Category: Information Security

Enhancing Information Security

Posted on by web.it

To ensure the confidentiality, integrity, and availability of WT information assets, as well as to comply with relevant laws and regulations and mitigate operational risks caused by internal and external threats, an information security policy has been established based on business needs. This policy applies to WT and its subsidiaries that are 100% directly or indirectly owned, controlled, or provide sales and services for the group. It also applies to all personnel within these organizations, including outsourced service providers, interns, and visitors. Information security clauses are incorporated into external contracts accordingly. 

Establishing a dedicated department to strengthen information security management

According to the World Economic Forum (WEF) Global Risks Report 2024, “misinformation and disinformation” rank as the number one global risk over the next two years and fifth over the next ten years. The widespread dissemination of false information makes it difficult for individuals and organizations to make accurate decisions and may increase the cost of verifying information. Meanwhile, “cyber insecurity” ranks fourth and eighth over the next two and ten years, respectively. Increasingly complex cyber espionage and cybercrime activities, such as loss of privacy, data fraud, or data theft, pose significant threats. A failure in information security defenses could lead to data breaches and ransomware attacks, or in more severe cases, disruptions to core systems that result in major operational losses and reputational damage.

In view of the growing importance of information security and the proliferation of cyber-attacks, WT Information Security Department is overseen by a Vice-President-level Chief Information Security Officer (CISO). The department is staffed with two dedicated managers and five full-time specialists. Their responsibilities, including security-risk management, incident investigation, vulnerability disclosure, and the assessment and implementation of security architectures, were reported to the Board of Directors on 5 November 2024.

During 2024, no major information security incidents involving the leakage of sensitive data or interruptions to information services occurred, and no financial losses were incurred by customers or suppliers because of security events.

To continually enhance professional capabilities in information security, the company uses the acquisition of security certifications as a performance-review mechanism.In 2024, the team earned four internationally recognized credentials – CCSP, Google CyberSecurity, CEH, and intermediate-level iPAS, covering cloud security, penetration testing, and auditing.In addition to its existing memberships in cooperative defense groups such as the Taiwan CERT/CSIRT Alliance and the Taiwan Chief Information Security Officer Alliance, the company joined the Information Service Industry Association of the R.O.C. (CISA) to share intelligence on security trends and threats, thereby strengthening its joint-defense ecosystem.

Ongoing enhancement of employee cyber-security awareness 

As traditional perimeter defenses lose effectiveness, employee awareness has become pivotal to cyber-security management. Since 2021, WT has conducted monthly social-engineering drills using random phishing templates. Employees who click on suspicious links undergo retraining and their immediate supervisors are notified; results are regularly tracked to reduce awareness-related threats. Beginning in 2024, the scope of our security-awareness training and phishing-simulation exercises was expanded to cover employees from both Excelpoint and Future Electronics.

Awareness Initiative-2024 Results

∙ Security-Awareness Training ⎯ 
Following recent acquisitions, group-wide training began in September 2024. Of 7,476 employees required to attend (136 on unpaid leave, parental leave, or resigned), 6,945 completed the course and passed the test – a 92.8 % completion rate.
∙ Social-Engineering Drills ⎯ 
278,037 phishing e-mails sent; click-through rate 0.7 %, outperforming the 5 % industry average.
∙ Advanced Professional Training ⎯ 
One intensive session delivered to core-system personnel and managers.

Strengthening the security framework to build corporate resilience

Guided by ISO 27001 and the NIST Cybersecurity Framework, WT applies defense-in-depth and secure-by-design principles across eight layers: governance, data, endpoints, applications, networks, third-party supply, business continuity & incident response, and threat intelligence & joint defense. Residual risks are continuously monitored. External ISO 27001 audits and red-team exercises validate our controls. WT holds ISO/IEC 27001:2013 and CNS 27001:2014 certificates, valid through 2025. Key 2024 actions mapped to the NIST CSF 2.0 functions are:

