Case Studies



MAYO

Having traversed the pivotal year of digital transformation and cloud data migration, the era is becoming increasingly dynamic, marked by the rapid emergence of various new technologies. Currently, Taiwanese enterprises are confronting a novel crisis—cybersecurity. This time, the impact is broader, deeper, and more challenging, with Taiwan arguably being one of the most significantly affected hubs in this crisis. 

The figure on the left is Mayo CEO, Mr. Chien Shih-Ping, and on the right is Netron CEO, Mr. Lee Shang-Hsiu.

In October 2022, Taiwan witnessed its first-ever massive personal data breach, with 23 million records exposed and illicitly traded. Before the midpoint of 2023, major corporations have been embroiled in a series of data leakage scandals. 

"For most foreign businesses today, no matter how well the system functions, if the cybersecurity is not up to par, they don't even want to take a glance at it." Leading Brand in Human Resources Systems MAYO CEO Chien Shih-Ping stated. MAYO currently serves over 1,300 clients, including numerous well-known publicly listed companies, multinational corporations, and foreign enterprises, with a notable presence among Fortune Global 500 companies. 

According to IMPERVA's cloud service report, data indicates that Taiwan ranks as the second most severely affected country globally by network layer DDoS attacks, following only the United States. These attacks set new records in terms of traffic, frequency, and complexity, with the financial industry, public relations sector, and entertainment industry being the most significantly impacted.

MAYO CEO Chien Shih-Ping mentionedV 

The global crisis is second only to the United States! MAYO, a leading brand in human resources systems, emphasizes the importance of adopting professional cloud solutions for clients to feel confident in collaboration.

Netron, the leading brand in cloud security for Taiwanese enterprises, CEO Lee Shang-hsiu analyzed that starting from last year, Taiwan has experienced an increasing number of cyber attacks. In just the year 2022, Netron gained collaboration agreements with over 600 new clients, contributing to a total increase of approximately 1,650 clients over the past two years. Many of these clients come from the financial and manufacturing sectors."The growth trend is evident; just last year, we handled 900,000 attacks for our clients."

The significant surge is undeniably related to the wave of digital transformation driven by the pandemic. The COVID-19 outbreak compelled many businesses to adopt cloud services, providing employees with the convenience of cloud-based attendance tracking, leave management, and approvals. In the era of heightened cybersecurity awareness, the adoption of cloud-based human resources systems that manage confidential data such as employee salaries and contact information has become even more crucial. In response, MAYO has decided to collaborate with Netron and implement the world-class cybersecurity tool IMPERVA Cloud Firewall Service, reinforcing comprehensive monitoring and protection of data. This strategic move positions IMPERVA Cloud Firewall Service as a key element in MAYO's ability to captivate a vast customer base.

Netron CEO Li Shang-Hsiu pointed out that just last year, Netron successfully fended off 900,000 cyber attacks on behalf of its clients.

The IMPERVA report further indicates that compared to 2021, the volume of application layer DDoS attacks has increased by 82%. The global financial services sector has seen a surge of 121% in attack rates. Up to 46% of enterprises have been targeted, with a significant portion experiencing repeated attacks. As the strength of attacks continues to escalate, how can Taiwanese businesses adequately prepare and stand firm in this era of constant threats? 

We lack cybersecurity talent! In the race against attacks, every second counts. MAYO adopts Imperva cloud services and actively invests in training its employees.

At the end of 2021, the Financial Supervisory Commission (FSC) in Taiwan amended regulations, stipulating that listed and over-the-counter companies must establish a Chief Information Security Officer (CISO) position and a dedicated cybersecurity unit by the end of 2022 to 2023. At that time, the industry estimated that, driven by the new regulations, Taiwan would face a shortage of over 20,000 cybersecurity professionals. With the implementation of the law, it became evident to the public that Taiwan's cybersecurity talent gap was significant and could not be ignored. Introducing external support and collaborating with cloud cybersecurity vendors are essential strategies to address the shortage of cybersecurity talent in businesses, especially for resolving issues promptly and effectively when internal personnel are unavailable. 

Li Shangxiu, citing an IMPERVA report, further exemplified that 70% of attacks occur within a 15-minute timeframe, often in the form of DDoS attacks. While many international giants rely on Service Oriented Architecture (SOA) that takes up to 15 minutes to activate, MAYO, utilizing IMPERVA services introduced by NetOrigin, can activate within just 3 seconds. 

