A dedicated division was set up to strengthen information security management.
In view of the growing importance of information security and increasingly rampant cyber attacks, WT set up a dedicated Information Security Department and installed a Chief Information Security Officer at the level of deputy general manager in 2022. The Department, composed of one dedicated director and two dedicated personnel, is responsible for information security incident investigations, system vulnerabilities disclosure, and new information security architecture evaluation and introduction, etc. The main tasks that have been completed are as follows:
1. The ISO/IEC 27001:2013 and CNS 27001:2014 verifications were obtained in 2022 (valid until October 31, 2025), and the threats and impacts posed by information security incidents were reduced through standardized and systematic control and management;
2. A dedicated information security mailbox was set up to receive external information security notifications from customers, suppliers, integrated cyber threat intelligence providers, information equipment suppliers, service providers, etc.
3. A dedicated person was appointed to collect, analyze and keep record of information on important information security news, vulnerability releases, zero-day attacks, and vulnerability utilization trends, and rate incidents for severity. Incident severity levels have been internally defined. The contact person in the information division keeps record of incidents, and, in the case of a major information security incident, immediately notify the Chief Information Security Officer. The Information Security Department must verify, eliminate and resolve the information security incident within the target processing time. After the handling is completed, the Incident Response team (IR team) must conduct root cause analysis, track and record the implementation effectiveness of corrective measures, so as to continuously improve the intervention methods and prevent recurrence of similar incidents. In addition, information security incidents have been divided into four severity levels, and their response mechanisms and standard operating procedures are formulated respectively to speed up the recovery time of information system services.
spam emails intercepted
threats intercepted at endpoint
social engineering exercise messages
international information security certificates, and more than
intensive training session for core system related personnel and supervisors
threatening emails detected
system and software vulnerabilities repaired
phishing hit rate in the latest drill
of professional training
security awareness training session for all employees
ISO 27001 certification was obtained and
employees’ awareness of information security strengthened
The pandemic hit the world and changed the way we live and work. Working from home and mobile office have become normal. Corporate information security is exposed to breaches when employees are not working in the secure environment of the Intranet. Strengthening employees’ awareness of information security has thus become crucial to information safety. Social engineering exercises were introduced in 2021 to integrate security awareness into daily work for early threat detection and intervention. In 2022, social engineering exercises and training continued on a monthly basis with randomly selected scenarios. Those insufficiently aware of information security were trained again and reported to their direct superiors, and their training results tracked regularly. In 2022, 118,297 social engineering exercise letters were sent, and the proportion of employees who were phished in the exercises dropped from 1.1% in 2021 to 0.7% in 2022. in October 2022, a refresher training on information security awareness was organized for all the Group’s employees. Of the 2,552 employees required to complete the training, 19 dropped before it ended. They either applied for leave without pay, began maternity leave, or departed the Group. A total of 2,533 completed the course and passed the test (100% pass rate). Note that the employees of Excelpoint Technology were not on the training list as the merger happened in September 2022 and the integration was not yet completed. One session of intensive training for core system related personnel and supervisors was also completed.
Hacker attacks and intrusion methods are constantly changing. In addition to constantly exploring system vulnerabilities, they even use zero-day attacks to hack the system before the vulnerabilities are patched. At the same time, they steal employees’ account usernames and passwords through social engineering and access the Intranet. These non-conventional approaches can no longer be blocked by traditional signature-based protection. In response, WT introduced network detection response (NDR) and endpoint detection response (EDR) enabled by artificial intelligence. The NDR blocks anomalous network activities that deviate from the baseline on the first line; while the EDR contains a threat when the system failed to detect and block the threat before it made its way to an endpoint.
As information security threats are ongoing, we use hosting services such as security operation center (SOC) and managed detection response (MDR) provided by third-party vendors to monitor information security threats in real-time 24/7/365, and rely on ISO 27005 information security risk management on the basis of ISO 27001 to identify suspicious threats. We also adopt security design principles and in-depth defense approach to further strengthen security in such aspects as management, data, endpoint protection, application, network, third-party supply, etc.
