Taiwan Suffered 5th Most Ransomware Attacks in Asia 微軟:台灣去年遭勒索軟體攻擊 居亞太第5

A Microsoft report shows that Taiwan ranked fifth in the Asia-Pacific region in terms of the number of ransomware attacks. Taiwan has a cyber security management act, but it only covers public agencies. Experts say the act needs to be amended to cover the private sector.

A Microsoft report shows that Taiwan ranked fifth in the Asia-Pacific region in 2021 in terms of the number of ransomware attacks. In recent years, large-scale cyberattacks have paralyzed businesses and resulted in data breaches. Both companies and individuals have been targeted. Legislators and experts implored the government to pay more attention to information security, as it's a national security issue.

Kao Hung-an, Legislator (TPP): “The frequency of ransomware attacks is actually much higher than general malware attacks. We've already progressed from simple indiscriminate attacks to very targeted attacks, including vertical and horizontal attacks that target key installations.”

Li Po-i, Director, Network & Cyber Security Div., NCHC: “We need to regularly assess and actively adjust our information security protection strategy and equipment use based on the current situation. We also need to have an information security team that participates in the entire process of information transformation to reduce overall risks.”

Digital transformations are changing the way organizations operate and creating greater value. However, they also increase the risk of cyberattacks. Public agencies and companies are finding it hard to defend against the newest types of cyberattacks. Taiwan does have the Cyber Security Management Act, but it only applies to public agencies. Experts say there's an urgent need to amend the act to include the private sector.

Tu Jui-shen, Chair, Taiwan Information Security Association: “The financial sector has already implemented information security measures for cloud services. Only the financial sector is doing this.”

Li Tsung-huan, Section Director, Dept. of Cyber Security, Executive Yuan: “Our Ministry of Digital Affairs will soon be set up, and there will be an information security agency under it. Related information security laws will be amended accordingly.”

An information security agency under the Ministry of Digital Affairs will become the competent authority for information security. The Cyber Security Management Act is expected to be amended, and a risk assessment mechanism for information assets is expected to be established. Experts say Taiwan needs to keep up with the times. It should promote information security insurance and help companies to protect themselves.

資訊科技蓬勃發展卻也引起資安危機，根據微軟公司報告指出，台灣去年遭勒索軟體攻擊，位居亞太地區第5名，加上近年大型網路攻擊癱瘓企業，導致客戶機敏資料外流，顯示出現資安危機。不只企業，民眾更成為最大受害者，面對數位轉型時代，立委跟學專家齊聲呼籲政府重視資安即國安。

民眾黨立委高虹安表示：「勒索軟體這個攻擊，它其實遠大於一般這種惡意的程式，那甚至現在我們已經從早期，就是單純無差別攻擊、隨機攻擊這一類，已經轉成是非常具有目標性，而且是那種合縱連橫式的關鍵設施目標攻擊。」

國家高速網路與計算中心網路與資安組長李柏毅指出：「必須要定期的評估，並依據現況動態調整我們的資安防護策略，還有設備部署，在資訊轉型的過程中，我們必須安排資安團隊能夠去參與整個過程，來去降低整個風險。」

數位轉型改變組織營運，創造更多價值，但也增加遭受網路攻擊的範圍。尤其，駭客的新型態攻擊手法，讓公部門、企業防不勝防。雖然我國有《資通安全管理法》，但只限縮涵蓋公務機關，專家認為有修法的急迫性，盡速擴及民間。

台灣資訊安全協會理事長涂睿珅表示：「金融單位已經開始，在對雲端提供的服務業者做集合，這個是只有金融單位在做。」

行政院資通安全處科長李宗寰則回應：「我們數位發展部即將要成立，那下面會有資通安全署，那相關資安法的程序也會做相關適應的修法。」

至於數位發展部資通安全署，將成為我國資安主管機關，會如何針對資通安全管理法進行修法，以及建立資訊資產風險評鑑機制，都是外界關注焦點。專家也建議，台灣該與時俱進，推動資安保險，協助企業獲保障。