Govern

Regular security steering meetings brief executives on strategic goal attainment and variance analysis, ensuring alignment between cyber security and business objectives. 
Identify
Enhanced governance and policies; deployed an asset-inventory system and vulnerability scans; evaluated an external risk-management platform for threat identification and analysis. 
Protect
Classified information assets into Tiers 1-3 by sensitivity; enforced network segregation, access controls, endpoint hardening and behavioral monitoring. 
Detect
Implemented a new Endpoint Detection and Response (EDR) solution integrated with Security Information and Event Management (SIEM) and User & Entity Behavior Analytics (UEBA); big-data analytics establish behavioral baselines and accelerate anomaly detection. 
Respond
According to the incident response plan, suspicious anomalies are analyzed and assessed; once an event is verified as genuine, it is classified and handled based on its scope of impact, and the appropriate notification is issued in line with the assigned severity level. To strengthen the physical security and continuous monitoring of the data center, a digital evidence-collection mechanism has been implemented.
Recover
To reinforce the organization’s cyber-resilience and ensure that product and service delivery are not disrupted by “black-swan” or “grey-rhino” incidents, we are closing the last mile of data protection. In addition to adhering to the 3-2-1 backup principle (three copies, two different media, and one off-site location), we have also adopted an offline-media backup solution to further shorten recovery time in the event of a cybersecurity incident.

Strengthening cyber-security governance and network protection 

WT follows a “defense-in-depth” and “security-by-design” approach. Guided by Continuous Threat Exposure Management (CTEM), we proactively identify assets with vulnerable attack paths and apply risk-management controls to reduce both the likelihood and impact of incidents. Our 2024 cyber-security controls include the following:

Threat Intelligence / Inspection

• Daily collection and analysis of domestic & international cyber-security news, open-source intelligence (OSINT), and vendor / ISAC advisories.
• Annual third-party penetration tests or red-team exercises.

Endpoints

• Deployment of Endpoint Detection & Response (EDR) on PCs and servers with regular updates and real-time analytics.
• Activation of behavioral-analysis modules and adoption of Managed Detection & Response (MDR) services.

Data

• Encryption of sensitive data in transit and at rest.
• Annual in-house processing of retired information assets to ensure media are unreadable.
• Engagement of external specialists for de-magnetisation and physical destruction of retired assets, followed by disposal at government-accredited recyclers under escorted, fully logged procedures.

Applications

• Weekly vulnerability scanning with risk-based patch prioritisation and scheduled patch management.
• Implementation of Multi-Factor Authentication (MFA) and regular weak-password checks per NIST 800-63B.
• Use of FIDO2 hardware keys for critical cloud services to mitigate credential theft and brute-force attacks.

Network

• Deployment of next-generation firewalls (NGFWs) featuring application awareness, Intrusion Prevention (IPS) and Advanced Threat Protection (ATP).
• Identity-aware segmentation that separates employee and visitor access paths.
• Enhanced email security with advanced threat-protection modules to improve content analysis.

Addressing customers’ cyber-security concerns

WT’s transactions throughout the supply chain rely heavily on IT systems and online platforms. Customers and original-equipment suppliers regularly evaluate us through cyber-security self-assessment questionnaires and hold ad-hoc discussions on specific security topics. To meet customer requirements, third-party security service providers engaged by the customers carry out host vulnerability scanning and penetration testing to safeguard supply-chain information security.

Sources of Cyber-Security Information
1. Customers 5. Cyber-security service providers
2. Original-equipment suppliers 6. Cyber-security news outlets or specialist websites
3. Cyber-security information-sharing alliances / ISACs 7. Zero-day exploit intelligence and similar alerts
4. IT hardware & software vendors 8. External risk-management platforms

 

Business continuity and emergency response  

24/7 cybersecurity monitoring without interruption

WT has established a dedicated cybersecurity email inbox to receive diverse external threat intelligence, using it to reinforce internal safeguards. The company has also entered into managed-service agreements with third-party providers for a Security Operation Center (SOC) and Managed Detection and Response (MDR). This always-on, 24 × 7 mechanism enables continuous, real-time monitoring of cybersecurity threats.

Regular cybersecurity-incident drills to ensure the fastest possible recovery

To strengthen corporate resilience and maintain high availability of information systems, WT carries out at least one test and drill each year under the Cybersecurity Management System’s Business Continuity Plan. The exercise simulates a primary-system failure, switches the main data center to a remote site, records results in detail, and folds lessons learned into continual-improvement tracking.

