Stackholder Survey 2021

Online Survey A third-party provider supplied access to the online survey instrument - SurveyMonkey The survey period: From August 18, 2021 to September 21, 2021
Stackholder	Sample Requirements	Email Sent	Valid Email Amount	Click-through Rate
Domain Name Registrants	Those who used TWNIC domain name services in the past year	74,578	391	0.5%
IP Members	--	366	21	5.7%
TWCERT/CC Newsletter subscribers	Newsletter subscribers	5,856	174	3.0%

Online Survey A third-party provider supplied access to the online survey instrument - SurveyMonkey The survey period: From August 18, 2021 to September 21, 2021
Stackholder	Sample Requirements	Valid Email Amount
Domain Name Registrants	Those who used TWNIC domain name services in the past year	391
IP Members	--	21
TWCERT/CC Newsletter subscribers	Newsletter subscribers	174

In-depth Interviews The interview period: From September 15, 2021 to October 20, 2021
Stakeholder	Sample Requirements	Number of Interviewees	Methodology
Domain Name Registrar	--	3	Telephone call/Online telephone call
IP Registrar	--	2	Online telephone call
Taiwan CERT/CSIRT Alliance	--	2	Online telephone call
Foreign CERT	--	1	Online telephone call
ICANN and APNIC	International organizations responsible for administering internet resources	3	Online telephone call
Relevant Government Agencies	Points of contact with frequent operational engagement	3	Telephone call/Online telephone call/Email

In-depth Interviews The interview period: From September 15, 2021 to October 20, 2021
Stakeholder	Number of Interviewees	Methodology
Domain Name Registrar	3	Telephone call/Online telephone call
IP Registrar	2	Online telephone call
Taiwan CERT/CSIRT Alliance	2	Online telephone call
Foreign CERT	1	Online telephone call
ICANN and APNIC	3	Online telephone call
Relevant Government Agencies	3	Telephone call/Online telephone call/Email

Service Awareness and Usage Rate

The "e-Newsletter Subscriber -TWCERT Alliance Members" have a higher awareness of various services, especially in "information security information sharing", "information security awareness promotion," and "information security incident notification and assistance", which have over 90% awareness. The " e-Newsletter Subscriber -TWCERT Alliance Members " also have a higher usage rate of all services. It can be observed that the consortium members are the stakeholders who have more frequent interaction with TWCERT/CC.

Service awareness
Service usage rate

	Newsletter subscriber TWCERT alliance member n=60	Newsletter subscriber with information security department n=87	Newsletter subscriber without information security department n=27
Cyber security information sharing	96.7%	87.4%	81.5%
Promoting cyber security awareness	93.3%	83.9%	77.8%
Report and respond cyber security incidents	91.7%	77.6%	70.4%
Product vulnerability reporting	78.3%	62.1%	63.0%
Malicious file detection service	66.7%	52.9%	44.4%
Network phishing reporting	61.7%	50.6%	48.1%
None of the above	0%	4.6%	14.8%

Source: Online Survey (2021)

	Newsletter subscriber TWCERT alliance member n=60	Newsletter subscriber with information security department n=83	Newsletter subscriber without information security department n=23
Cyber security information sharing	80.0%	50.6%	47.8%
Promoting cyber security awareness	56.7%	39.8%	60.9%
Report and respond cyber security incidents	35.0%	19.3%	4.3%
Product vulnerability reporting	41.7%	14.5%	34.8%
Malicious file detection service	28.3%	16.9%	4.3%
Network phishing reporting	23.3%	12.0%	0%
None of the above	6.7%	30.1%	26.1%

Source: Online Survey (2021)

Service Helpfulness and Reasons

For the service value, 86.7% of the respondents rated "information sharing" as helpful. A total of 83.1% of respondents rated the service as helpful for "information security awareness promotion". Among the "product vulnerability reports", 50% of the respondents thought the service was helpful. 50% of respondents thought "information security incident notification" was helpful. For "phishing notification", 45.8% said the service was helpful. The overall level of helpfulness of the "malicious file detection service" was nearly 70%.

