November 2019 marked the first-ever joint US-Taiwan cybersecurity exercise. Taiwan has been seeking closer security ties with the US for several years, as it’s subjected to constant cyber-attack and is perhaps the most-targeted country in the region.
“Taiwan is uniquely positioned to assist the international community in protecting itself from cyber theft,” noted a 2015 paper from the US Center for Strategic and International Studies. The paper suggested that Taiwanese involvement could benefit cybersecurity exercise – and four years later, it has joined the Cyber Offensive and Defensive Exercises.
Since 2013 these exercises have involved participants from around the Asia-Pacific region and beyond. This year’s edition included Australia, the Czech Republic, Japan, Malaysia, Taiwan and the US.
Governance is critical
Good board governance should encompass cybersecurity – leaving it only to the IT team, or to the relevant C-suite officers (CIO, CSO, CISO, CRO et al.) runs the risk that, while security systems will be improved, they won’t be fully aligned with the organisation’s strategic goals and plans.
Boards should include directors with at least enough expertise to be able to understand and interpret what their experts are telling them. They must be confident enough to make demands, set requirements and be able to share their insights with the board.
Training and updates are vital, and it’s critical that board members clearly understand the danger of cyber risks – as Taiwan’s example demonstrates.
Red versus blue
The five-day event saw ‘red teams’ of Taiwanese and foreign hackers launching simulated attacks on Taiwanese infrastructure, including government, banks and other financial institutions. A ‘blue team’ of Taiwanese cybersecurity experts attempted to detect and defeat the attacks.
Taiwan’s inclusion marked a ‘new frontier’ in security cooperation between the island nation and the US, according to Raymond Greene, Deputy Director of the American Institute in Taiwan (AIT). Taiwanese authorities have worked closely with the AIT to bring their nation into the US Department of Homeland Security’s Automated Indicator Sharing system.
Cybersecurity is national security
There can be no doubt that cybersecurity represents a ‘new frontier’ in warfare, espionage and corporate espionage.
With Taiwan experiencing up to 30 million attacks every month, and with the nature of warfare changing, Greene asserted that ‘the biggest threats today would no longer be troops landing on beaches, but efforts by “malign actors” to use the openness of societies and networks to attack industries, democratic institutions and the integrity of critical infrastructure’.
Taiwan’s contested relationship with China certainly makes it more likely to suffer attacks, but that doesn’t mean the rest of the region can rest on its laurels. In fact, Asia-Pacific businesses are 80 per cent more likely to be attacked that businesses in other regions.
Partly this is due to a lack of transparency; low ‘cyber awareness’ and weak regulation and enforcement also contribute.
Modern Governance is the key
‘Modern Governance’ as the best corporate governance framework for addressing cyber risks. By deploying a unified technology platform to manage and secure all aspects of board activities, the organisation is protected from attack. It’s also given the tools needed to govern cybersecurity, measure its effectiveness and use analytics to generate risk assessments and other business intelligence to assist the organisation in its strategic planning.
Secure messaging, collaboration, voting, board papers, minutes, skills matrices and other capabilities can be made available online and accessible through mobile devices. Board members can be kept up to date with any crises or emerging situations and contribute in real-time to their solutions.
Defending the region
Taiwan’s involvement in the exercises marks a new stage in regional thinking about cybersecurity. At the Indo-Pacific Business Forum, the US State Department launches its report A Free and Open Indo-Pacific: Advancing a Shared Vision.
“We coordinated with link-minded partners such as Australia, Japan, the Republic of Korea, New Zealand, Singapore and Taiwan to support this objective,” the report says. It notes various initiatives to encourage policymakers in the region to take a risk-based approach to technology acquisitions and to come together to discuss cybersecurity, the digital economy and media disinformation.
It’s a lofty goal at the state level, but one what will necessarily be implemented at the organisational level. Deploying a Modern Governance system is the best way for your company to make sure it’s a responsible actor.
Board Portal Buyer’s Guide
With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.
April 20, 2021
The Soaring Risks of Financial Services Cybercrime: By the Numbers
Financial services cyber-security must be a top priority for leaders. After all, while no industry has been immune to the increasing threat of cybercrime, financial institutions are particularly and perniciously vulnerable. According to one report, financial services firms are 300 times as likely as other companies to be targeted by…
November 30, 2020
Experts agree: Governance is the best crisis strategy
Your best defence against a crisis is good governance. Whether it’s a global pandemic, a change in senior management or the complexities of running an international organisation, governance provides ‘handrails’ to keep your organisation upright and on-track. This consensus was the unanimous conclusion of the speakers at a recent Diligent…
October 30, 2020
Top 5 Mistakes to Avoid When Transitioning to Virtual Board Governance
With rapid change affecting businesses (including growing emphasis on environmental, social and governance (ESG) principles and the COVID-19 pandemic), it seems organisations are called on to be more: more informed, more collaborative and more responsive to stakeholders. The systems and processes that businesses need now are encapsulated in the concept of modern…