Malware, short for malicious software, accesses a computer or network by destroying an existing program. Malware can take many forms, from computer viruses performing unauthorized actions to spyware that sits stealthily in the background and collects personal information, worms that multiply through email programs and Trojan horses that access computers via seemingly harmless files. Malware tends to access computers either via email programs, the internet, or software program vulnerabilities. Recently, malware has been increasingly spread through malicious adware or smartphone applications which infect a device when a separate piece of software is installed.
DDoS stands for distributed denial of service attack. A DDoS attack occurs when multiple compromised systems flood a single targeted server or machine with large packets of traffic, rendering the targeted server unable to provide its usual services. The attacker uses the internet to first seek out weak or poorly managed servers that can be easily accessed. Then, the attacker uploads a DDoS program onto all of the compromised third-party systems. Because those systems are set up to all begin the attack on the targeted server at the same time, users of the compromised systems are unaware that they have become the actual perpetrators of a targeted attack. The original source of the attack cannot be identified until the attack actually starts, making it hard to mount a solid defense in the event of a targeted attack.
The International Criminal Police Organization (Interpol) is an intergovernmental organization facilitating international police cooperation. Japan joined Interpol in 1952. Today, as many as 190 countries and regions work together to investigate and combat international crime. Interpol helps locate missing persons or potential suspects in a crime who have fled to other countries. It also maintains a database on international criminal activity. In 2012, Interpol signed a partnership agreement with NEC to enhance cyber security. Then, in 2014, NEC helped Interpol establish facilities in Singapore to promote research and training, and offer investigative support to combat cyber crime. NEC is currently working to help strengthen security frameworks that can protect Interpol's international networks from increasingly complex and sophisticated cyber crime.
The Computer Security Incident Response Team (CSIRT), pronounced "SEE-CERT," provides a cooperative response when problems occur with computer systems or networks of private corporates or administrative agencies. Established specialist CSIRT team may mount a response, or a team may be formulated on the spot when a problem becomes apparent. When a system is accessed illegally or infected with malware, CSIRT acts as the first point of reference, collecting information and informing users to help contain any damage. In 2007, Japan established its own Nippon CSIRT Association to help encourage cooperation and sharing of information among CSIRT members and build a credible defense against increasingly sophisticated and complex cyber attacks.
The term forensics was originally used to refer to the scientific analysis of hair or blood samples, etc. In the field of information security, computer forensics refers to the methods and technology used to collect and analyze data than can help pinpoint the source of any unauthorized computer access or information leakage. This can involve the searching of remaining data on servers and hard discs for evidence of destruction or removal. Investigators can then flush out any unauthorized usage by scouring email correspondence and website access records in order to clarify the timing and type of usage for specific computers.
A vulnerability is a flaw caused by a mistake or program bug in the design of an operating system or piece of software. It is sometimes called a security hole. You are more likely to be affected by unauthorized access or infectious computer viruses if you use an operating system or software that contains vulnerabilities. Vulnerabilities are also often found in web servers and applications. If vulnerabilities are discovered, it is imperative to update the OS or software, and apply any remedial patches or programs distributed by the manufacturer. The JPCERT Coordination Center and the Information-technology Promotion Agency display pertinent information on vulnerabilities disclosed by program developers on their jointly operated Japan Vulnerability Notes website.
A targeted attack is a cyber attack directed at a specific target. One of the most common methods of targeted attack is via email. An attacker researches in advance users and organizations that have valuable confidential information or intellectual property and then sends attack mails to specific targets. It is not always easy to tell that the attacking emails are fraudulent, or that you are the subject of a targeted attack. The target does not become immediately suspicious because the emails appear to originate from actual organizations and actual people, and they refer to issues that the target is likely to be interested in. The damage is often caused when people open email attachments, either without the slightest suspicion or due to insufficient care or vigilance. Anti-virus software also report undetectable attacks. Companies should be aware that these types of cyber attacks do occur, and should be vigilant in their handling of emails and email attachments.
Basic Act on Cyber Security
This act, passed in November 2014, stipulates Japan's basic stance on cyber security. It encourages administrative agencies and public infrastructure operators to ensure they have stringent cyber security measures in place. The Act also urges private-sector operators and educational institutions to introduce cyber security measures autonomously, with the aim of stimulating industry and its international competitiveness, promoting research and development, and securing high-quality personnel. Under the Act, the former Information Security Policy Committee became the Cabinet Cyber Security Center. Today, the Center is tasked with compiling strategic security proposals and policy standards, and enforcing the resulting policies. The Center also investigates any major security breaches or events in administrative agencies.
Information Security Policy
An information security policy summarizes the overall direction and action guidelines for corporations and organizations. It usually covers the three stages of information security fundamental policy, policy standards and implementation procedure. Fundamental policy defines the aim of a specific information security policy, declares the action that a company should take, and states who is responsible for ensuring all action is fully implemented. The policy standards section determines the regulations that should be implemented and the scope of their application. The implementation procedure section determines the concrete policy for implementing information security. Determining a clear information security policy is an important means of reducing the risks to which a company's key information resources are exposed. Conducting staff training based on a firm information security policy is also an effective way to boost security awareness.
