Cyberattacks have been Japan’s primary international concern since 2016, prompting more outcry among Japanese leaders and the public than other serious issues impacting the country, such as climate change. In response, the country has taken numerous proactive measures that have been incredibly successful in gaining the upper hand against cyber threats. A 2019 report by the National Police Agency states the number of cleared cybercrime cases in Japan has been on the rise, reaching a record high of 9,519 in 2019. Additionally, the report notes that the number of spear phishing attacks in Japan in 2019 was cited at 5,301 — with many of the spear phishing emails leveraging language surrounding “Health & Safety” and “Bonus Payment.” Such subject lines play to many end user’s chief concerns: their health and financial situation.
The country’s latest strategies are aimed at establishing guidelines for critical infrastructure and government institutions, while also encouraging businesses across industry sectors to follow cybersecurity best practices. With cybercrime posing a significant concern throughout the world, other countries would be wise to implement aspects of Japan’s approach that have proven to be successful.
Japan Amends Basic Act on Cybersecurity
In 2018, Japan’s Parliament announced that they were passing a bill to amend the 2014 Basic Act on Cybersecurity. The overarching goals of the 2014 Basic Act on Cybersecurity were to promote cybersecurity policy by specifying basic principles of national cybersecurity policy. This clarified the responsibility of Japan’s national government, local governments, and other relevant institutions. Organizations formulated cybersecurity strategies and developed a Cybersecurity Strategic Headquarters, for the purpose of effectively and comprehensively promoting cybersecurity policies.
The Basic Act on Cybersecurity aims to make companies responsible for establishing and promoting proper cybersecurity measures. This is specifically demonstrated in Article 7 which notes that cyberspace-related business entities, such as those involved with maintenance of the Internet and other advanced information and telecommunications networks; the utilization of information and telecommunications technologies; or involved in business related to cybersecurity, are to ensure cybersecurity voluntarily and proactively in their businesses and to cooperate with the measures on cybersecurity taken by the national government or local governments.
Before the global pandemic, the purpose of the amendment was to ensure proper cybersecurity measures while Japan hosted the 2020 Summer Olympics. This is likely due to the massive volume of cyberthreats that occurred during the 2016 Summer Olympics in Brazil. Sophisticated phishing attacks targeted employees associated with the Olympic Games. Attackers directly targeted the International Olympic Committee by setting up a malicious domain disguised as their Intranet portal.
Additionally, a major component of the Bill to Amend Basic Act on Cybersecurity is the creation of a dedicated council composed of national and local government agencies, critical information infrastructure operators, academia, and private sector organizations that promote cybersecurity measures.
Upgrading Cybersecurity in the Automobile Industry
After cyberattacks on Nissan (2017), Toyota (2019), and Honda (2020) affected Japan’s operations, the Japan Automobile Manufacturers Association (JAMA) launched a Cybersecurity Working Group under its Electronic Information Exchange Committee to collaborate on cybersecurity with various stakeholders. The purpose of this group is to develop more robust strategies and policies across the industry. Japan’s automobile manufacturers’ anticipated a rise in autonomous driving and are making strides to identify and proactively defend against threats that will arise with the increased adoption of Internet connectivity within automobiles.
Ministry of Defense Makes Investments to Counter Cyber Attacks
In January of 2020, Japan experienced a massive cyberattack against Mitsubishi Electric in which malicious actors exploited a zero-day vulnerability in Mitsubishi’s anti-virus software. The attack resulted in the potential leak of trade secrets. In the following months, Japan’s Ministry of Defense announced their plan to make significant investments to strengthen their country’s overall security posture. This includes obtaining a Cyber Information Gathering System that will collect information on the tactics, techniques and procedures (TTPs) leveraged in cyber attacks against the MoD or Self-Defense forces. Additionally, Japan’s investments would help them expand their Cyber Defense Group and further research on optimal cybersecurity solutions for network devices used by the Japanese military.
Votiro’s Solution Removes Possibility of Malware Infection and Protects Governments from Malicious Activity
Japan clearly understands the effects of cyber threats and has taken numerous measures to ensure future protection from these sophisticated attacks. While they’ve taken positive steps forward, Japanese government institutions —as well as governments around the world—should additionally invest in the most advanced security solutions that protect their enterprise data and critical systems. At the same time, they must prevent unauthorized individuals from gaining access. Unfortunately, hackers are constantly infiltrating corporate and government systems through email, web downloads and web applications, which have proven to be quite successful attack vectors.
Votiro’s Positive Selection Technology™ neutralizes such file-borne threats and prevents malware infection by copying all known good content from a file into a new, clean file template and leaving behind all malicious elements out of the file. As a result, individuals are able to interact with all documents and attachments without risk of malicious activity, ensuring that every file an organization receives is 100% safe. Votiro’s unique technology preserves the integrity and functionality of the files so business activity can continue as normal—and could go a long way toward restoring faith in cybersecurity despite Japan’s challenges.