Cybersecurity Institute Reveals Half-Year Cybersecurity Notifications: Telecommunications and Biomedical Industries Most Affected
The Cybersecurity Institute announced that over the past six months, telecommunications and biomedical industries accounted for the highest percentage of major cybersecurity incident notifications, each at 16.1%, followed by electronic components and automotive industries at 9.6%. The leading cause of illegal intrusions was the use of applications or packages from unknown sources (52.1%), followed by application vulnerabilities, brute-force password attacks, and social engineering. The institute emphasizes that cybersecurity risks are no longer concentrated in specific industries and calls for a shift from post-incident response to proactive management and enhanced endpoint behavior monitoring.
📋 Article Processing Timeline
- 📰 Published: April 7, 2026 at 14:56
- 🔍 Collected: April 7, 2026 at 16:00 (1h 4m after Published)
- 🤖 AI Analyzed: April 15, 2026 at 12:42 (188h 41m after Collected)
The Cybersecurity Institute announced the market industry distribution of major cybersecurity incident notifications over the past six months, with the telecommunications and network industry and the biotechnology and medical industry being the highest, each accounting for 16.1%. The electronic components industry and the automotive industry each accounted for 9.6%. The electronic distribution industry, computer and peripheral equipment industry, optoelectronics industry, other electronic industries, building materials and construction, and tourism and hospitality each accounted for 6.5%.
The Cybersecurity Institute stated that cybersecurity risks are no longer concentrated in specific industries, and all industries should continue to strengthen endpoint protection, account access management, and supply chain and outsourcing control to reduce the risk of incidents and their spread.
At the same time, the Cybersecurity Institute announced the causes of illegal intrusion incidents over the past six months. The use of applications or packages downloaded from unknown sources accounted for the highest proportion (52.1%), followed by application vulnerabilities (11.6%), then brute-force password attacks (9.2%), social engineering (9.2%), followed by operating system vulnerabilities (6.3%), improper web design (5.8%), vendor maintenance or management negligence (4.8%), and human error (1%).
The Cybersecurity Institute pointed out that the use of applications or packages downloaded from unknown sources, brute-force password attacks, and social engineering can be attributed to user behavior, totaling about 70.5%. This shows that most incidents do not originate from major system vulnerabilities or sophisticated attack techniques, but rather occur in 'seemingly normal' daily operating scenarios. Abnormal situations are often detected and revealed by monitoring mechanisms only after abnormal outbound connections appear at the endpoint.
The Cybersecurity Institute analyzed that attackers deliberately hide initial access within daily workflows, making reasonable and permitted operations a stable intrusion path that can be exploited, thereby forming a structural risk that continuously replicates within the organization.
The Cybersecurity Institute stated that some subsequent treatments of incidents only involve rebuilding or isolating compromised equipment, without simultaneously checking whether accounts, credentials, and permissions may have been leaked, which may allow attackers to re-enter the system using existing identities.
The Cybersecurity Institute reminded that cybersecurity governance should shift from post-incident response to proactive management. In addition to system protection and permission control, high-risk usage scenarios such as downloads, attachments, external websites, portable media, and remote access should also be included in control, so that necessary daily behaviors remain controllable and traceable when permitted.
The Cybersecurity Institute stated that the protection perspective should also shift from detecting external connections to observing endpoint behavior, grasping the context of program execution and file behavior, and intervening before abnormal connections occur. For detected abnormal connections, it should be assumed that there are identity and access risks, and the ability to re-intrude should be cut off as a closing condition to avoid repeated risks. (Editor: Chang Chun-mao) 1150407
The Cybersecurity Institute stated that cybersecurity risks are no longer concentrated in specific industries, and all industries should continue to strengthen endpoint protection, account access management, and supply chain and outsourcing control to reduce the risk of incidents and their spread.
At the same time, the Cybersecurity Institute announced the causes of illegal intrusion incidents over the past six months. The use of applications or packages downloaded from unknown sources accounted for the highest proportion (52.1%), followed by application vulnerabilities (11.6%), then brute-force password attacks (9.2%), social engineering (9.2%), followed by operating system vulnerabilities (6.3%), improper web design (5.8%), vendor maintenance or management negligence (4.8%), and human error (1%).
The Cybersecurity Institute pointed out that the use of applications or packages downloaded from unknown sources, brute-force password attacks, and social engineering can be attributed to user behavior, totaling about 70.5%. This shows that most incidents do not originate from major system vulnerabilities or sophisticated attack techniques, but rather occur in 'seemingly normal' daily operating scenarios. Abnormal situations are often detected and revealed by monitoring mechanisms only after abnormal outbound connections appear at the endpoint.
The Cybersecurity Institute analyzed that attackers deliberately hide initial access within daily workflows, making reasonable and permitted operations a stable intrusion path that can be exploited, thereby forming a structural risk that continuously replicates within the organization.
The Cybersecurity Institute stated that some subsequent treatments of incidents only involve rebuilding or isolating compromised equipment, without simultaneously checking whether accounts, credentials, and permissions may have been leaked, which may allow attackers to re-enter the system using existing identities.
The Cybersecurity Institute reminded that cybersecurity governance should shift from post-incident response to proactive management. In addition to system protection and permission control, high-risk usage scenarios such as downloads, attachments, external websites, portable media, and remote access should also be included in control, so that necessary daily behaviors remain controllable and traceable when permitted.
The Cybersecurity Institute stated that the protection perspective should also shift from detecting external connections to observing endpoint behavior, grasping the context of program execution and file behavior, and intervening before abnormal connections occur. For detected abnormal connections, it should be assumed that there are identity and access risks, and the ability to re-intrude should be cut off as a closing condition to avoid repeated risks. (Editor: Chang Chun-mao) 1150407
FAQ
Which industries had the most cybersecurity incident notifications in the past six months?
The telecommunications and network industry and the biotechnology and medical industry each accounted for the highest percentage at 16.1%, followed by the electronic components industry and the automotive industry at 9.6%.
What are the main causes of illegal intrusions?
The primary cause is the use of applications or packages from unknown download sources, accounting for 52.1%, followed by application vulnerabilities, brute-force password attacks, and social engineering.