Between April and June 2024, unplanned power outages increased by roughly 50 % compared with the same period the previous year. WT therefore continues to run power-failure drills that simulate sudden blackouts, ensuring emergency generators start promptly and all facilities and systems remain operational. Post-exercise reviews confirmed that the response procedures are appropriate and that every facility and system functioned normally throughout the test.

Establishing cybersecurity reporting tiered management & rapid response

WT has issued a Security-Incident Management Procedure that defines four severity levels and the associated escalation flow. When an incident occurs, the person who discovers it reports the details or security staff perform an incident determination; notifications are then sent in line with the assigned level. If the incident is classified as “major”, it must be reported immediately to the Chief Information Security Officer (CISO), who in turn briefs the General Manager for follow-up emergency-response management.

The IT department must eliminate and resolve cybersecurity incidents within the target resolution time. After closure, it conducts a post-incident review and implements improvement actions to prevent recurrence. If an incident results from an individual employee’s behavior, the root cause and impact are assessed and disciplinary measures are imposed in accordance with work rules.

In 2024, five cybersecurity incidents occurred. All were classified as non-major and involved credential leakage; each was handled and contained immediately, resulting in no impact. None of the incidents led to any compromise of core services or leakage of sensitive data.

WT Information Security Incident Flow Chart

Backup measures when the system is under attack

Local data snapshot Once every hour If the hardware is intact, the fastest way to recover compromised data.
Remote replication Real-time replication to the backup center, plus off-site snapshots When the primary data center suffers a force-majeure event or a failure that cannot be restored immediately, the COO authorizes switching system services to the backup center.
Off-site storage of backup media Daily backup; offline media moved off-site weekly If both the primary data center and the backup center are unable to provide service, data restoration and system rebuild will be carried out from the offline backups.

2024 WT’s Cybersecurity Performance

∙ Two rounds of company-wide cybersecurity-awareness training, plus one intensive session for core-system personnel and managers.

∙ Phishing-simulation campaign: 278,037 emails sent; employee click-through rate 0.7%, comfortably below the 5% industry average target.

Blocked 39,553,348 spam emails and shielded against 1,576,611 malicious emails.

Intercepted 28,782 endpoint-threat events.

Patched 134,736 system and software vulnerabilities.

Earned four additional international cybersecurity certifications and logged 200+ hours of professional training.

2025 cybersecurity management plan

Security-Management Mechanisms Continue to reinforce and improve cybersecurity governance, using scenario-based plans and drills to boost organizational resilience.
Hold a monthly cybersecurity meeting to review internal and external threats, and convene a semi-annual management-review meeting to track improvements.
Security-Control Measures Keep strengthening identity management, micro-segmentation, and visibility to build a comprehensive security infrastructure.
Monitor new technologies for both opportunities & risks, and adjust the architecture and defenses accordingly.
Further enhance SIEM/UEBA (for visibility) and SOAR (security orchestration, automation, and response); leverage AI to analyze system logs and identify potential risks, using automated responses to minimize impact.
Security Awareness & Training ∙ Provide ad-hoc awareness campaigns and training based on real cases to keep employees vigilant; add content on AI deep-fake scams and emerging frauds, including safe-AI-use tips and cautions about unfamiliar sources.
Upgrade cybersecurity staff competencies by continually acquiring relevant international certifications, equipping them to counter evolving external attacks and internal requirements.
Joint Defense & Supply-Chain Collaboration Keep strengthening overall supply-chain security and actively participate in joint-defense forums to obtain the latest threat intelligence.
Continue to meet customer requirements through security assessments, vulnerability scans, and penetration tests.

Protecting corporate assets with enhanced overall supply chain information security

Posted on by vicky_yeh@bwnet.com.tw

In order to ensure the confidentiality, integrity and availability of WT’s information assets, to comply with the requirements of relevant laws and regulations, to protect them from internal and external deliberate or accidental threats, and to meet business needs, information security policies have been formulated as a basis for compliance to effectively and reasonably mitigate operational risks. The policies are applicable to WT and its affiliates, subsidiaries that are 100% directly or indirectly owned, controlled by WT, subsidiaries that sell or provide services for the Group, all personnel of the mentioned organizations, outsourcing service providers, student workers, and visitors, etc. In addition, information security clauses have been added to external contracts.

