Estimated Read Time: 5 minutes
Threats from cyber-attacks continue to grow globally. Any company, regardless of size or industry, can now be the target of an attack. Particularly in Japan, the number of cyber-attacks is increasing at an alarming rate. According to the NICTER Observation Report 2022, the number of cyber-attacks increased 227% in the five years from 2018 to 2022.(i)
Naturally, there is a high degree of concern that Japan's major infrastructure is vulnerable to attacks from criminal organizations and government organizations in other countries. In response, the Japanese government mandated on December 20, 2021 that 14 sectors, including finance, telecommunications, aviation, and railroads, be prepared for cyber-attacks.
To protect important and confidential corporate information and prevent economic losses due to cyber-attacks, companies need to formulate appropriate cybersecurity strategies and be proactive in taking countermeasures. In this issue, we will provide some tips on how to develop an effective cybersecurity strategy.
Why your cybersecurity strategy is needed now
Reason #1: The pandemic has fostered the growth of remote working, and is gaining in popularity
Remote working has spread rapidly in Japan – with many companies continuing to offer remote working post-pandemic. However, personal networks are exposed to many threats, increasing the need for cybersecurity.
Reason #2: Acceleration of DX and widespread cloud migration
Since the spread of the new coronavirus infection, digitalization has accelerated in all aspects in Japan, and the use of cloud services has increased dramatically. However, operating from the cloud increases the risk of cyber-attacks if done incorrectly: according to a PWC global survey, 58% of organizations have experienced a cyber-attack on their cloud OS.(ii) In addition, robust security measures are necessary because the types of attacks can be expected to take almost any form.
Reason #3: Cyber-attack technology is evolving
Recent cyber-attacks have become more sophisticated with the use of cutting-edge technological tools. Phishing attacks, ransomware, SQL injection, and DoS attacks are becoming more sophisticated, and the number of victims is increasing. Simply installing firewalls and antivirus software is not a sufficient countermeasure. It is essential that not only the IT department but also the entire organization work on cybersecurity, including specialized training for all employees.
5 tips for building an effective cybersecurity strategy
Although developing a cybersecurity strategy is critical to enhance security, according to a survey report jointly conducted by Sophos and Tech Research Asia (TRA), companies that answered that they have "sufficiently optimized their cybersecurity" in 2021 are "fully optimized for cybersecurity" in 2021, compared to 18% of all companies.(iii) In addition, more than half of the companies said that they last reviewed their cybersecurity strategy more than 12 months ago.
It is difficult for many companies to develop an appropriate cybersecurity strategy and review it on a regular basis. However, by following the points below, it is possible to formulate an optimal cybersecurity strategy and brush up regularly.
1. Review digital assets
Anything that could be compromised or exposed by a cyber-attack or security incident should be included in your assets. This includes data as well as devices and other peripherals. Also remember to include remote workers' assets and data. The life cycle of data assets, where they are stored, how they are moved, and how they are used should also be recorded and understood.
2. Assess the risks
Assess the security risks of your organizational structure, internal systems, and internal systems. This will allow you to identify vulnerable areas and analyze the status of countermeasures. At this time, industry-specific risks should also be identified.
3. Establish security standards
Consider obtaining certification to an international standard for information security management systems (ISMS), such as ISO/IEC 27001. In addition to gaining external trust, this will enable you to establish a system to prepare for security incidents, information system failures, and disasters. In addition, clarifying responsibility and authority for security measures can help to make all employees aware of and accountable for cybersecurity. It may also be effective to establish industry-specific standards, e.g., PCI-DDS.
4. Consider the balance of human resources and budget
One of the challenges many companies face regarding cybersecurity is the lack of budget and human resources. If limited resources are not used efficiently, cybersecurity cannot be enhanced. This can be an uphill battle, but consider the following as you develop your strategy:
- Get advice from a cybersecurity expert on your budget
Cybersecurity is an important issue that can affect the survival of your company, but it is not a directly profitable sector. To secure the necessary budget for security measures, you will need to clearly convey to senior management the risks and help them understand the importance to secure their buy-in. The knowledge and experience of experts is also very important to prioritize where and what measures are needed now.
- Use third-party vendors and technologies such as AI to fill gaps in human resources
Developing and maintaining a cybersecurity strategy and providing training to employees are difficult and not appropriate to outsource. However, for operations, it may be possible to leverage third parties and technology to reduce the need for in-house support.
- Create a cybersecurity team and clearly identify responsibilities and roles for task personnel
It is very important to have a person in charge of cybersecurity with cybersecurity skills in the company to establish and maintain security measures. Without a dedicated in-house team, you will not be able to effectively educate and train other departments or properly align security needs with business goals. Establish a security team and clarify the responsibilities and roles of each person in charge.
5. Implement and align the strategy with business goals
Once points one through five above have been addressed, create a project plan to implement your cybersecurity strategy. At this point, identify the requirements for your core security needs, and ensure they align to the business goals. Specifically, create the following:
- Create a cybersecurity policy:
- Agree on response methods and procedures in the event of an actual cyber-attack. Include data privacy policies, precautionary measures, and disaster recovery plans.
- Create ongoing best practices.
- Create a training plan for employees.
- Educate your teams to ensure everyone knows that security is each person's responsibility.
- Periodically re-evaluate the cybersecurity strategy framework to optimize your measures and approach.
All companies today, regardless of industry or business size, are exposed to the risk of cyber-attack. Build the best strategy with the help of security experts to ensure the trust and sustainability of your company.
If you are concerned about hiring cybersecurity professionals, please contact Robert Half. We will listen to your company's vision and expectations, and then recommend the best staffing solution for your company.
(i) National Institute of Information and Communications Technology (2023, February 14). NICTER Report 2022. Cybersecurity Laboratory. Retrieved February 21, 2023, from https://csl.nict.go.jp/
(ii) PWC (n.d.). 2022 Global Digital Trust Insights. Retrieved February 12, 2023, from https://www.pwc.com/jp/ja/knowledge/thoughtleadership/2022-global-digit…
(iii) SOPHOS (n.d.). 日本およびアジア太平洋地域におけるサイバーセキュリティの展望第 2 版. Retrieved February 12, 2023, from https://assets.sophos.com/X24WTUEQ/at/f5hk3trq3fn5mqpzs4xv5sqr/sophos-f…