Alerts to Company Executives to be Issued to Encourage them to Enhance Cybersecurity Efforts in Light of Situations of Recent Cyberattacks
December 18, 2020
Against the backdrop of continuous cyberattacks of increasing severity and origin, the Ministry of Economy, Trade and Industry (METI) decided to encourage company executives to further enhance their cybersecurity efforts. By identifying the characteristics and targets of recent cyberattacks and streamlining the points to notice to which companies, their related organizations and other entities should refer in conducting measures against cyberattacks.
(1) Rapid expansion of diversity of cyberattack patterns targeting supply chains in which SMEs are involved
In recent years, more and more cyberattacks take advantage of weakness of the supply chain networks of targeted companies. Business partners including SME’s and Japanese companies’ overseas entities may contain unguarded points in their networks. An increase in the number of teleworkers due to the effects of the novel coronavirus has also increased opportunities available to attackers.
(2) Rapid increase in the number of ransomware victims, regardless of size of the enterprise
The number of victims suffering from ransomware attacks using a so-called “double extortion” method is rapidly increasing in Japan. Attackers request a ransom not only for recovery of data that they have encrypted but also for non-disclosure of any stolen data.
The establishment of attackers’ ecosystems, in which they are able to provide ransomware and collect ransoms, allows attackers to easily execute such attacks without a need for enhanced skills.
(3) Overseas connections becoming targets of attackers to steal highly sensitive information.
As more and more companies advance their connections to overseas bases, and are connecting their domestic systems to overseas counterparts, attacks are increasing. Overseas bases with insufficient security measures are more likely to become a target for attackers to build routes of entry into domestic systems.
2. Alerts to business owners
- METI found that damages to companies caused by cyberattacks are becoming more serious and the results of such damages are also becoming more complicated. These situations require further commitment from company executives.
- Responses to damages caused by ransomware cyberattacks are directly related to trust in companies. Accordingly, these responses require the leadership of company executives in the process ranging from preparatory measures to post-incident measures.
- Company executives should establish global governance of their businesses taking cybersecurity into consideration.
- METI requests anew that company executives thoroughly conduct business activities in accordance with the Basic Three Actions that Companies should Take (“Share, Report, Announce”).
3. Related materials
- Alerts to Company Executives to Encourage them to Enhance Cybersecurity Efforts in Light of Situations of Recent Cyberattacks (summary) (in Japanese) (PDF:2,079KB)
Division in Charge
Cybersecurity Division, Commerce and Information Policy Bureau