According to the 2023 World Economic Forum (WEF) Global Risk Report, “Widespread cybercrime and cyber insecurity” is ranked as the 8th risk within 2 years and 10 years. With increasingly complex cyber espionage or cyber crimes, such as loss of privacy, data fraud or data theft, compromised information security protection may lead to data leakage and blackmail risks, and even core system disruptions, causing serious business losses and damaged goodwill.

In view of the growing importance of information security and increasingly rampant cyber attacks, WT’s Information Security Department is headed by Chief Information Security Officer at the level of deputy general manage. The Department, composed of one dedicated director and two dedicated personnel, is responsible for information security risk management, incident investigation, system vulnerabilities disclosure, and information security system evaluation and introduction, etc. Following the establishment of the Sustainable Development Committee, information security management strategies and results will also be presented to the Sustainability Development Committee before being submitted to the Board. There were no major information security incidents involving sensitive information leakage or information service disruption in 2023, and no financial losses were caused to customers or suppliers due to the information security incidents.

Information security certificates are used as a mechanism to check and continuously improve information security professional capabilities. In 2023, a total of six international certificates in information security governance, information security management and auditing were obtained, including CEH Master, CISA, and ISO 27001 Lead Auditor. In addition, WT has joined joint information security defense organizations such as Taiwan CERT/CSIRT Alliance and Taiwan Chief Information Security Officer Alliance to strengthen the joint information security defense system by identifying relevant information security trends and sharing threat intelligence. At a meeting of the Taiwan Chief Information Security Officer Alliance in 2023, WT shared its supply chain security practices, explaining how to help vendors improve their information security capabilities and strengthen overall supply chain security protection.

Regular refresher training to raise employee safety awareness

While conventional information security protection boundaries are no longer effective, employee security awareness has become an important part of information security management. From 2021, randomly selected phishing templates are sent out every month for social engineering exercises. For employees who click on phishing emails, there is a system in place to require refresher training, notify their direct supervisors, and keep track of the training results, in order to reduce information security threats caused by employees lacking information security awareness.

 

Implementing information security management system to upgrade corporate information security resilience

Based on ISO 27001 and NIST CSF, WT introduced and strengthened its security control measures, constantly evaluates its information security protection mechanism from point, line and plane, and develops different technical combinations. It also adopts defense-in-depth approach and security-by-design principles to further strengthen multi-layer security in eight aspects, which are management, data, endpoint, application, network, third-party supply, business continuity and emergency response, intelligence integration and joint defense, so as to reduce impact of information security risks to acceptable levels and continuously monitor residual risks. In addition, ISO 27001 verification and red team exercises were performed by third-party institutes to verify the effectiveness of management mechanisms and system security protection, and strengthen information security resilience. WT is ISO/IEC 27001:2013 and CNS 27001:2014 verified via TCIC, with certificates valid until 2025. The information security measures it took in 2023 with regard to the five NIST CSF core functions were as follows:

Five major measures to improve information security control and network protection

WT adopts defense-in-depth approach, security-by-design principles, and continuous threat exposure management (CTEM) concept to identify assets that are vulnerable to attack paths. WT manages risks to reduce the probability and impact of threats. Its information security control measures in 2023 include :

Response to customers’ information security concerns

WT relies heavily on information systems and online transactions to conduct business with its upstream and downstream partners. WT regularly returns information security self-assessment questionnaires to customers and vendors, and communicates with them on specific information security issues from time to time. In addition, to meet customer requirements, a third-party information security service provider is commissioned by a customer to perform host vulnerability scanning and penetration testing to ensure supply chain information security.

Business continuity and emergency response

24/7 information security monitoring

WT has a dedicated information security mailbox to receive information security notifications from external sources to inform internal security improvement.

