Intensification of Information Security | ACER ESG

Intensification of Information Security

Intensification of Information Security

Home
ESG Governance
Information Security and Privacy Protection
Intensification of Information Security

Corporate information security management strategy and framework

 

 

 

Management of Information Security Effectiveness

 

The company continues to address information security risks by conducting third-party assessments and implementing necessary corrections to ensure compliance with industry standards for information security protection mechanisms.

 

 

  • The industry average is represented by the blue curve, with a score of approximately 82, indicating a maturity level of B.
  •  Acer, represented by the black curve, has consistently shown an upward trend, except for the cybersecurity incident in the first quarter. Since June 2023, Acer has consistently outperformed the industry average, with a
    score of 90 and a maturity rating of A.

 

Investments in the cyber security management

Performance of Information Security Implementation in 2023:

01 | Policy

Headquarters Adds/Revises 49 ISMS Information Security Management Directions and Regulations

 

Headquarters Adds/Revises 5 CSF Information Security Regulations

02 | Certification

  • The headquarters successfully completed the initial verification of ISO/IEC 27001:2013 in 2019
  • The headquarters successfully completed the reverification     
    of ISO/IEC 27001:2013 in 2022
  • Headquarters was re-certified for ISO/IEC 27001:2013 in     
    2023
  • EMEA IT completed the initial verification for ISO/IEC     
    27001:2013 in 2023

03 | Promotion

1 promotional     
short film

Produce a promotional video and conduct 20 informational seminars to convey essential regulations     
and precautions regarding information security

437 persons

A total of 437 new employees completed the information security briefing during the new employee orientation

10 Announcement

A total of 10 Information Security announcements     
were made to convey important regulations and precautions regarding information security

04 | Risk Control

5,642 persons

5,642 employees have completed the annual online information security education and   training course

2 social engineering drills

Conducted 2 email social engineering drills, involving over 6,000 participants

6 penetration tests

Conducted 6 penetration tests, examining more     
than 90 targets 

 
2 web vulnerability scans

Conducted 2 web vulnerability scans, checking a total of 283 websites

4 OS vulnerability scans

Conducted 4 OS vulnerability scans, examining over     
10,000 vulnerabilities

Cyber Security Risks and Response Measures

Acer has established comprehensive information security protection measures for our network and computers, but this cannot guarantee that the computer systems that support our business operation will be completely free from cyber attacks that could cause the loss of important Acer data. Malicious hackers or cyber attacks motivated by geopolitics may introduce viruses, destructive software, or ransomware to the Company’s network systems, interfering with Acer’s operations.

Acer has faced an attack from ransomware from a member of our staff accidentally clicking on a phishing mail, and we may face similar attacks in the future. To prevent damage from such attacks, Acer implements related corrective actions and continually works to optimize our practices. For instance, we have reduced the chances for phishing emails to make it to inboxes; strengthened firewall controls and Internet access to prevent malware from expanding to other zones; implemented multi-layer management of privileged accounts to prevent them from being hacked; introduced leading solutions for compliance auditing; imported new techniques to detect and handle malware; and routinely executed vulnerability scans & fixes and test staff awareness.

The future focus of our information security

No leakage of customers’ data.

With multi-layer protection, hackers cannot access customer data even if Acer is under attack from ransomware.

Enhance the comprehensive information security and monitoring mechanism

In doing so, we can make cyber attacks more difficult and thus lower the inclination of hackers to attempt them. Acer deploys endpoint detection and responsive software to ensure the visibility of any abnormal behaviors.

Segregate internal systems

Adopt a zero trust framework in the data centers of both regional offices and headquarters and enhance business continuity drills for information systems, mitigating the impact of attacks and enabling systems to recover within a tolerable time.