As civil society organisations (CSOs) in Macau rely more on information and communication technologies (ICTs) for their daily operations, there is an increasing need for them to be cyber resilient. A range of adverse cybersecurity incidents from technical ones such as network disruptions and computer viruses to the ones targeting personnel’s psychosocial vulnerabilities such as phishing and online scams pose risks to the operational continuity of CSOs, and by extension, the community they serve. With CSOs’ critical role as frontline organisations which provide support for the local community in times of adversity, it is crucial that they have the ability to raise awareness about the nuances of cyber threats. However, compared to larger organisations with more resources and a better awareness of cybersecurity compliance requirements, CSOs are less aware of the potential impacts of cybersecurity threats and have far fewer resources to protect themselves.
On December 1st, UNU Macau partnered with the Faculty of Business of the City University of Macau, the Faculty of Business and Law of the University of Saint Joseph, TopSOC Information Security Limited, and Caritas Macau to organise the “Introduction to Organisational Cyber Resilience Management” workshop which was attended by over 45 managers and directors of Macau CSOs. This was the first in a series of cyber resilience capacity-building workshops designed to help CSOs in Macau enhance organisational cyber awareness and take appropriate cybersecurity measures.
The following topics were discussed at the workshop:
-
IT management in service organisations
Participants were introduced to IT use and management in service organisations. The benefits and challenges of different IT deployment models to support organisational cyber resilience were highlighted.
-
Organisational risk management
Participants were introduced to risk management processes which they could integrate into their organisational governance and operational processes to anticipate and deal effectively with potential adverse events. Through interactive activities, participants were able to assess the risk landscape of their organisations and identify risk response options.
-
Cybersecurity risk management and cyber threats in Macau
The three fundamental goals of cybersecurity - Confidentiality, Integrity, and Availability (the CIA Triad) of the organisation’s systems, network, and data, as well as a range of socio-technical cyber threats, the impacts on organisations, and the countermeasures, were introduced. To help participants make sense of the local threat landscape, several cybersecurity incidents in Macau were also reviewed.
-
Local cybersecurity landscape
The workshop ended with a review of the local cybersecurity landscape, exploring the cybersecurity-related key legislations, including the Personal Data Protection Act and the recent Macau Cybersecurity Law. Key questions that were raised included the implications of the legislations on compliance requirements and non-compliance consequences for third-sector organisations, particularly CSOs that provide social and community services.
While CSOs are not currently considered as critical infrastructure operators in Macau Cybersecurity Law, the day-to-day reliance of vulnerable groups on CSOs’ services and the evolving nature of the law suggest that it is essential for CSOs to be well-prepared and aware of potential adverse cyber events. This is particularly relevant when local CSOs like Caritas increasingly depend on the use of ICT resources to provide educational, social, and medical services to the beneficiaries, ranging from digital databases for confidential documentation to medical systems for timely delivery of medicines to patients.
The cyber resilience capacity-building workshop series is part of the Smart Citizen Cyber Resilience project, which aims to enhance the resilience of the civil society in smart digital futures, in Macau, the Asia-Pacific region, and around the world. Applying a quadruple-helix partnership model, the project places a strong focus on the collaboration between the government, private sector, academia, and civil society organisations to develop and implement solutions towards achieving a whole-of-society cyber resilience. This holistic approach to cyber resilience-building aligns with the objectives elucidated in SDG11, the Sendai Framework, and the New Urban Agenda.
To enhance cyber resilience at all levels of the CSOs, subsequent capacity-building activities targeting the personnel of Macau CSOs are planned for next year.