-
By Shelley Shan / Staff Reporter
The nation’s government agencies reported 726 cybersecurity incidents last year, of which nearly 69 percent were unauthorized intrusion cases, Administration for Cybersecurity data showed.
In accordance with the Regulations Governing the Reporting and Response of Cybersecurity Incidents and Exercises (資通安全事件通報應變及演練辦法), government agencies classify reportable cybersecurity incidents into levels 1 through 4, from least to most severe, based on the severity of the incident’s impact on confidentiality, integrity and availability.
Last year, 726 cybersecurity incidents were reported by government agencies, down from 755 in 2024, administration data showed.
Photo: Reuters
Among the incidents, 87.33 percent were level 1 cases, 9.78 percent were level 2 cases and 2.89 percent were level 3 cases.
No level 4 cases were reported.
Regarding the types of cybersecurity incidents, 68.6 percent were unauthorized intrusion cases, followed by equipment malfunctions (15.43 percent), service disruptions (4.96 percent) and Web page attacks (2.48 percent), the data showed.
The administration also identified the major cybersecurity threats faced by government agencies.
First, backdoor programs could be installed on newly acquired government computers if users download maliciously spoofed messaging applications.
Second, blackmailers could gain unauthorized access to the mainframe and avoid detection by using a “bring-your-own-driver” technique to disable security protections.
Third, system maintenance contractors could install remote access software on the Web server, allowing attackers to gain access to the agency’s Web site through a brute-force password attack.
Fourth, vulnerabilities or configuration risks in network edge devices could result in malicious connection activities.
To counter these threats, government agencies should require approval for all software, hardware and application installations, the administration said, adding that they should regularly conduct vulnerability scans and patch any found, deploy Web application firewalls, and maintain updated endpoint protection and threat detection mechanisms.
The administration also urged government bodies to improve supplier security management — including access control, data protection, vulnerability management and incident reporting — while conducting regular cybersecurity audits and compliance checks.
Government agencies could also adopt a whitelist for external connections, blocking unnecessary ports, and regularly updating and verifying network edge device firmware to ensure timely patching of vulnerabilities, the administration said.
Agencies should deploy e-mail filtering and sandboxing systems to block malicious attachments and links, while restricting cloud-sharing permissions and scanning uploaded files and cloud links for threats, the administration added.
They must also maintain backups for their data, ensure they have redundancy and recovery capabilities, and regularly conduct Business Continuity Plan drills to ensure rapid switchover to backup systems during emergencies, it said.
The Ministry of Digital Affairs is promoting encrypted distributed backups for critical public infrastructure systems across multiple public cloud environments to reduce single-point failure risks and enhance resilience, the administration said.