Information Security Management and Protection
Software, hardware and network protection and monitoring
WT has a dedicated information security mailbox to receive external information security notifications from customers, suppliers, Taiwan Computer Emergency Response Team (TWCERT), information equipment suppliers, service providers, etc. A dedicated person is also appointed to collect, analyze and keep record of information on important information security news, vulnerability releases, zero-day attacks, etc. and rate incidents for severity. Incident severity levels have been internally defined. The contact person in the information division keeps a record of incidents, and, in the case of a major information security incident, immediately notify the Chief Information Security Officer. The Information Security Department must eliminate and resolve the information security incident within the target processing time. After the handling is completed, the Department must conduct root cause analysis, track and record the implementation of corrective measures, verify their effectiveness, and use Plan-Do-Check-Act (PDCA) for continuous improvement and recurrence prevention.
10 tips to improve personal cybersecurity
In addition to raising security awareness, WT also provides specific methods for employees and suppliers to improve personal cybersecurity, such as:
1.Implement anti-virus software endpoint protection for personal computers and servers, update and scan regularly, and enable behavior analysis modules for endpoint security.
2.Use external network firewall device with application identification capabilities, intrusion prevention, and advanced threat protection, visualization, and information security data monitoring to enhance the defense.
3.Use micro-segmentation and whitelisting of accessible services on the Intranet firewall to block improper access and reduce risk exposure.
4.Distinguish employees and visitors with identity recognition modules, and separate their access paths.
5.Add an advanced threat protection module to the basic spam identification to improve the ability to diagnose contents of letters, so as to effectively block spam or phishing letters, and prevent the risk of sensitive data being stolen.
6.Introduce AI-enabled machine learning endpoint/network detection and response protection (EDR/NDR), which establishes a baseline of normal user behavior through self-learning, and then detects and blocks anomalies.
7.Use outsourced SOC and MDR services for 24/7 information security threat monitoring and analyses.
8.Use vulnerability scanning system to keep abreast of system vulnerabilities, and continue to track and improve.
9.Introduce multi-factor authentication to reduce the risk of account usernames and passwords being stolen.
10.Keep on running social engineering exercises and training to enhance employees’ information security awareness.
System backup and information security incident management
Backup and recovery plan in case of malicious intrusion
WT has comprehensive network and computer-related information security protection measures in place. Nevertheless, no matter how perfect the protection measures are, they cannot 100% guarantee that the Company’s core system is safe from black swan or gray rhino incidents. Therefore, our top priority is to increase the Company’s resilience and ensure the system can be quickly brought back to operation. Therefore, in addition to further investing in information security software and hardware, we continue to strengthen our continuous operation capabilities, so that the Company’s operations can be resumed in the shortest time in the event of an information security incident.
Information security capabilities was further improved to equip the Company with first-class operating capabilities
WT’s operation is based on continuous delivery capability. WT is committed to providing products and services that meet confidentiality, integrity and usability requirements. In order to be a first-class enterprise in the sector, we apply and introduce international information security frameworks, and continuously strengthens the security control measures to ensure a high level of information security protection capabilities. We therefore constantly evaluate the information security protection mechanism from point, line and plane, and develop different technical combinations to shorten the system recovery time. In addition, information security management system verification and red team exercises, etc. were introduced to review and upgrade the system with the assistance of independent organizations. In 2022, a number of external power outages happened unexpectedly. As a precaution against unexpected power outages, WT conducted a power supply abnormality exercise to ensure that emergency generators can be activated immediately and normal operation of the facilities and systems can be maintained. After the exercise, it was confirmed that the emergency response procedures were appropriate and all the facilities and systems were in normal operation.
By strengthening information security and employees’ security awareness, there were no sensitive information leakage or major information service interruption incidents, nor financial losses caused to customers or suppliers in 2022.
Information security concerns of stakeholders were addressed
Through annual routine information security self-assessment questionnaires returned from our customers and suppliers, information security management evaluations conducted by the competent authorities, and inquiries raised on specific information security topics, the questions and concerns we heard from the customers in 2022 were mainly about the handling of major vulnerabilities, security controls and measures, ISO 27001 certification, information security management for sustainable operation, etc. The Information Security Department has answered all the questions to meet stakeholders’ expectations and requirements.