Cybersecurity
Cybersecurity
Management Approach:
Bora Pharmaceuticals is committed to enhancing the management cybersecurity. The company has established an Information Security Policy and an Cybersecurity Risk Management Framework, to serve as guiding principles for cybersecurity affairs. Additionally, Bora has implemented multiple cybersecurity systems and continuously optimizes its defense mechanisms. These measures include deploying next-generation firewalls, spam filtering systems, and data backup solutions to ensure the integrity and stability of its information assets.
Cybersecurity Management and Organizations
To ensure the implementation of cybersecurity, Bora Pharmaceuticals established the Information Security Policy in 2021. The relevant policies are regularly reviewed and updated in response to changes in cybersecurity risks to ensure continuous improvement and effectiveness. Additionally, the company actively participates in collaborative cybersecurity defense organizations, such as the Science Park Information Sharing and Analysis Center, the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC), and the Chief Information Security Officer (CISO) Association, to strengthen its collaborative cybersecurity capabilities.
Since January 31, 2023, Mr. Chia-Chu Chen, Vice President, has served as the Chief Information Security Officer (CISO), regularly reporting to the General Manager to enhance the overall cybersecurity management level of the Bora group. Daily cybersecurity operations are managed by the Global Cybersecurity Manager Mr. Lin-Chieh Ku, who leads the group’s cybersecurity department in executing various cybersecurity tasks. On November 13, 2024, the CISO presented a regular report on the status of cybersecurity to the Board of Directors.
Cybersecurity Management Measures
Bora Pharmaceuticals actively promotes dedicated management mechanisms in the areas of cybersecurity, technology applications, and information optimization. These efforts include establishing a cybersecurity department, optimizing system infrastructure, enhancing data utilization, and conducting regular trainings and drills. These initiatives comprehensively strengthen cybersecurity defenses and operational stability, reflecting the company’s commitment to sustainable development.
|
Strategy |
Mechanism |
Plan |
|
Cybersecurity |
1. Establish a cybersecurity department. 2. Develop an information security policy. 3. Strengthen existing information and communication system security. |
1. Hire dedicated cybersecurity managers and team members to conduct various security tasks. 2. Regularly review and revise Bora’s information security policies. 3. Assess and gradually optimize existing information and communication systems. |
|
Technology Application |
1. Strengthen information and communication systems. 2. Collect internal and external data. 3. Perform data analysis and response. |
1. Evaluate and upgrade email protection continuously. 2. Enhance endpoint defense capabilities. 3. Monitor and prevent network anomalies. 4. Integrate existing security tools to improve monitoring efficiency. |
|
Information Optimization |
1. Continuously enhance overall cybersecurity awareness. 2. Gradually strengthen information security defense and protection systems. 3. Conduct backup and disaster recovery drills for critical systems and data. |
1. Regularly send cybersecurity newsletters; a total of 25 letters were released in 2024. 2. Execute vulnerability management for information and communication systems. 3. Conduct cybersecurity awareness training for new employees. 4. Perform regular social engineering drills to enhance employee information security awareness. |
Cybersecurity Implementation Status
A. Cybersecurity Education and Implementation Report
To enhance the security awareness of all employees, Bora Pharmaceuticals continued to implement various cybersecurity measures and training activities throughout 2024. A total of 22,000 participants completed various security awareness training sessions, amounting to 3,854 hours. Additionally, the Group Cybersecurity Department produced bilingual (Chinese and English) information security training videos, which have been integrated into the onboarding process for new employees, ensuring that every employee possesses basic security awareness from the start of their employment.
B. Key Progress in Cybersecurity Implementation
- Endpoint Protection Upgrade: Upgraded endpoint protection systems at nine sites across Taiwan, enhancing detection and defense capabilities against malware and malicious attacks. This effectively reduced the risk of cyberattacks and data breaches.
- Email Protection: Upgraded the internal and external email protection systems across the entire group to address phishing and various email threats. This upgrade successfully blocked a large volume of malicious emails, significantly improving email security.
- Multi-Factor Authentication (MFA): Fully implemented the multi-factor authentication mechanism, strengthening the reliability of employee identity verification and effectively preventing hackers from accessing company systems through stolen credentials.
- Acceptable Use Policy: The Group Cybersecurity Department created and issued the “Acceptable Use Policy” at the beginning of 2024 and introduced the “AI Acceptable Use Policy” by year-end to address potential risks associated with emerging technologies.
C. Security Awareness Education and Training
In addition to regular internal training, several specialized trainings were held this year:
- New Employee Training: Integrated basic information security courses in both Chinese and English into the onboarding program for new employees.
- Social Engineering Prevention Courses: Conducted educational sessions for all employees to enhance their ability to recognize phishing attacks and other social engineering tactics.
- Advanced Professional Training: Provided in-depth cybersecurity technical training for IT department personnel to ensure key technical staff are equipped to handle the latest security threats.