WASCO BERHAD 42 KEY RISK AND MITIGATION STRATEGIES INFORMATION The risk of a breach in the management information system due to cyberattacks, data misuse, hardware failures, or other malicious actions targeting IT systems. Risk Definition • Increasing cyber threats in a rapidly evolving IT landscape. • Accelerated digital transformation at Wasco, leading to greater reliance on digital data and technologies. • Business disruptions caused by cyberattacks. • Leakage or breach of confidential data and business intelligence. • Reputational damage and loss of stakeholder trust. • IT system failures and integration breakdowns requiring extensive restoration and repair. • Non-compliance with regulations (e.g., Personal Data Protection Act (“PDPA”) and General Data Protection Regulation (“GDPR”), potentially leading to penalties or sanctions. Risk Trends and Impacts Potential Impact to the Group • Regular enhancements to cybersecurity protection measures. • Ongoing efforts to comply with ISO/IEC 27001:2022 Information Security Management System (“ISMS”). • Annual Vulnerability Assessment and Penetration Testing (“VAPT”) to identify and mitigate security risks. • Annual Disaster Recovery Plan (“DRP”) testing to ensure IT infrastructure and network resilience. • Awareness campaigns and training programmes for employees to enhance understanding of cyber threats, foster a culture of cybersecurity, and ensure compliance with company policies. • Enhanced cybersecurity protection through a range of measures, policies, and initiatives, leveraging technology such as the Security Operations Center (“SOC”) and Multi-Factor Authentication (“MFA”). Mitigation Measures Results of Mitigation Measures Medium
RkJQdWJsaXNoZXIy NDgzMzc=