Information Security

Enhancement of information security protection capacity
Becoming a Tier 1 operation

Delivering products to customers on time is the basis of WT’s operations, and system downtime will result in delayed delivery or the inability to deliver products. WT expects to become an enterprise with first-class operational capability in the industry, and a high degree of information security capability is the cornerstone for providing quality services. Third-party organizations such as international certifications and red team assessment are used to assist in the review. With enhanced information security protection and employee security awareness, no sensitive information was leaked in 2021, and there were no significant information service disruptions that caused financial losses to customers or suppliers’ operations.

Setting up a dedicated department to strengthen information security management

Because of information security’s increasing importance and proliferation of cyber-attacks, WT will set up a dedicated information security department in 2022. With a dedicated manager and two dedicated staff to focus on information security incident investigation, system vulnerability disclosure, and the assessment and implementation of new information security architecture. In addition, WT will evaluate the implementation of ISO 27001 to reduce the threat and impact of information security incidents through formalized and systematic control and management.

WT has set up dedicated emails to receive cyber security notifications from external customers, suppliers, the Taiwan Computer Network Crisis Management and Coordination Center (TWCERT), and information technology equipment and service vendors. WT has dedicated personnel to regularly collect information on major information security news, vulnerability disclosure, zero-day attacks, etc., to analyze, record, and set event levels. Internally, we set event levels according to severity while the information department records them. In case of a major information security incident, the Chief Operating Officer shall be notified immediately.

The information technology department must remediate and fix information security incidents within the target processing time and find the root cause, track and records the remediation and verify the effectiveness, and follows the PDCA method for continuous improvement to prevent the recurrence of incidents. In addition, WT classified information security incidents into several levels of severity and defined the recovery mechanisms and standard operating procedures to speed up the recovery point objective.

Build safety awareness among staff

The pandemic has swept through the world, changing people’s lifestyles and work styles. Working from home and remote work has become the norm. This causes employees to be detached from the protection of the corporate intranet and becomes a potential breach of corporate information security.

Strengthening employees’ security awareness has become an important part of information security. In the second half of 2021, WT introduced security awareness training and planned a basic phishing course and a discovery phishing game course. In 2021, 4,198 training sessions were completed (100% completion rate). Through video presentation and interactive teaching, we have enhanced our staff’s knowledge and awareness of information security and integrated security awareness into their daily work through continuous social engineering practices.

Backup and recovery plan in case of malicious intrusion

The Group has established comprehensive information security protection mechanisms. However, it cannot guarantee complete prevention from third-party attacks to crash the critical corporate system. When a severe attack occurs, the system may not be operational, leading to operational interruptions due to the inability to ship orders or compensation for customer losses due to shipment delays. Therefore, rapid system recovery is of the utmost importance. Apart from keeping investments in information security devices and software, The Company continually strengthens the system recovery mechanism.

Introduction of the latest artificial intelligence NDR and EDR

Techniques for hack intrusions have been changing rapidly. In addition to exploiting the vulnerability and furthermore , hackers are using zero-day attacks to hack into systems before the patch. Hackers are also stealing employee accounts and passwords through phishing to gain direct access to the company’s system. Traditional pattern-matching protective measures no longer stop these numerous tactics.

WT introduced Network Detection Response (NDR) and Endpoint Detection Response (EDR) with an artificial intelligence machine learning mechanism in 2021. NDR performs front-line blocking and isolation when abnormal behavior deviation occurs on the network side. When the network side cannot identify and block in time and the threat enters the endpoint, the EDR mechanism blocks and isolates it again. Since there is no respite from network threats, we have also signed SOC/MDR services with third-party vendors to monitor information security threats 24/7.

Respond to customer’s information security concerns

WT assesses and responds to customers’ information security concerns through regular annual supplier self-assessment questionnaires or business communication. In 2021, the main issues concerning customers were the handling of major loopholes and whether they had passed ISO 27001 certification, all of which have been handled by the information department through self-assessment questionnaires or emails to meet clients’ needs.

WT’s Information Security Management Plan in 2022

Management level

We have implemented ISO 27001 to establish an internal organization for information security management operations, to continuously strengthen and improve our information security management mechanism, and to enhance our ability to respond to information security incidents and emergency response.

Technical aspects

We have gradually built a complete information security infrastructure to protect the information security framework of new technology types following the introduction of new information architecture (e.g., cloud application, AI artificial intelligence, and IoT Internet of Things).

Cognitive Training Level

We raise information security awareness among all employees, and have gradually extended this awareness to our suppliers. Through supplier education training and information security assessment, we help suppliers improve their information security capabilities and establish a protective network for the entire supply chain.

MORE MUST-READS

Health management

Regular health check-ups and exercise encouragement Enhancing our staff’s overall resistance to the pandemic WT provides annual physicals for employees that are superior to standard ones, and plans diversified support programs. In addition to legal items, employees can also customize the contents of their physicals. After the physical, professional teams will analyze the reports and follow up on any abnormalities. In addition, WT has also set up a full-time healthcare manager to assist colleagues with

Read more »

Employee Relations

Awarded Taiwan iSports Certification Bringing each other closer through group activities WT encourages staff to set up and participate in various clubs, which can not only provide physical and mental stimulation in various ways but also cultivate interest outside work. In particular, various activities and competitions are held by sports clubs every year to promote exchanges among staff members on the one hand, and participate in various competitions externally on the other, which can also

Read more »

Energy management

Save Energy with Green Purchasing In 2021, WT’s total energy consumption is 8,168.08 GJ, of which the most important energy source is non-renewable electricity purchased from power companies, with electricity consumption accounting for 91.18% of the total consumption, while the rest is fuel used in ccompany work vehicles. In the future, depending on the overall energy policy and climate change issues, proper planning and setting will be made to target the use of renewable energy.

Read more »

Green Design

Consistent Green Thinking Promote low-loss,high-performance semiconductor components Product design should not only be concerned with the cost, function and quality of the product, but also the potential impact of the product on the environment. We prioritize the selection of parts and components that can improve energy efficiency and do not use harmful substances to achieve energy efficiency, carbon reduction and green requirements.Semiconductor components are an important part of electronic products. In line with the green

Read more »

ABOUT

Governance

Social

Environmental

Scroll to Top