CrossWise InfoTech Limited

Author: Sender Su

  • A Glimpse into the 2025 Hong Kong Cybersecurity Summit

    A Glimpse into the 2025 Hong Kong Cybersecurity Summit

    This year’s Hong Kong Cybersecurity Summit was postponed to November due to a typhoon. Coincidentally, Sender Su, Founder of Langji Tech, had just wrapped up a major phase of work and was able to attend this industry gathering.

    The summit’s theme—“Future-Proofing Digital Infrastructure: Harnessing AI for Enhanced Security and Resilience”—reflected the growing centrality of artificial intelligence in cybersecurity. While last year’s event featured distinguished academicians as keynote speakers, this year’s program placed even greater emphasis on practical AI applications. With AI now deeply embedded in both offensive and defensive cyber operations, discussions naturally revolved around its evolving role and implications.

    Speakers explored how AI is being deployed in cyber offense and defense, as well as the security measures needed to protect AI systems themselves—particularly large language models (LLMs). Data security surrounding LLMs emerged as a recurring focal point, aligning closely with Langji Tech’s forward-looking strategy. In fact, our team began strengthening cybersecurity frameworks for enterprise LLM adoption well before these concerns gained mainstream attention.

    Beyond AI, the summit also addressed significant shifts across the broader security landscape—from infrastructure design to regulatory compliance.

    Globally, for instance, SSL/TLS certificate lifespans are being progressively shortened. According to the CA/Browser Forum’s approved roadmap, starting March 15, 2029, all newly issued SSL/TLS certificates will have a maximum validity period of 47 days. While this enhances overall security, it introduces new operational risks—most notably, a higher likelihood of accidental certificate expiration due to more frequent renewal cycles. Meanwhile, the integration of post-quantum cryptographic algorithms into digital certificates is also gaining momentum, with gradual adoption expected in the coming years.

    On the local front, Hong Kong’s first Cybersecurity Law—the “Security of Critical Infrastructure (Computer Systems) Ordinance”—will take effect on January 1, 2026. This legislation will impose clear compliance obligations on responsible personnel within critical sectors. Compounding the pressure, threat actors are increasingly leveraging AI to conduct sophisticated intrusion, data theft, and ransomware campaigns. As in last year’s summit, many attendees were seen snapping photos of presentation slides during threat landscape briefings—a telling sign of the mounting anxiety in the room.

    Full text of the ordinance (in English):
    https://www.legco.gov.hk/yr2025/english/ord/2025ord004-e.pdf

    Among exhibitors, one mainland-based headline sponsor stood out for its strong localization efforts—particularly in building a capable local team well-integrated into the Hong Kong market.

    As a final note—and a uniquely Hong Kong touch—the summit doubled as a civic engagement platform ahead of the upcoming Legislative Council elections. Campaign flyers were distributed throughout the venue, and nearly every government-affiliated speaker concluded their talk with an earnest call for attendees to vote. CrossWise InfoTech joins in this spirit of civic participation and encourages everyone to cast your ballot on December 7!

    References:
    CA/Browser Forum 官網:
    https://cabforum.org/

    Ballot SC081v3:Introduce Schedule of Reducing Validity and Data Reuse Periods
    https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/

  • Know Yourself and Know Your Enemy: Enterprises Need Cybersecurity Audits to Combat Online Fraud

    Know Yourself and Know Your Enemy: Enterprises Need Cybersecurity Audits to Combat Online Fraud

    The founder of CrossWise InfoTech Limited as full member of HKCS, recently attended an online seminar titled “Let’s Secure as we Digitalise”, jointly organised by the HKDPO, co-organised by the CSTCB/HKPF, supported by the HKCS. During the event, professionals from each participating organisation shared real-life cyberfraud cases and practical countermeasures from their respective areas of expertise.

    Cyberfraud has been a persistent issue in Hong Kong in recent years, with victims losing increasingly large sums of money — a trend that many readers are likely already aware of. The reason this seminar was named “Let’s Secure as we Digitalise” is that frequent fraud incidents can significantly affect businesses, especially small and medium-sized enterprises (SMEs), that are planning or undergoing digital transformation. These scams may even hinder the government’s broader efforts to promote digitalisation across society.

    However, a seminar is just the beginning. For enterprises that are considering or have already embarked on the path of digital transformation, taking the first step towards cyber fraud prevention is crucial. In reality, however, many business owners struggle to identify exactly what that first step should be.

    From the perspective of CrossWise InfoTech’s founder, the answer lies in the ancient wisdom of Sun Tzu’s “Art of War“: “Know yourself and know your enemy, and you will never be in peril.

