Experts say China needs to beef up cyber security

China is one of the world's biggest victims of cyber attacks, and Chinese companies should improve their Internet security systems and remain vigilant to cyber threats, Internet security researchers said

At least 60 percent of the attacks targeting China's large companies, government, and scientific research institutions come from overseas, according to Liu Siyu, director of the security research team at Web security company Beijing Rising Information Technology Co Ltd.

Major sources of the attacks include the United States, South Korea, Japan and India, according to a report released by Rising on the cyber security situation in 2012.

"The situation in 2013 will not change much. Although we do not know who initiated those attacks, we do know which country the hackers are from," said Liu, adding that company files, government documents and research reports are hackers' major targets.

China is the world's second-largest target for hackers globally in terms of attack frequency, only "slightly behind" the United States, said Liu. Japan and South Korea also ranked high on the list.

Industry insiders said Chinese companies do not pay enough attention to cyber attacks because investment in Internet security does not generate earnings.

"Over the past decades China was busy at building a sound online application network, but the establishment of information technology security systems lagged far behind," said Liu.

Rising's report said that nearly 200,000 Chinese websites were hacked in 2011.

However, most Chinese Web security companies only provide anti-virus solutions and have a little knowledge of hacker attacks.

Requests for comment were turned down by the nation's top security firms including Kingsoft Security and Qihoo 360 Technology Co Ltd. The companies said they only specialize in virus protection and know little about hacker attacks.

A growing number of Chinese companies are turning to overseas Web security companies for protection, a move which still leaves them vulnerable to attacks, according to a report published by Rising in January.

In addition, as a growing number of Chinese companies are using mobile devices in their business, security breaches are more likely.

"Chinese companies have done very little to protect the mobile devices their employees are using, but the fact is that smartphones and tablets are widely used in the financial sector," said Tang Tiebing, a security expert at NQ Mobile Inc, a leading mobile security provider.

A total of 420 million people in China were using mobile phones to log on the Internet in 2012, an increase of more than 18 percent year-on-year, according to the China Internet Network Information Center.

Because most company executives are using smartphones or tablets to access business e mail or undisclosed company information, breaches of mobile devices could cause greater damage to the target companies, said Tang.

"Although no major data losses were reported in the mobile sector, it does not mean that the service is safe," he added. "It is highly possible somebody has been using mobile devices to collect company information for quite some time without being caught."

Attacks targeting Chinese companies are set to grow in frequency as the nation's economic power strengthens.

"Whoever is behind the attacks does not necessarily use the stolen information to aid their own business because most of them are more developed than their Chinese counterparts. But it is still worth probing a fast-growing economy to retain a competitive advantage," said Liu from Rising.

gaoyuan@chinadaily.com.cn