GC One Report 2023 [EN]

Risk Factor Key Risk Management Measures Cyber Threat At present, cyber crime comes in the form of a variety of attacks and threats, and new methods or technologies are being used to launch attacks through var ious channe l s more and more. This, coupled with the changing nature of the business and competition, has spurred GC to adopt digital technology for enhanced work efficiency and competitiveness. Use of digital technology, however, poses a risk and increases GC’s vulnerability to cyber attacks. GC implements cyber risk management in adherence to the framework of the National Institute of Standards and Technology (NIST Framework), which consists of five components as follows. 1. Identify Monitor new threats, assess risks in both office and factory systems, test IT security measures, and perform system assessments and internal audits to ensure strict compliance with the relevant safety standards. Establish measures for maintaining the security of both corporate and personal information, data protection, and information leakage monitoring, as well as measures for violations and personal information leakage. 2. Protect Enforce requirements, policies, and guidelines on the security of Information Technology (IT) and Operational Technology (OT) and data governance for use as guidance in GC Group. Prepare work systems and increase IT security measures to support working from anywhere, as well as install various protection systems, such as firewalls, WAF, data protection systems, threat intelligence, and assess system vulnerabilities, such as through vulnerability assessment, web applications, penetration testing, compromise assessment, penetration testing, and two-factor authentication. Foster cybersecurity awareness among employees at all levels, such as by providing information on guidelines and practices for IT management as well as relevant laws, and conducting phishing tests to assess employee awareness and understanding. 3. Detect Utilize a cyberattack detection and monitoring system using deception technology and endpoint security protection. 4. Respond Conduct cyberattack response drills and IT and plant systems recovery drills on a regular basis and improve response plans to ensure suitability and mitigate any potential damage. 5. Recover Establish policies and follow data backup and emergency preparedness protocols to ensure the continuous availability and functionality of GC’s data and information systems. Establish disaster recovery plans and conduct regular reviews and drills. 90

RkJQdWJsaXNoZXIy ODg4NTI=