Regular information security incident exercises to ensure recovery in the shortest possible time

To enhance corporate resilience and maintain high availability of the information system, tests and exercises are conducted at least once a year according to the business continuity plan of the information security management system. The exercise involves a simulated incident in the main system, switch of the main data center operation to offsite, detailed record of the exercise and results, and subsequent review and follow-up of continuous improvement.

In 2023, the number of unexpected power outages decreased by 25% relative to 2022. Nevertheless, WT continued to conduct a power supply abnormality exercise to ensure that emergency generators can be activated immediately and normal operation of the facilities and systems can be maintained. The exercise proved that the emergency response procedures were appropriate and all the facilities and systems were in normal operation.

Setting up information security notification system for hierarchical management and rapid response

WT has security incident management procedures in place, which classify information security incidents into four levels and specify notification procedures accordingly. The individual who spots an information security incident reports it to IT or information security personnel who then determines whether it is an incident and its level before forwarding accordingly. A critical incident will be immediately reported to the Chief Information Security Officer, who will pass it on to the General Manager for emergency response.

The information department must remove and resolve information security incidents within the target time, and conduct reviews and improvement measures after the incident is concluded to prevent its recurrence. If the assessment of the incident cause and impact find that the incident was caused by an employee’s behavior, he or she will be punished in acordance with the work rules.

 

A total of four information security incidents occurred in 2023, all of which were non-critical. Three of them involved leaked passwords, which were all responded to and handled immediately and caused no impact; and the other involved an external network anomaly experienced by WT’s network service provider, and the traffic was instantly redirected to the backup route. No core services, confidential or sensitive data, or confidential information related to transactions with customers or vendors were leaked in these incidents.

 

A dedicated division was set up to strengthen information security management

Posted on by janis_wu@bwnet.com.tw

In view of the growing importance of information security and increasingly rampant cyber attacks‭, ‬WT set up a dedicated Information Security Department and installed a Chief Information Security Officer at the level of deputy general manager in 2022‭. ‬The Department‭, ‬composed of one dedicated director and two dedicated personnel‭, ‬is responsible for information security incident investigations‭, ‬system vulnerabilities disclosure‭, ‬and new information security architecture evaluation and introduction‭, ‬etc‭. ‬The main tasks that have been completed are as follows‭:‬

  1. The ISO/IEC 27001:2013‭ ‬and CNS 27001:2014‭ ‬verifications were obtained in 2022‭ (‬valid until October 31‭, ‬2025‭), ‬and the threats and impacts posed by information security incidents were reduced through standardized and systematic control and management‭;‬
  2. A dedicated information security mailbox was set up to receive external information security notifications from customers‭, ‬suppliers‭, ‬integrated cyber threat intelligence providers‭, ‬information equipment suppliers‭, ‬service providers‭, ‬etc‭.‬
  3. A dedicated person was appointed to collect‭, ‬analyze and keep record of information on important information security news‭, ‬vulnerability releases‭, ‬zero-day attacks‭, ‬and vulnerability utilization trends‭, ‬and rate incidents for severity‭. ‬Incident severity levels have been internally defined‭. ‬The contact person in the information division keeps record of incidents‭, ‬and‭, ‬in the case of a major information security incident‭, ‬immediately notify the Chief Information Security Officer‭. ‬The Information Security Department must verify‭, ‬eliminate and resolve the information security incident within the target processing time‭. ‬After the handling is completed‭, ‬the Incident Response team‭ (‬IR team‭) ‬must conduct root cause analysis‭, ‬track and record the implementation effectiveness of corrective measures‭, ‬so as to continuously improve the intervention methods and prevent recurrence of similar incidents‭. ‬In addition‭, ‬information security incidents have been divided into four severity levels‭, ‬and their response mechanisms and‭ ‬standard operating procedures are formulated respectively to speed up the recovery time of information system services‭.‬

