Sustainability Report 2021

64 Introduction Customers Social Governance Appendix Environment Sustainability Report 2021 Cybersecurity Strategy 5 Strategic Initiatives The objective is to enable business acceleration by preparing for, responding to, and recovering from cyber threats, while adapting to known and unknown crises, threats, adversities, and challenges. IT Modernization – evolve IT and security technologies to keep up with the changing environment Identify-driven security – strengthen security and control to enhance identity protection Data security and protection – align with regulatory requirements Automation of security management – utilize automation tools for faster detection and response Intellgencedriven threat management – leverage external insight and sectoral data to analyze whether the Bank will be at risk Thecybersecurity roadmap also adopted a proact ive approach i n threat identification of new and potential threats, thus, enabling the Bank to detect and manage risks in a timely manner, thereby preventing financial and reputational loss on a large scale. Additionally, ttb also invested in a vulnerabi l ity assessment tool by integrating it into the organization’s IT infrastructure as an in-house service that is available on demand. This new feature automatically scans newproject implementations for vulnerabilities and immediately identifies related risks, thereby enhancing the efficiency, accuracy, and frequency of the vulnerability assessment. In terms of data protection and threat detection, data leakage prevention measures have been strengthened to ensure that there is an absence of unauthorized exposure of sensitive data. Every communication channel; namely, email, website, laptops, and UBS are monitored for unauthorized use of sensitive data, particularly informat ion exchanged between the Bank and external organizations, which are validated and approved by themanagement prior to release.With the on-going Work from Home protocol, data loss preventionmeasures have also been implemented through the use of VPN and Outlook 365 to safeguard sensitive data from being misplaced, misused, or accessed by unauthorized users.