Looking at the Trend of Enterprise Asset Security from the Taiwan Asset Security Conference

        The annual Zi'an event "CYBERSEC 2023 Taiwan Zi'an Conference" began its three-day exhibition on May 9, 2023. Since its debut in 2015, it has gradually become the focus of attention from all walks of life. The number of participants has surged from 2700 to 18000 this year, indicating the increasing importance of asset security issues. In particular, global enterprises are facing digital transformation, and the asset security risks associated with recent popular technologies such as artificial intelligence, Cloud Computing, and Internet of Things (IoT) cannot be underestimated. How to protect core information and information transmission has become an important issue for enterprises.

                The theme of this year's Capital Security Conference is' Bring Security To ', which not only brings Security to Taiwan, but also to the World. Since the pandemic began sweeping the world in 2020, remote office has accelerated the pace of digitization. In 2022, after the Russo Ukrainian War, in addition to physical warfare, it has also launched attacks and defenses online. From the individual and enterprise levels to the national level, the risks of asset security are ubiquitous. According to the data from Cybersecurity Ventures, an international security research organization, cybercrime will absorb USD8 trillion in the world in 2023. If the annual GDP of the United States in 2023 is estimated to be about USD25.5 trillion, the total amount of fraud will almost become the third largest economy in the world, second only to the United States and Chinese Mainland; It is estimated that by 2025, the total amount of fraud will reach as high as USD10.5 trillion. Especially after the birth of generative AI, online fraud is bound to become increasingly rampant. Previously, only people with programming skills were able to become hackers, but generative AI not only allowed hackers who previously knew the program to improve their attack efficiency faster, but also allowed those who did not know the program to obtain more attack techniques based on the content of the input generative AI. For example, using the document creation ability of generative AI to quickly generate phishing emails, or using AI voice generators to impersonate the voice of senior executives in the company and request colleagues to make remittances. It is worth worrying that the development threshold for malicious attack programs is also lowered due to the powerful programming language capabilities of generative AI, and the security threats that enterprises will face in the future will become increasingly normalized.

        In the face of the coming capital security crisis, Taiwan actually began to gradually promote the capital security management system and construct the capital security management system as early as 2001, and issued the "Capital Security Management Law" in 2018, targeting eight key infrastructures such as energy, water resources, communication, transportation, finance, emergency medical care, central and local government agencies, and high-tech parks to formulate capital security protection plans; The Financial Supervisory Commission also revised the "Guidelines for Establishing Internal Control Systems for Public Companies" at the end of 2021, stipulating that public companies should allocate appropriate manpower and equipment to plan, monitor, and execute information security management operations for their asset security systems. Depending on the company's size and financial situation, it is required to establish asset security officers and dedicated personnel for asset security, At the same time, the Stock Exchange and the OTC Trading Center are requested to issue the "Guidelines for the Security Management of Capital Communications of Listed and OTC Companies" to strengthen the security management measures of capital communications. I hope to use this to enhance the vigilance of enterprises in asset security, strengthen asset security energy, reduce asset security risks, and assist enterprises in accelerating the promotion of asset security governance.

        According to the prediction of Gartner, an international research organization, in 2023, the cost of global enterprises' capital security protection will be far less than 2% of the amount of online crime fraud, and the Return on investment of capital security will also be difficult to quantify. However, if enterprises do not take active measures to protect, hacker attacks will only become increasingly serious. Therefore, in order to encourage enterprises to invest in asset security protection, the government has added a 3-year tax credit for asset security investment in 2022. All hardware, software, technology, or services related to asset security, as long as they exceed NTD 1 million to 1 billion, can enjoy a 3-5% tax credit. This aims to promote the implementation of asset security governance and protection by enterprises through incentive measures, which also corresponds to the main axis of this year's asset security conference, "Bring Security to Everywhere", Bringing Zi'an into every corner of enterprise operation, strengthening enterprise resilience, and implementing sustainable management.

        Image source: Freepik

        #