Information Security Management and Protection

Software‭, ‬hardware and network protection and monitoring

WT has a dedicated information security mailbox to receive external information security notifications from customers‭, ‬suppliers‭, ‬Taiwan Computer Emergency Response Team‭ (‬TWCERT‭), ‬information equipment suppliers‭, ‬service providers‭, ‬etc‭. ‬A dedicated person‭ ‬is also appointed to collect‭, ‬analyze and keep record of information on important information security news‭, ‬vulnerability releases‭, ‬zero-day attacks‭, ‬etc‭. ‬and rate incidents for severity‭. ‬Incident severity levels have been internally defined‭. ‬The contact‭ ‬person in the information division keeps a record of incidents‭, ‬and‭, ‬in the case of a major information security incident‭, ‬immediately notify the Chief Information Security Officer‭. ‬The Information Security Department must eliminate and resolve the information security incident within the target processing time‭. ‬After the handling is completed‭, ‬the Department must conduct root cause analysis‭, ‬track and record the implementation of corrective measures‭, ‬verify their effectiveness‭, ‬and use Plan-Do-Check-Act‭ (‬PDCA‭) ‬for continuous improvement and recurrence prevention‭.‬

10‭ ‬tips to improve personal cybersecurity

System backup and information security incident management

Backup and recovery plan in case of malicious intrusion

WT has comprehensive network and computer-related information security protection measures in place‭. ‬Nevertheless‭, ‬no matter how‭ ‬perfect the protection measures are‭, ‬they cannot 100%‭ ‬guarantee that the Company’s core system is safe from black swan or gray‭ ‬rhino incidents‭. ‬Therefore‭, ‬our top priority is to increase the Company’s resilience and ensure the system can be quickly brought back to operation‭. ‬Therefore‭, ‬in addition to further investing in information security software and hardware‭, ‬we continue to strengthen our continuous operation capabilities‭, ‬so that the Company’s operations can be resumed in the shortest time in the event of an information security incident‭.‬

Information security capabilities was further improved to equip the Company with first-class operating capabilities

WT’s operation is based on continuous delivery capability‭. ‬WT is committed to providing products and services that meet confidentiality‭, ‬integrity and usability requirements‭. ‬In order to be a first-class enterprise in the sector‭, ‬we apply and introduce international information security frameworks‭, ‬and continuously strengthens the security control measures to ensure a high level of‭ ‬information security protection capabilities‭. ‬We therefore constantly evaluate the information security protection mechanism from point‭, ‬line and plane‭, ‬and develop different technical combinations to shorten the system recovery time‭. ‬In addition‭, ‬information security management system verification and red team exercises‭, ‬etc‭. ‬were introduced to review and upgrade the system with‭ ‬the assistance of independent organizations‭. ‬In 2022‭, ‬a number of external power outages happened unexpectedly‭. ‬As a precaution‭ ‬against unexpected power outages‭, ‬WT conducted a power supply abnormality exercise to ensure that emergency generators can be activated immediately and normal operation of the facilities and systems can be maintained‭. ‬After the exercise‭, ‬it was confirmed that the emergency response procedures were appropriate and all the facilities and systems were in normal operation‭.‬

 

By strengthening information security and employees‭’ ‬security awareness‭, ‬there were no sensitive information leakage or major information service interruption incidents‭, ‬nor financial losses caused to customers or suppliers in 2022‭.‬

Information security concerns of stakeholders were addressed

Through annual routine information security self-assessment questionnaires returned from our customers and suppliers‭, ‬information security management evaluations conducted by the competent authorities‭, ‬and inquiries raised on specific information security‭ ‬topics‭, ‬the questions and concerns we heard from the customers in 2022‭ ‬were mainly about the handling of major vulnerabilities‭, ‬security controls and measures‭, ‬ISO 27001‭ ‬certification‭, ‬information security management for sustainable operation‭, ‬etc‭. ‬The Information Security Department has answered all the questions to meet stakeholders‭’ ‬expectations and requirements‭.‬

Enhancement of information security protection capacity Becoming a Tier 1 operation

Posted on by janis_wu@bwnet.com.tw

Delivering products to customers on time is the basis of WT’s operations, and system downtime will result in delayed delivery or the inability to deliver products. WT expects to become an enterprise with first-class operational capability in the industry, and a high degree of information security capability is the cornerstone for providing quality services. Third-party organizations such as international certifications and red team assessment are used to assist in the review. With enhanced information security protection and employee security awareness, no sensitive information was leaked in 2021, and there were no significant information service disruptions that caused financial losses to customers or suppliers’ operations.