    Since we are already aware of the various fraud tactics used online, it makes sense to evaluate whether our own defences are strong enough.

    Therefore, the right first step is to conduct a cybersecurity audit — a comprehensive assessment of an enterprise’s cyber defence capabilities based on industry standards. Through such an audit, companies can identify the risks they face in daily operations, with particular focus on areas most vulnerable to cyberfraud or other cyber threats. Based on the audit findings, and taking into account the company’s risk tolerance and financial resources, appropriate cybersecurity management measures can be designed and implemented, along with necessary technical safeguards.

    CrossWise InfoTech Limited offers customised cybersecurity audit services tailored specifically for SMEs and organisations across different sectors. Leveraging the founder’s extensive experience in enterprise IT governance and threat response, we provide actionable and effective recommendations to help clients strengthen their cyber resilience.

    At its core, cybersecurity is a battlefield of attack and defence. Thus, age-old military wisdom like that found in Sun Tzu’s “Art of War” remains highly relevant today. Both cybersecurity professionals and business leaders would benefit from reflecting deeply on these timeless strategies.

    • HKDPO: Hong Kong Digital Policy Office
    • CSTCB/HKPF: Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force (HKPF)
    • HKCERT: Hong Kong Computer Emergency Response Team Coordination Centre by HKPC
    • HKCS: Hong Kong Computer Society

    Photo of this article is shot by CrossWise InfoTech Limited.

  • Founder of CROSSWISE INFOTECH LIMITED Participates in the “Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities” Seminar as a Professional Member of HKCS

    Founder of CROSSWISE INFOTECH LIMITED Participates in the “Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities” Seminar as a Professional Member of HKCS

    On May 16, 2025, Sender Su, founder of CROSSWISE INFOTECH LIMITED, participated in the seminar titled *“Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities”*, jointly organized by the Hong Kong Computer Society (HKCS) and the Hong Kong Institute of Human Resource Management (HKIHRM), in his capacity as a professional member of HKCS.

    article banner

    The two-hour session was fast-paced, focused, and packed with insightful content. Speakers from different organizations shared their experiences of adopting AI in corporate governance and human resources management. They discussed the challenges encountered during implementation, explored both proactive and reactive solutions, and answered several thought-provoking questions from the audience.

    At the heart of these discussions was a common issue: how to deal with the negative impacts that may arise during the adoption of new technologies.

    Drawing from over two decades of experience in the IT industry and as a senior executive leading technology projects, Sender believes that whenever a new technology is introduced into a non-IT company — from initial awareness, evaluation, and adoption to eventual value creation — it often faces skepticism or even criticism from people at all levels of the organization.

    The key to handling such resistance lies in building and maintaining a culture of responsibility.

    Whether applying AI at the strategic level of corporate governance or in specific functions like HR management, the ultimate goal remains the same — to empower sustainable business growth and enable both employees and the company to grow together.

    However, unlike previous technological advancements, AI based on large language models demonstrates an unprecedented level of “human-like” capability. It not only mimics human language but, in some cases, can be difficult to distinguish from real people. This feature brings great potential for efficiency gains, but also introduces new management challenges.

    On the positive side, effectively integrating AI into business operations can significantly improve the efficiency of management processes, enhance decision quality, and accelerate execution. On the flip side, without proper guidance and oversight, employees across all levels may become overly reliant on AI, leading to complacency and a decline in critical thinking — ultimately weakening individual accountability.

    But in business, accountability always rests with people, not machines. AI cannot be held responsible, nor can it be punished — unplugging it as a form of punishment is simply a joke.

    Therefore, CROSSWISE INFOTECH LIMITED advocates that as companies adopt AI, they must simultaneously strengthen internal systems of responsibility. This includes, but is not limited to:

    Restructuring governance frameworks to ensure ethical and compliant use of AI;

    Optimizing institutional design to align responsibilities with AI-related tasks;

    Upgrading employee training to build understanding, analytical skills, and critical thinking around AI outputs;

    Adjusting performance mechanisms to incorporate AI-related duties into KPIs and reinforce a sense of accountability.

    In short, organizations need to cultivate both the ability and mindset for employees to question, evaluate, and apply AI-generated outputs responsibly — only then can they truly overcome challenges and seize opportunities.

    Only by doing so can businesses build a governance system that not only addresses the challenges brought by AI, but also fully unleashes its potential. In fact, the successful adoption of any new technology depends heavily on a clear framework of accountability and a strong organizational culture — principles that CROSSWISE INFOTECH LIMITED has consistently upheld throughout its digital transformation journey.