Chien Shih-Ping emphasized the importance of internal education and training for employees. In the case of MAYO, training sessions are conducted every quarter to ensure that employees are well-equipped and prevent data security breaches caused by incorrect access. "We have strict regulations and limitations in place, with different levels of employees having access to varying sets of data. We also conduct regular scans and vulnerability assessments, as well as enlist the services of professional third-party cybersecurity firms to perform security inspections." 

Uncertain where to begin! Netron assists businesses in identifying sensitive data, determining storage practices, and helps MAYO gain customer trust.  

Many business owners still face significant mental barriers when transitioning to cloud services. In the past, human resources systems were frequently developed in-house; however, there is now a trend towards embracing cloud-based solutions. Chien Shih-Ping's observations highlight the prevalent misconception in Taiwan that placing data on the cloud is risky. Generally, smaller enterprises often lack adequate cybersecurity measures, whereas larger enterprises prioritize cybersecurity more extensively. 

In addition, a majority of enterprises exhibit a relatively insufficient awareness of data security and personal information protection. According to a report by Imperva, 54% of companies are still unaware of the location of their sensitive data, and a staggering 65% of enterprises express difficulty in categorizing or analyzing their data due to its sheer volume. Without the ability to identify sensitive information and monitor access behavior, businesses are unable to detect potential cybersecurity vulnerabilities, let alone proactively deploy preventive measures. 

In addition, the severity, volume, and storage method of sensitive data should be assessed together. "Netron's cybersecurity features extend beyond external attacks to encompass internal reconnaissance, classification, and identification of sensitive data. This ensures a clear distinction between publicly accessible and confidential information." Netron provides fully managed services for both internal and external cloud data. It also offers specialized support for unique industries, such as those dealing with predominantly unstructured data formats like videos and images. 

According to Chien Shih-Ping's analysis, MAYO stands out among numerous human resources system service providers not only due to its internal high-spec security mechanisms and regular external audits but also as a result of its crucial collaboration with Netron to implement IMPERVA cloud firewall. In a landscape where many traditional and manufacturing industries in Taiwan lack clear regulations, MAYO distinguishes itself by excelling in monitoring and protection, making it the preferred partner for many leading enterprises. 

How do leading international companies operate? They establish clear standards and implement IMPERVA for real-time, multi-faceted control.  

Using Chien Shih-Ping as an example within a large multinational management consulting firm, "They are clear about their cybersecurity needs. When seeking practical solutions, they find that Taiwan doesn't meet many of the requirements set by the parent company, so they collaborate directly with us. Due to the well-established specifications and standards in the procurement process of large multinational clients, who primarily opt for cloud solutions, functionality is crucial. However, even more critical is ensuring that cybersecurity passes scrutiny from the client and the overseas headquarters of the parent company. 

Chien Shih-Ping added that in the future, cloud-based cybersecurity services will become increasingly prevalent, serving as a fundamental necessity for all businesses. In the realm of human resources, sensitive information such as employee contact details, salaries, and possibly even data related to family members, represents invaluable assets that companies must safeguard and prevent from being leaked. This holds true, not to mention, for sectors like insurance and finance, where the scope of data is broader and demands even more scrutiny from business leaders. "This aspect will only garner greater emphasis in the future," he emphasized. 

At present, Taiwan primarily follows the Personal Information Protection Act as the main regulatory framework. Chien Shih-Ping shared that this is only the basic standard for MAYO in the field of information security. In addition to obtaining ISO27001 certification, there are many other aspects to address. He emphasized, "Our standards for information security must always surpass those of our clients to meet their needs. " 

These challenges have emerged in tandem with the evolution of the times, occurring as a natural part of the ongoing transformation process for businesses. They necessitate the involvement of skilled professionals and teams or the introduction of capable vendors to address them. Lee Shang-Hsiu concludes that, in addition to thorough preparation, the recruitment of new talents, and strategic training planning, collaboration with reputable cloud service providers and teams of experts is essential for businesses to agilely tackle potential cybersecurity issues. This collaborative approach ensures that, post the challenging pandemic period, businesses can operate with peace of mind, stability, and achieve further success.。  


About Netron

Netron is an expert in integrated services for network acceleration and security, offering enterprises a diverse, comprehensive, and one-stop customized cloud platform. To date, Netron has obtained numerous international OEM certifications and remains committed to research, technological innovation, and providing even more refined services.

Contact
Contact