Phishing emails are the starting point for hackers' attacks. We will focus on discussing the application of generative AI and digital transformation technologies. Through actual case studies, we will explore seven optimizable points in traditional phishing email drills :

1. We will demonstrate how to utilize cybersecurity intelligence and public information to identify high-risk email users within an enterprise.
2. Generative AI combined with human resource systems and public data will generate personalized email templates.
3. We will demonstrate a hybrid platform architecture that can unify drills and adapt to the needs of different departments.
4. Risk-driven drill plans will be formed based on customized risk assessment indicators.
5. Generative AI will be used for timely, personalized cybersecurity awareness promotion.
6. Through personal risk profile design, combined with phishing email drills and employee information asset management, we will promote the improvement of employee cybersecurity awareness.
7. We will share our understanding of high-quality drills and the checkpoints.

Through this presentation, the audience can expect to learn how to apply generative AI and digital transformation technologies to enhance employee cybersecurity awareness and prevent social engineering attacks, thereby building a more resilient enterprise-wide cybersecurity awareness defense line to effectively address the growing cybersecurity threats.

Facing the government’s cybersecurity policies and the world’s cybersecurity trends, how to pragmatically introduce cybersecurity protection, not only the response strategy of legal compliance, but more is the sharing of practical experience. Whether in management, strategy, or technology, how should we plan and promote? How to coordinate and solve when encountering difficulties? The content of the speech not only provides a reference for cybersecurity workers from the perspective of Party A, but also the related procurement thinking is suitable for Party B’s evaluation, allowing the team to understand the key points and difficulties of introducing various products, and creating a win-win future through the narration of practice and experience sharing. It will also explain the actual cases of auditing public agencies and teaching cybersecurity professional courses, so that all walks of life can understand the actual focus and promotion of information security.

Due to the rise of the technology industry in Taiwan and the government's promotion of related digital transformation, it has been ongoing for many years. However, in statistics, the number of information security attacks suffered by Taiwan still ranks first in the Asia-Pacific region, among which DDoS is the most common, followed by ransomware, vulnerability intrusions, and botnets.

Starting this year, the targets of hacker attacks have gradually shifted to manufacturing and traditional industries. We should be vigilant. I often emphasize that information security matters.

Many incidents are caused by people. Almost 90% of information security incidents are caused by "people." But how do we protect information security? I believe this is a pain point for many manufacturing and traditional industries.

If information security incidents occur in banks, will traditional industries and manufacturing industries have to face the growing number of network information security incidents more cautiously?

This agenda will take the CISO's annual cybersecurity governance report to the board of directors as an example, focusing on key points closely related to the company's operations, such as cybersecurity strategy, quantitative results, compliance status, and future blueprints, so that the board of directors can clearly grasp the context and value of cybersecurity work and provide support and resource allocation.

Content Summary :

1. Security Management Architecture : Establish an overall architecture covering governance, risk, and compliance to lay a solid foundation for cybersecurity management.
2. Security Management Strategy : Develop strategies around confidentiality, integrity, and availability, and strengthen personnel as a security defense line through awareness enhancement and violation management.
3. Security Maturity Evolution : Review maturity through cybersecurity drills, learn from industry benchmarks, and continuously improve detection, response, and prevention capabilities.
4. Security Measures Implementation Results : Control risks from the source; establish intelligence-driven monitoring and response mechanisms to quickly detect and respond to threats.
5. Future Security Focus Points : Gain insight into the cybersecurity challenges of emerging technologies such as AI, and develop response guidelines and directives with agile thinking.