According to the Global Risks Report 2020 published by the World Economic Forum, cybersecurity will be one of the top risks threatening the world over the coming decade. To prepare against this hazard, the government has launched a financial cybersecurity action plan that will lay the groundwork for Taiwan's financial cybersecurity. This includes increasing cybersecurity monitoring by competent authorities, bolstering information security management by financial institutions, enhancing the resiliency of cybersecurity operations at financial institutions, and building collaborative defense capabilities. The four-year action plan will be rolled out in stages with the aim of boosting the cybersecurity defenses of Taiwan's financial sector and providing consumers with safe, convenient and uninterrupted service.
Highlights of the action plan
■ Foster a culture of cybersecurity at financial institutions: Financial institutions and internet-only banks of a certain scale should appoint a chief information security officer at the deputy general manager level. These institutions are also encouraged to select board members or consultants with information security backgrounds or establish cybersecurity advisory taskforces.
■ Enhance cyber defenses for new technologies: The action plan recommends that industry associations amend or expand self-governing guidelines to include cybersecurity risk evaluations for mobile apps, cloud services, open banking, open APIs (application programming interfaces) and electronic identification. This will allow financial institutions to use new technologies to provide innovative and secure services.
■ Provide systematic training for financial cybersecurity specialists: Efforts include offering financial cybersecurity training programs and working with tech companies to add more instructors and courses, as well as cultivating multidisciplinary professionals through industrial-academic and cross-sectoral collaboration. Financial cybersecurity specialists are also encouraged to obtain international certification or licenses.
■ Ramp up intelligence sharing and international cooperation: Aside from diversifying the sources of cybersecurity intelligence, the financial sector will introduce smart intelligence analysis methods, using artificial intelligence and big data analytics to improve efficiency and capabilities. The sector will also expand cooperation and exchanges with international cybersecurity organizations and join defenses against international hackers.
■ Establish a resource-sharing cybersecurity response mechanism: A sector-wide cybersecurity response mechanism will be established using shared resources from individual financial institutions, financial holding groups, industry associations and the Financial Information Sharing and Analysis Center (F-ISAC).
■ Create a collaborative system for monitoring financial cybersecurity operations: Financial institutions are urged to set up their own security operation centers (SOCs). The F-ISAC, with government guidance, is also forming a collaborative SOC and establishing standard operating procedures for cybersecurity monitoring.
■ Implement international standards: Financial institutions are urged to implement international cybersecurity management standards as well as international business continuity management standards. Attainment of certification related to these standards is also encouraged.
■ Assemble a recovery and response operation mechanism: The government will guide industry associations in establishing guidelines for operational resilience, including disaster response operations and demonstration of recovery capabilities. These guidelines will serve as reference for businesses to follow.