AC: There are four ways of looking at this. First, the Web has opened up infrastructures not just to workers, customers, suppliers, but also hackers.

Second, hackers are increasingly sophisticated--there are from nation states; organized cyber crimes by criminal ecosystems and elaborated supply chain of attack designers, money launderers, and information stealers.

Third, we can leverage virtualization technology in the cloud to improve security by consistently applying policies and updates to all virtual machines. But if we don't take advantage of virtualization and do all these, the glass could end up half-empty.

Fourth, IT organizations need to manage control when it comes to BYOD. They also need the ability to tell the difference between a normal transaction or flow of information and the abnormal ones. On top of that, IT needs to create security constructs that can leverage features of individuals' devices in some instances, but work independently in others--I think this is the answer to BYOD.

CWHK: What were Hong Kong customers especially the banks' responses to the RSA security breach last year? What did RSA do to ensure the effectiveness of its two-factor-authentication tokens?