This is the fourth installment of a series.
There have been a number of cases of unauthorized access online, with one high-profile example being a hit on Seven & i Holdings Co. last year.
After launching the 7pay smartphone-based cashless payment service in July, the company was forced to suspend it at the end of September after suffering numerous security breaches that caused financial damage to its users.
In late December, CyberGym Control Ltd. held a cybersecurity course at an office in Tokyo, in which participants observed countermeasures being conducted against a hypothetical attack on an infrastructure system using a model of a power plant that had been set up in the room.
A piercing alarm rang out as the power plant’s red lights came on, signaling an anomaly and indicating that the plant had been the target of a cyber-attack.
The eight participants, who were engineers in their 20s to 40s from major companies, were enrolled in the two-month course that costs ¥2.5 million per person.
“This program teaches me about malfunctions that are results of attacks and other situations in detail,” one participant in his 30s said.
Other courses are also offered by the Israeli company, including two-day one that costs ¥700,000 per person. Seats in the courses usually sell well.
“The risk of cyber-attacks is growing every year,” said Takahiro Matsuda, 59, head of CyberGym’s Japan branch, citing growing awareness as a factor behind the increased interest in cybersecurity courses.
With the development of the digital economy and data-derived practices such as the use of consumers’ purchase histories, cyber-attacks have become increasingly sophisticated.
In 2017, a virus called WannaCry spread around the world, preventing users from accessing data on their own computers and demanding a ransom in exchange for restored access.
Japanese companies were among those that were hit by the virus. And in 2018, the value of crypto-assets lost to hacking totaled about ¥67.7 billion.
Are cyber-attacks preventable? Hitachi Ltd., Keio University and Chubu Electric Power Co. have been conducting research on ways to recognize signs of impending attacks.
Although businesses monitor their own networks for suspicious incoming traffic, potential problems can be “hidden within large volumes of normal traffic, which makes it difficult to distinguish,” a Hitachi official said.
In a test conducted last year, the three facilities found that traffic directed toward unused IP addresses were more likely to contain suspicious content.
When analyzing daily logs of 20 million transmissions to the university and the utility company, they were able to identify instances of suspicious traffic through commonalities among the transmissions.
If these findings are put into practical use, then attacks that are difficult to identify, such as those targeting specific organizations, may be able to be detected and prevented in advance.
Japan subject to threat
The Japanese language’s lower global profile compared to English has been presumed to make Japan less likely to suffer cyber-attacks from other countries. However, recent advancements in translation technology have made websites in Japanese more easily understandable to hackers overseas, making individuals and small and medium-sized businesses subject to attacks.
Nonetheless, Japan faces a shortage of professionals with information security skills and expertise. The government estimates that Japan would suffer a shortfall of 190,000 such workers this year.
“Awareness of the threat posed by cyber-attacks is still low among corporations and the public. In addition to efforts by the private sector, we need the government to take steps to deal with this issue,” Toshio Nawa, 48, senior analyst at Cyber Defense Institute Inc., said.
Games a major target
This year’s Tokyo Olympics and Paralympics will be put to the test over how well the Games are prepared for cyber-attacks, as international events are often targeted by hacker groups.
During the 2012 London Olympics, the official website alone was the target of over 200 million attacks. Four years later, the Rio de Janeiro Olympics reportedly found more than 200 major DDoS attacks, which involve the transmission of large quantities of data to servers.
Furthermore, at the 2018 Winter Olympics in Pyeongchang, South Korea, some systems went down just before the opening ceremony, causing a temporary inaccessibility of the official website, among other problems. Cyber-attacks totaled about 600 million in the four months leading up to the Olympics, and about 5.5 million during the Games.
For Tokyo’s sports extravaganzas, the Japanese government has been working on countermeasures with the private sector. “We will do everything we can to make sure to safeguard the management of the Games,” Akira Saka, 62, who is in charge of cybersecurity at the Tokyo organizing committee, stated.