TL;DR: Key Takeaways Vulnerability scanners are essential for baseline hygiene, but structurally limited in depth, scope, and context. In large enterprises, especially in regulated Hong Kong sectors, organizational realities amplify these blind spots. “Clean” scan reports often mask real, exploitable attack paths inside segmented and credential-restricted environments. Use scanners for coverage and compliance — but
Read MoreTL;DR – What To Do After a Cyber Attack First 60 minutes: Isolate affected systems, activate your incident response plan, and switch to out-of-band communications. Confirm scope and preserve evidence before making disruptive changes. Contain surgically — segment and monitor rather than mass shutdowns or resets. Engage legal and regulators early (PDPO, HKMA / SFC
Read MoreTL;DR: What Boards and Senior Executives Need to Know IA GL20 requires insurers to demonstrate cyber resilience, not just technical controls. Compliance is assessed through the Cyber Resilience Assessment Framework (CRAF): IRA, MA, and TIBAS. Most regulatory issues arise from governance gaps, weak risk articulation, and fragmented execution. With clear ownership and leadership oversight, GL20
Read More