Information security information sharing

Information security event notification

Information security awareness promotion

Malicious file detection service

Product vulnerability notification

Network phishing notification

n=166
Source: Online Survey (2021)

78.2% of respondents thought the quality of TWCERT/CC service was good or very good. About 70% preferred the technical support. Last year, the satisfaction rate of service quality was 74.3%, but this year, the satisfaction rate increased by 3.2% and 78.2%. This year's technical support satisfaction rate was 69.5%, which is only 0.1% less than last year, and the satisfaction rate of technical support has remained more or less the same over the years.

35.6% of respondents fully agreed that they trust TWCERT/CC, and 47.7% "agreed" that they trust it. More than 30% of the respondents agreed that the services provided by TWCERT/CC are valuable, 51.1% agreed with the value of the services provided.

Service Quality

Technical Support

Trust to TWCERT/CC

Value of TWCERT/CC Service

n=174
Source: Online Survey (2021)

Service Quality

Technical Support

Trust to TWCERT/CC

Value of TWCERT/CC Service

n=566
Source: Online Survey (2020)

Service Quality

Technical Support

Trust to TWCERT/CC

Value of TWCERT/CC Service

n=501
Source: Online Survey (2019)

Expectations and Preferences for Training Courses

Nearly 90% of the respondents expected "downloadable presentations of forum or course contents", 70% expected "more Chinese speaking lecturers or real-time translation services", and 26.4% expected "more foreign speakers to be invited" for TWCERT/CC forum meetings or educational training contents.

n=174
Source: Online Survey (2021)

Information Service

The overall attention score for the messages posted by TWCERT/CC was 3.8, with 23.6% always concerned, 40% often concerned, and 44.8% occasionally concerned. The highest percentage of Internet issues respondents were interested in was "information security threats and defense trends" (95.4%). Nearly 80% of the respondents wanted to know more about "information security processes and practices", and 70% wanted to know more about "the latest information security standards".

n=174
Source: Online Survey (2021)

Respondents usually obtained information and new knowledge related to information security mainly through "official websites" (73.0%) and "e-newsletters" (70.1%). 64.9% obtain information through "seminars or courses". The main preferred form of information security-related content was "articles and discussions" (web pages and documents with text-based content, supplemented by pictures), with 92.5% of the respondents. The next 50% preferred "videos" (YouTube, Vimeo), and 44.8% wanted "photos, photo albums" (content with pictures as the main content, supplemented by text).

n=174
Source: Online Survey (2021)

Impact of COVID-19

In the past three months, 10% of the respondents' companies/organizations were affected in terms of information security needs or protection methods. Most of the respondents mentioned that they have immediate needs for information asset protection in their home or remote offices, and that remote (non-company) office environments may become information security vulnerabilities during the epidemic due to the derivation of information security issues and the lack of awareness of information security among employees. In addition to education and training for personnel to enhance their knowledge, practical protection such as employee identity authentication, anti-virus software application and protection means are also important during the epidemic.

n=174
Source: Online Survey (2021)

Expectations and Recommendations

The respondents hoped TWNIC or TWCERT/CC could "provide more services/information" (16.7%). In terms of information provision, some respondents mentioned that they hope TWNIC or TWCERT/CC can continue to provide information related to information security, restore the previous full content PDF file of the e-newsletter, expect the information to be transparent and open, enhance usability, and improve the efficiency of intelligence disclosure. After the notification, we hope to provide quicker and more accurate assistance to deal with the information security crisis as soon as possible. For services, respondents hoped TWNIC or TWCERT/CC could provide more Internet defense technology or provide more guidance and advice on network protection. After notification, they hoped that case follow-ups could be faster and more precise to help deal with the information security crisis as soon as possible.

n=174
Source: Online Survey (2021)

The interviewees have acknowledged the events and the info-sharing activities. They expect more efficient notification by making good use of a variety of platforms.

TWNIC has received good reviews from alliance members three years in a row. The events and info-sharing activities are fairly helpful. The events were organized with meticulous efforts and a rich variety of topics. The information is clear and timely updated with diverse methods. In addition to notification, newsletter and website announcement, stakeholders would also like to be notified by using API directly. This shows even if the notification has the same information, the platform it's delivered and the level of disclosure mean differently for stakeholders. Therefore, if TWNIC can share information based on different platform's features, it will be more efficient for users to learn, handle and make use of it.

