Cyber security measures are needed urgently in the face of a surge in incidents affecting companies and critical infrastructure
Have you all heard of cyber security? It refers to measures for protecting against cyber attacks that compromise corporate systems and steal or alter data.
Cyber attacks are actually becoming increasingly sophisticated now, and their scope of impact has apparently expanded to also include critical infrastructure such as public agencies as well as companies. What's more, it sounds like there has been a sharp increase in the number of attacks made in recent years, so the need for cyber security is rising rapidly.
With this in mind, NEC issued a press release stating it was launching new initiatives related to cyber security business. I went straight to the Cyber Security Strategy Division established in April of this year for a rapid-fire interview to hear more details!
Mr. Matsuo is the General Manager of NEC's Cyber Security Strategy Division established this year. He is an expert who has been involved in cyber security at large organizations such as government administration offices for many years.
Cyber attacks are growing broader in scope!
- MitaIt's nice to meet you, Mr. Matsuo. Getting straight to the point, why is cyber security considered so important these days?
- MatsuoBecause cyber attacks are becoming an increasingly serious threat to all companies. Take financial institutions for instance. It is said that 83 million pieces of customer information have leaked due to cyber attacks in the U.S., and information on as many as a million customers in Japan may have leaked as well.
- MitaIt sounds like a staggering amount of data has leaked...
- MatsuoThere is even talk of cyber black markets on a scale of several hundred billion yen stemming from cyber attacks like these, resulting in a host of new cyber attack proponents.
- MitaI had no idea such an enormous market existed.
- MatsuoDue to factors such as these, the increased risk of information leaks at companies due to cyber attacks has become a major issue, as has the resulting loss of faith or interruption of business and services.
- MitaIt sounds like this is causing companies a great deal of grief.
- MatsuoCyber attacks aren't limited to companies. There have already been attacks on critical infrastructure such as power plants overseas. Do you remember the London 2012 Olympics?
- MitaOf course. I actually went there to report on it.
- MatsuoThere were threats of a takeover of power system-related infrastructure during the London Olympics opening ceremony. According to reports, a total of 2.35 billion cyber attacks occurred throughout the course of the games.
- MitaWow, that's a huge number.
- MatsuoSeveral international events are also scheduled to be held in Japan in the future, so NEC believes it is necessary to implement urgent cyber security measures.
There are organized professional cybercriminal groups!?
- MitaIn my mind, I imagine crimes targeting computers or systems to be acts of individual mischief carried out by people with extensive knowledge of computers and networks, as well as superior skills, in order to make a name for themselves. I get the feeling that doesn't mesh with what you've been saying.
- MatsuoYou're correct. A growing number of incidents are actually instigated by organized professional cybercriminal groups now.
- MitaProfessional cybercriminal groups!?
- MatsuoYes. For example, a group may launch a coordinated attack on the system of a certain company, shutting down its business or services. As I mentioned earlier, there are cyber black markets in which a variety of information is traded, including system vulnerabilities that are not known by the general public, as well as new attack tools. This makes it very difficult to avoid being affected when you are targeted.
- MitaThat's a scary thought...
- MatsuoThere has also been an increase in insidious cyber attacks that target a sure-fire weakness. For example, even if a certain company's system is secure, a company it has business dealings with may have a low level of security. This can result in a compromise via the system of that related company.
- MitaThat really is targeting a company's weak point.
- MatsuoBecause cyber attack techniques are becoming more sophisticated and devious like this, dealing with them now requires specialist knowledge. Incidentally, the number of accidents and incidents related to cyber security have quadrupled(*) in the two years between 2011 and 2013. It is said that the figure would exceed this greatly if undisclosed incidents and accidents were also included.
*From JPCERT/CC Incident Handling Reports
- MitaThings seem to have gotten really bad all of a sudden... What measures are NEC considering?