Increased cyber security awareness
The year 2015 was the end of the beginning of the age of cyber security. When Tokyo was awarded the 2020 Olympic and Paralympic Games in 2013, there was a sudden increase in awareness of the need to guard against terrorists and cyber attacks. That led to the enacting of The Basic Act on Cybersecurity in November 2014, and in October 2015 the My Number Individual Identification Number System (social security and tax number system) came into effect. Hardly a day has gone by without some news about cyber security in which a cyber attack has led to large scale leakage of information. In addition, cyber security is not limited to the ICT field. Security must be reinforced for control systems and the growing Internet of Things (IoT).
What measures should companies take?
Today, security measures are a part of all corporate activities. They include a wide range of organizational measures from business continuity plans (BCP), IT planning, information security management systems (ISMS), and security audits, as well as system-based measures covering all aspects from system introduction plans to procurement and operation. Once an incident occurs, not only the IT department, but also top management and various other departments including the legal, promotion and sales departments, must work together to respond to the incident.
It is therefore important for companies to understand that cyber attacks are a risk to overall corporate activities, and that investments must be made in cyber security as a facet of risk management in order to expand and continue business. When considering such investments, it is recommended to refer to best practices such as the Cybersecurity Framework published by the National Institute of Standards and Technology (NIST) and the Cyber Security Management Guidelines* published by the Ministry of Economy, Trade and Industry (METI) and the Information-technology Promotion Agency (IPA).
- *This is a translation of the Japanese title made by NEC Corporation for use in this journal only. The original document is available only in Japanese.