Cathay Financial Holdings launched Phase One of its cloud migration project in 2021, achieving cloud readiness across four areas: infrastructure, applications, organization together with management and governance. Starting with the bank, we subsequently extended the project to our subsidiaries, including life insurance, property insurance and securities. In 2022, we initiated Phase Two of the large-scale cloud migration by using the Cathay 6R methodology to break through the challenges of migrating hundreds of systems across our subsidiaries. As the third year of our cloud transformation journey in 2023, we will share how we conquer challenges and difficulties in various aspects such as People, Process, Technology (PPT), information security and Legal & Compliance.

A cybersecurity incident faces a dilemma of an appropriate investigation. Private investigators (incident responders) may work differently on various matters, whereas public investigators (law enforcement agents) are only concerned with public safety and criminal law. Although they sometimes work together, their duties and processes differ. Practitioners have a broader view of incident response. The talk will enhance information security capacity from the following benefits: (1) Early detection and repair of potential risks, (2) Deploy information security protection software against potential threats, (3) Continuous monitoring of vulnerabilities and threats, and (4) Quickly determine the scope of damage and respond.

In traditional cybersecurity defense, firewalls are used on first line of defense, and constructed a multi-layered network environment to delay an attacking with defense in depth.

In the zero trust framework of "never trust, always verify," how the financial industry construct an ZTA environment that effectively identities network ID, restricts network access, monitors suspicious behavior, prevents spread and propagation, and strengthens information security?

We have observed an increasing trend of Chinese attackers targeting the financial industry in Taiwan, which poses a significant threat due to the massive financial flow involved. This talk will continue from last year's Operation Cache Panda attack and focus on recent APT intrusion events targeting the financial industry. In one event, the hackers infiltrated the target's internal network by infecting the service provider system and implanting a Bifrose backdoor. In another event, the hackers attacked an exposed testing server on the external network and implanted a .NET webshell. We also observed that these incidents are closely related to supply chain security. In today's complex environment, it is especially important to clarify these implicit trust issues. Therefore, we will use the Zero Trust Architecture to review these attacks, explore why they happened, and how to use Zero Trust Architecture to enhance security and strengthen supply chain security. Ultimately, we hope to use this talk to help the audience understand the APT attack process and the weapons used by attackers and improve awareness of supply chain security.