks and systems which may be susceptible to new forms of DDoS attacks, and critically assess whether their anti-DDoS defence mechanisms remain adequate.

(ii) Designing the architecture of anti-DDoS controls properly – AIs should properly configure and regularly review the architecture of their anti-DDoS controls to provide comprehensive protection against DDoS attacks. The protective measures should cover both customer-facing channels and key components that support an institution’s operations.

(iii) Maintaining effective governance over service providers and putting in place robust contingency arrangements – AIs should identify key third parties which are critical to the availability of their internet-facing services and are potential targets of DDoS attacks (e.g. DNS and internet service providers). AIs should maintain an effective mechanism regularly to evaluate the key third parties’ cyber defence capability and develop appropriate contingency arrangements to deal with potential disruptions.

(iv) Establishing proper incident response procedures and conducting regular rehearsal exercises – AIs should establish end-to-end incident response and escalation procedures, covering, among others, actions required of anti-DDoS service providers (e.g. timely identification of DDoS attempts, adjustment in relevant thresholds and rules for responding to DDoS attacks).

To access a full copy of the circular, please see here.

For further information, please contact:

Simon Deane, Deacons

simon.deane@deacons.com

Hong Kong – Guidance On Anti-DDoS Protection.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

Hong Kong – Guidance On Anti-DDoS Protection.

Register for your monthly Asia legal updates from Conventus Law

- Manisha Singh - Lex Orbis,

Footer

CONVENTUS LAW

OTHERS