The OODA loop refers to a decision cycle of observe, orient, decide and act, developed by a US military strategist for army combat operations. Repeating these four processes helps develop swift, clear and agile decision-making capabilities. In the field of information security, powers of observation are used to amass information that can help discern the aim and motivation of a cyber attack. Having done that, the orient stage enables people to analyze and clearly grasp the potential impact of a cyber attack on their company or organization. People can decide what appropriate action to take, and then act upon that decision to resolve any problems and eliminate the risk source. In its Advice for Promoting Information Security Policy released in 2013, The Ministry of Internal Affairs and Communications' Security Advisory Board advocates employing OODA loop processes as a defensive strategy against cyber attack.
Refers to the establishment of multiple walls of defense to protect against cyber attack; the logic being that if one wall of defense is overcome, the next wall can halt any attack. In reality, this means establishing multiple security policy tools to help bolster physical perimeter and entry security measures, such as firewalls, wireless LAN security, access detection, anti-virus software and data encryption. As cyber attacks become increasingly diverse, it is difficult to protect assets using one method alone. By building multi-layered defenses that cover a variety of different routes, it is possible to establish a solid security policy that can respond to every kind of attack. One type of multi-layer defense is the exit policy, which prevents information being removed from a system even when the system has been infiltrated by malware.
Security Operation Center (SOC)
A security operation center, or SOC for short, acts as a focal location for monitoring corporate or institutional network security. SOCs are designed to ensure early detection of security incidents, and enable dedicated specialists to monitor server logs, etc. In the event of a security incident, the SOC can instantly judge what effect the incident might have on business, and decide the necessary action and the level of priority.
Internal fraud refers to any security threat caused by fraudulent action by a member of staff within a company or organization. Internal fraud can wreak significant damage if sensitive customer or product data are leaked, which could potentially ruin a company's reputation or invoke costly compensation claims. Internal fraud can involve a staff member intentionally stealing confidential information, but it can also result from data being leaked when a staff member takes it out of the office to work from home, or if a staff member manages their terminal carelessly and data are lost. In order to prevent internal fraud, people at all levels of responsibility within a company and within individual sections need to create solid systems that facilitate cooperation. They should also make concrete proposals for implementing designated security policies. For instance, it might be necessary to decide how many staff members should be able to handle sensitive information and who can enter rooms where important information is stored. Companies could also create and store records of information system logs, and organize more thorough staff training to increase security consciousness.
Security intelligence refers to the latest information on system vulnerabilities, cyber attack trends and latest methods; all vital information for preempting cyber attacks. It is possible to detect signs of attack early on by widely analyzing global cyber attacker patterns, and incorporating that into monitoring sensors and analysis of monitor sensor alerts. Approximately 80% of attacks detected in Japan were targeted at Japanese institutions, highlighting the importance of collecting the latest security intelligence from Japan as well as international markets in order to protect the nation's corporations.
Physical security refers to established physical systems that prevent access to corporate or institutional facilities and information. These could include building entrance monitoring via IC cards or biometric authentication, video monitoring systems using security cameras, or perimeter systems to prevent people entering buildings or server rooms from outside. Policies designed to prevent fraudulent system access or purposely destroy data are called information security, as opposed to physical security. It is possible to create a stronger system by linking information and physical security measures. It is often easier to bring formerly independent systems under a single jurisdiction, a move that could also boost business efficiency.
An incident refers to any event that presents a threat to smooth information management and systems operations. Incidents can range from computer virus infections to unauthorized access, destruction of websites, hijacking accounts, and information leakage. An incident can interfere with the regular running of a business, or prevent users from accessing services. The leakage of personal information can lead to claims for compensation and loss of corporate reputation, both of which can adversely impact sales and result in significant losses. It is vital to determine an incident policy and specific action in advance in order to ensure an appropriate response and minimize any potential damage in the event of an incident actually taking place.
IDS, which stands for intrusion detection system, is a device or software application that detects unauthorized access to computers or networks, and reports such activities to a management station. There are two main IDS systems: the network intrusion detection system (NIDS) that monitors packet traffic on networks, and the host intrusion detection system (HIDS) that monitors packets on servers. Since IDS is a monitoring system, it should be employed in conjunction with firewalls and other means of blocking attacks. It is possible to mount an effective defense against attacks by incorporating data such as an attacker's IP address obtained through IDS monitoring into firewall configuration settings.
Network Quarantine System
This system is designed to isolate PCs that do not meet the pre-determined security policy. This can help prevent internal networks being infected by worms, etc. via unauthorized PCs brought into a company or via PCs connecting to the network without the applicable security patches. The system tests PCs by initially connecting them to a dedicated network that is separate from the internal LAN. If no problem is detected, the PC is then permitted to connect directly to the internal LAN. If a problem is noted in the testing stage, then appropriate measures are taken and the PC is retested. These measures could involve checking whether the PC's anti-virus software is working properly and the definition file is up to date, checking whether the OS security patch is applicable, or checking whether some software has been installed that carries a security risk, particularly file-sharing software. It is possible to maintain a strict, uniform level of security on internal networks by establishing unified standards and implementing policies based on those standards, rather than relying on worker ethics and morals.
Proactive Cyber Security
Proactive cyber security aims to close the gap between constantly evolving hacker methods and a company's security policy. It does this by building responses to known vulnerabilities and preempting a hacker's actions. People used to believe that the best way to protect entities from cyber attack was to build the perimeter wall as high as possible, largely because it was impossible for companies and organizations to keep up with rapidly advancing hacking methods. Given that there is a clear gap between hacking methods and the means to protect against them, companies should be looking to swiftly analyze where the risks to their own information systems lie so that they can get a clear grasp of their reality. Visualizing networks helps give a clear idea of where vulnerabilities lie. Companies can then build a proactive response by prioritizing appropriate measures.