The information they offered is pretty good because it's either the end of 2020 or the beginning of 2021, they started to use the MITRE ATT&CK framework to describe the entire process of cyber kill chain. With this description technique used worldwide, it gives fairly clear information on how specific ransom cyber-attacks have worked.

I am in their LINE group which offers information mostly about cyber security. Of course the LINE messages can be read timely, but the newsletter has pretty much the same content. So when I read the newsletter, I don't read LINE messages.

The alliance members also think TWCERT/CC provides a lot of information covering a wide range of topics, but it needs to be more careful about the accuracy and timeliness.

It's a pity that TWCERT/CC sometimes sends out time-sensitive information late... it's impossible for us to wait another one or two weeks to get the full picture of it.

It also happens that my coworker didn't read through TWCERT/CC's message and blocked the threat s/he thinks is important. Later when we wondered why something had been blocked, we checked and realized the scenario is very common. That's why we hope them to offer more precise information.

Add incident status inquiry or notification, increase effectiveness of cross-country incident reporting

Stakeholders think the domestic incident reporting and subsequent handling process is fairly smooth but cross-country reporting/handling is not as satisfactory. Based on their experience, since the incident was labelled as other countries, it took a very long time for inappropriate content to be removed and there was no way for them to know how the incident was handled afterwards. Besides, they'd also like to have an incident status inquiry function and to be notified timely, so that the reporter can learn about the incident status and become more willing to report incidents.

TWCERT/CC helps us with this. When CERT has security incidents, we also contact other CERTs through TWCERT/CC. This also works when educational institutions in Taiwan encounter security incidents. Personally I think they did a good job on the communication process.

On the same occasion we also realized it was difficult to track malicious phishing sites from a nation's perspective. After we finished reporting on TWCERT/CC website, there's no access for us to inquire the incident's status.

Take industry requirements/gaps into consideration and deploy services to assist

Stakeholders think TWCERT/CC serves as the bridge of communication between the government and the private sector; therefore, they project their industry requirements onto expectations for TWCERT/CC, wishing TWCERT/CC to help them understand industry trends and formulate specifications/standards. Besides giving an evaluation on how to assist the industries with their requirement gaps, it's more important for TWCERT/CC to make sure these industries understand their role/position/missions.

Stakeholders also suggested that TWCERT/CC should take advantage of Taiwan's flourishing high-tech industry and build up the industry's vulnerability database. TWCERT/CC should leverage its neutral role and collect industry-specific/product-specific security experiences, so as to enhance Taiwan's security protection capacities and create its own cyber defense features.

There are a lot of high-tech manufacturing businesses in Taiwan. If everyone is willing to provide TWCERT/CC with relevant information, maybe it can be the organization that owns Taiwanese manufacturers' first-hand cyber security experiences. This might help TWCERT/CC stand out and play a more distinctive role in global cyber defense.

TWCERT/CC also has this kind of training. By bringing together the power of PSIRT in Taiwan, Taiwan's software security protection capacities can be enhanced.

Improve online tech training results and continue to put efforts in segmented security education

Even though stakeholders said they don't think COVID-19 has affected how they interact with TWNIC, we cannot neglect that they pointed out online tech training results should be improved. As hands-on training classes produce more fruitful learning results, shifting to online classes certainly has impact on the learning model. Therefore, they look forward to a better way for training classes to proceed.

In the past, the TWCERT/CC conferences we joined usually took the entire afternoon or half day. I think being there in-person has the best learning outcomes. I can ask a questions anytime. However during COVID-19, there are fewer sessions, so I hope there's a better way to deliver the info in hands-on courses.

Stakeholders also have given positive recognition to the information section on the official website. Although alliance members aren't likely to use it often, they must have used it to inform the general public whether in the form of security education or raising security awareness. In addition to continuously providing security information, making persistent efforts in providing security education to the general public also helps the society well-prepared for security incidents.

As to the official website, I think it's better to have information suitable for the general public/non-IT employees. The content can be combined with latest news/topics. They have made short videos before. When we think the content is informative, we will forward the messages to our coworkers.

The information available on the official website promotes people's security awareness and shows how to safeguard one's own assets or devices. I think the information is also useful to our coworkers and other corporate users.