In fact, a Statista study found out that the potential economic and consumer loss caused by cyber threats in Japan, like internet auction frauds, illegal or harmful content, unauthorized computer access or malware, defamation and slander, illegal business practices or spam mails reached US$2.1 billion in 2017.
According to IPA statistics, only 55% of companies in Japan were reported to conduct cybersecurity vulnerability assessments, as opposed to roughly 80% of firms in the U.S.A and over 65% in Europe. This just goes to show a general lack of awareness among Japanese firms about cybersecurity and its importance.
The Statista study mentioned above revealed that the financial losses that occur due to a cyberattack is just the tip of the iceberg. Companies may also face higher customer churn due to loss of reputation and other induced damages after a cyberattack.
Repeated cybersecurity incidents can also bring the digital transformation of a company to a grinding halt. In fact, according to a Deloitte study, almost 63% of IT and business leaders said that the fear of cyberattacks caused them to put the digital transformation plans for their organization on hold. In addition to that, many Japanese organizations see cybersecurity as a corporate social responsibility rather than a catalyst that could improve their competitiveness. Most only begin to think about it after planning their digital transformation strategy, severely limiting their ability to create a holistic and secure infrastructure.
As medium and large-scale organizations make rapid strides towards digitization – without adequate emphasis on cybersecurity, they are only creating vulnerabilities that can be exploited by cybercriminals, jeopardizing their revenue and market share.
According to Cisco, the most common types of cyberattacks are malware, phishing, man-in-the-middle attack, distributed denial-of-service (DDoS) attack, SQL injection, Zero-day exploit and DNS Tunneling.
A recently conducted cybersecurity study by Sophos showed that the most serious attack vectors in Japan were employee malicious acts, employee error, and poor system designs. Another study by Comparitech showed cyberattacks in Japan had increased, with computer ransomware attacks rising from 8.3% to 9.17%, mobile ransomware attacks having escalated from 1.34% to 1.97%, while telnet attacks stood at 1.06%.
The above report by Sophos also lists the lack of budget and skilled security specialists as common reasons for inadequate cybersecurity measures – which can also be cited as key cybersecurity challenges for enterprises, in addition to educating the leaders, as well as staff, about cybercrime and how to prevent it.
How Japanese IT and security decision makers prepare for cybersecurity will affect their organization’s security in the next two years. The top technologies or issues that most IT leaders from Japan think will impact organizational security are artificial intelligence, machine learning, IoT devices, and public cloud computing.
These leaders and key decision makers should educate the entire organization and leverage maximum cooperation from all the departments so that everyone has a baseline for cyber hygiene. Apart from setting up a strategy for cyber-resilience, they also need to evolve a cybersecurity-driven business model that is dynamic and scalable.
The first step in building an effective cybersecurity policy is assessing risks – or identifying the current security landscape of your company, the potential threats, and the security regulations that must be adhered to.
Cybersecurity is also a continuous process – which means regular assessments and routine security checks should be embedded in the strategy to recognize any gaps or loopholes at the right time. In fact, 38% of Japanese firms said that their lack of cybersecurity maturity affected the speed at which they could detect vulnerabilities in security. In addition to this, another 51% of Japanese companies feel that their organization doesn’t have an able cybersecurity team in place that could properly detect, investigate, and respond to threats ahead of time.
In addition to firm policies and regulations, Japanese IT leaders should look at hiring a full time professional as your security officer or identify someone in your existing IT team for implementation and monitoring. However, the former may turn out to be too expensive and ineffective without an expert team to work under the chief security officer. The latter may not be feasible, for many companies’ have heavily burdened IT departments and an internal team member may take time to learn the ropes. The third option is partnering with a trusted managed security services provider that works alongside you to keep your IT infrastructure and data secure.
To build a secure organization, some of the key concerns that you need to address include the security of your critical infrastructure and network from external threats, cloud security and data protection, risk assessment and compliance management. At CenturyLink, we take all these factors into account to offer customized and comprehensive cybersecurity services to medium and large-scale enterprises backed by advanced threat intelligence and security experts.
According to Gartner, the benefits of working with an MSSPs allow for an “outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.”
Adopting a more proactive cybersecurity strategy isn’t something that has been practised by most Japanese firms. According to a 2017 survey, 46% of Japanese firms thought about improving cybersecurity only after experiencing an incident with the WannaCry ransomware attack, where 2,000 computers were infected at 600 organizations. Japanese IT leaders had to grow savvier about cybersecurity as a result, all the while looking to employ the services of MSSPs that would help them keep cyber attacks at bay and improve business outcomes.
The International Data Corporation (IDC) issued a market assessment guide in 2019 that would go on to show companies how to choose the right cybersecurity services provider, highlighting measures like comparing the breadth of the portfolio of MSSPs of multiple vendors, the availability of 24/7 support, threat detection capabilities, etc.
Independent research by CenturyLink reports improved business outcomes for companies using third party MSSPs, and suggests three points to consider while comparing managed services for securing your IT infrastructures. First, ask yourself whether a particular service improves your security or not. If it is an area where your company is already doing well – you can strengthen your expertise further. If not, it is best to rely on a third-party expert.
The next question to consider is whether working with an MSSP would improve the efficiency of your employees. As mentioned before, internal IT teams are usually too burdened to take on the additional task of security management.
Third is the question of costs – that is, does working with an MSSP reduce them? As most companies operate with limited funds, it is quite essential to weigh the benefits of hiring a third-party vis-à-vis costs before making the final choice.
Besides comparing services, you may seek answers to the following questions to choose the perfect fit:
You may also ask your potential cybersecurity partner about the cybersecurity strategy they employ. For example, at CenturyLink,our comprehensive methodology of People, Process and Technology to simplify security through automated threat detection, mitigation and response allows our clients to focus on strategic initiatives while we guard their IT infrastructure.