TAIPEI (Taiwan News) — Taiwanese businesses have significant room for improvement when it comes to addressing the “severe” cyber security challenges they are facing, according to an industry report.
Cybersecurity firm Palo Alto Networks released a report on Tuesday (July 4) that showed of over 100 Taiwanese businesses surveyed, over 60% take a week or longer to respond to cybersecurity incidents, and only 20% responded within one day. In addition, 40% of companies discussed cybersecurity at the board level only once or twice per year, and only 23% discussed it monthly.
Despite that, the report found that 75% of businesses are increasing their annual cybersecurity budgets, which Palo Alto's Taiwan country manager James Yu (尤惠生) said showed awareness of cybersecurity was growing.
“Leaders need to see cybersecurity as a business driver that brings value and embrace the cloud for speed and scale,” Yu said.
The report also identified the relatively low levels of confidence that businesses have in their staff to adequately address cyber security challenges, with just under half of respondents saying they felt their staff capabilities in this area were strong or very strong. Just over 60% of businesses said they have strong or very strong levels of confidence in their processes and technology when it came to combating cybersecurity threats.
Palo Alto’s Head of Systems Engineering Nicholas Hsiao (蕭松瀛) said that hackers are increasing their use of AI, and attacks on cyber infrastructure are increasingly being automated. However, 63% of respondents said they believed the AI chatbot ChatGPT will have a positive impact on their customer service processes and content creation, despite only 52% of the same respondents reporting they were familiar with ChatGPT and its capabilities.
The report found that businesses are increasing their use of automated security processes, though this was mostly limited to large businesses.
James Yu, Country Manager of Palo Alto Networks Taiwan, and Nicholas Hsiao, Head of Systems Engineering. (Palo Alto Networks photo)
Two major online retailers operating in the Taiwan market were fined between NT$100,000 (US$3,215) and NT$200,000 in May for failing to protect their customers’ personal data. When asked about using fines to punish companies for cyber security breaches, Hsiao said that despite the financial penalty being quite low, there would be other consequences.
“It’s not as if after you pay the fine the whole thing is behind you, companies will be aware of the impact this has on their trust, and this will last for a while,” Hsiao said.
According to Hsiao, Taiwanese businesses are most concerned about ransomware attacks that target the tech infrastructure of a business and disable it, only restoring it once a fee is paid. Meanwhile, 67% of respondents indicated they were concerned about malware attacks (that include ransomware) generally, and 57% said they were concerned about ransomware attacks specifically.
As recently as four days ago, Taiwan’s world leading chip production company TSMC experienced a cybersecurity threat from a ransomware attack demanding US$70 million, per Tech Radar. A TSMC spokesperson said on Monday (July 3) that it was not the company itself, but one of its suppliers who had fallen victim to the attack, and that no customer data had been breached.
Yu recommended that businesses adopt a “zero trust architecture” when it comes to cyber security. “Zero trust is an approach to security of consistent verification of every person and device connected to a secure network,” Palo Alto’s Asia Pacific President Simon Green said when describing the model last December.
“This contrasts with older models of business security, which may have just required swiping an ID card, or logging in once to a computer and saving one’s log-in info,” Green said.