 

Setting up a dedicated department to strengthen information security management

Because of information security’s increasing importance and proliferation of cyber-attacks, WT will set up a dedicated information security department in 2022. With a dedicated manager and two dedicated staff to focus on information security incident investigation, system vulnerability disclosure, and the assessment and implementation of new information security architecture. In addition, WT will evaluate the implementation of ISO 27001 to reduce the threat and impact of information security incidents through formalized and systematic control and management.

 

WT has set up dedicated emails to receive cyber security notifications from external customers, suppliers, the Taiwan Computer Network Crisis Management and Coordination Center (TWCERT), and information technology equipment and service vendors. WT has dedicated personnel to regularly collect information on major information security news, vulnerability disclosure, zero-day attacks, etc., to analyze, record, and set event levels. Internally, we set event levels according to severity while the information department records them. In case of a major information security incident, the Chief Operating Officer shall be notified immediately.

 

The information technology department must remediate and fix information security incidents within the target processing time and find the root cause, track and records the remediation and verify the effectiveness, and follows the PDCA method for continuous improvement to prevent the recurrence of incidents. In addition, WT classified information security incidents into several levels of severity and defined the recovery mechanisms and standard operating procedures to speed up the recovery point objective.

Build safety awareness among staff

The pandemic has swept through the world, changing people’s lifestyles and work styles. Working from home and remote work has become the norm. This causes employees to be detached from the protection of the corporate intranet and becomes a potential breach of corporate information security.

 

Strengthening employees’ security awareness has become an important part of information security. In the second half of 2021, WT introduced security awareness training and planned a basic phishing course and a discovery phishing game course. In 2021, 4,198 training sessions were completed (100% completion rate). Through video presentation and interactive teaching, we have enhanced our staff’s knowledge and awareness of information security and integrated security awareness into their daily work through continuous social engineering practices.

 

Backup and recovery plan in case of malicious intrusion

The Group has established comprehensive information security protection mechanisms. However, it cannot guarantee complete prevention from third-party attacks to crash the critical corporate system. When a severe attack occurs, the system may not be operational, leading to operational interruptions due to the inability to ship orders or compensation for customer losses due to shipment delays. Therefore, rapid system recovery is of the utmost importance. Apart from keeping investments in information security devices and software, The Company continually strengthens the system recovery mechanism.

Introduction of the latest artificial intelligence NDR and EDR

Techniques for hack intrusions have been changing rapidly. In addition to exploiting the vulnerability and furthermore , hackers are using zero-day attacks to hack into systems before the patch. Hackers are also stealing employee accounts and passwords through phishing to gain direct access to the company’s system. Traditional pattern-matching protective measures no longer stop these numerous tactics.

WT introduced Network Detection Response (NDR) and Endpoint Detection Response (EDR) with an artificial intelligence machine learning mechanism in 2021. NDR performs front-line blocking and isolation when abnormal behavior deviation occurs on the network side. When the network side cannot identify and block in time and the threat enters the endpoint, the EDR mechanism blocks and isolates it again. Since there is no respite from network threats, we have also signed SOC/MDR services with third-party vendors to monitor information security threats 24/7.

Respond to customer’s information security concerns

WT assesses and responds to customers’ information security concerns through regular annual supplier self-assessment questionnaires or business communication. In 2021, the main issues concerning customers were the handling of major loopholes and whether they had passed ISO 27001 certification, all of which have been handled by the information department through self-assessment questionnaires or emails to meet clients’ needs.

WT’s Information Security Management Plan in 2022

Management level

We have implemented ISO 27001 to establish an internal organization for information security management operations, to continuously strengthen and improve our information security management mechanism, and to enhance our ability to respond to information security incidents and emergency response.

Technical aspects

We have gradually built a complete information security infrastructure to protect the information security framework of new technology types following the introduction of new information architecture (e.g., cloud application, AI artificial intelligence, and IoT Internet of Things).

Cognitive Training Level

We raise information security awareness among all employees, and have gradually extended this awareness to our suppliers. Through supplier education training and information security assessment, we help suppliers improve their information security capabilities and establish a protective network for the entire supply chain.