    Article photo is shot by CrossWise.

  • The First Question in Implementing AI: Cloud AI or On-Premises AI?

    The First Question in Implementing AI: Cloud AI or On-Premises AI?

    The founder of CrossWise InfoTech Limited, as a full member of the Hong Kong Computer Society (HKCS), recently participated in an offline seminar hosted by HKCS titled “Retail Tech Industry Group Seminar – Unlocking AI with Proven Use Cases.”

    The topic discussed at the seminar was highly relevant and appealing to SMEs: leveraging AI technology can significantly boost productivity without increasing headcount.

    Having previously served as the IT Director of a large enterprise group, the founder of CrossWise InfoTech Limited is well-versed in using IT to enhance operational efficiency. Therefore, we strongly believes that appropriate adoption of AI can bring even greater productivity gains than conventional IT solutions.

    However, any decision must be made from a multi-dimensional perspective. For SMEs, the primary consideration has always been — and will always remain:

    Cost-effectiveness.

    If the investment does not justify the return, then talk about AI implementation or digital transformation becomes meaningless.

    Therefore, when potential returns are uncertain, how to effectively control the cost of adopting AI while ensuring the business keeps up with technological trends—without overextending and becoming a casualty—is a key dilemma for business owners.

    Deploying AI on-premises requires purchasing and setting up AI all-in-one servers, costing anywhere from tens of thousands to over one hundred thousand Hong Kong dollars. More importantly, businesses must have a suitable environment to house these machines for stable operation. In a space-constrained city like Hong Kong, this is often a major challenge. Fortunately, electricity costs remain relatively low.

    On the other hand, cloud-based AI services are typically charged per “token.” Since this is a technical term, and different languages, word choices, sentence structures, and even particles can affect token consumption, CrossWise recommends estimating costs assuming 1 Chinese character equals 1 token.

    For standard use cases that do not involve complex computations or analysis, the cost is actually very affordable. Processing one million Chinese characters costs approximately HKD 35 — roughly equivalent to a two-dish lunch set.

    Of course, some business owners may wonder: one million Chinese characters sounds like a lot, but how long would that really last?

    The answer depends entirely on the specific use case. If AI is used internally for non-text-intensive operations, based on CrossWise’s experience, each transaction typically generates around 5,000 characters of data. One million characters could therefore support around 200 transactions.

    From this perspective, the cloud-based AI services clearly offers better value.

    However, for text-intensive operations, each transaction may generate at least 20,000 characters — four times more than non-text-heavy processes. In this case, one million characters would only cover around 50 transactions. The good news is that such operations usually command higher fees, helping to offset the costs.

    Taking the above calculations into account, along with the challenges associated with on-premises deployment, it becomes clear that for SMEs in Hong Kong, the preferred option for AI implementation remains cloud-based AI services.

    Yet, implementing AI involves more than just calculating operating costs. There are also hidden expenses such as process automation reconstruction, integration with existing systems, and more.

    Even more overlooked by many business owners is what CrossWise will explore in our next article:

    Data compliance and privacy protection.

    * Article photo is shot by CrossWise.

  • How to Ensure the Delivery of IT Projects as the Project Lead?

    How to Ensure the Delivery of IT Projects as the Project Lead?

    In the process of enterprise informatization and digital transformation, various types of IT projects are required. Some project leads may think that since the contract is signed, if the delivery is unsatisfactory, they can simply execute the contract, withhold the final payment, or even claim compensation, believing there will be no loss.

    However, in reality, in the competitive market, delays in project delivery, or even failure to deliver, cannot be simply compensated by withholding contract payments or claiming compensation.

    Time is the most valuable resource. The business world is like a battlefield; being one step ahead means staying ahead, while being one step behind means lagging behind. Delayed or failed project delivery equates to falling behind competitors. Whether starting over or increasing investment to catch up, it cannot compensate for the competitive disadvantage.

    Therefore, as the project lead, after confirming the supplier and starting the project construction, it is essential to proactively follow up on the project progress, anticipate and eliminate project risks, and study and resolve project obstacles, thereby pushing the supplier forward rather than being driven by the supplier.

    The most crucial management approach is to assign dedicated personnel with specific responsibilities.

    However, most project leads, especially small and medium-sized enterprises (SMEs), do not have the conditions to assign dedicated personnel with specific responsibilities. Therefore, an experienced IT consulting services company that understands the practical implementation of information technology and can take on the role of project construction, such as our company, CrossWise InfoTech Limited, should be a consideration for project leads.

    * Article photo is shot by CrossWise.