【Table of contents】
- 1. What is Cyber Security?
- 2. Why do we need cyber security measures?
- 3. Questions about cyber security
- 4. Conclusion
-
1. What is Cyber Security?
Cyber security refers to the prevention of so-called "cyber-attacks," such as unauthorized access in the cyber domain and the theft, loss or alteration of electronic information caused by unauthorized access.
Cyber-attacks include the following examples, some of which you might have heard on the news.
・Information theft or falsification by viruses and spyware
・Theft of information by having people access phishing sites and enter their personal information.
・Theft or leakage of information due to unauthorized access to the server
・Bringing down a website by continuing to send malicious information that overloads the network.For example, personal information and confidential corporate information are traded at high prices on the black market, and money-related information, such as credit card information, is one of the most vulnerable personal information.
Information assets are now highly valuable to businesses, and cyber security is an essential part of protecting them.
-
2. Why do we need cyber security measures?
Once a cyber-attack occurs, the damage is enormous.
If personal or customer information is leaked, the amount of damages can be in millions, and if the system is stopped and business is unable to continue, the business itself becomes at risk. In addition, companies and organizations affected by cyber-attacks also lose the user’s trust.
Cyber security is what is needed to prevent these damages.
Of course, cyber security measures come with their own costs. However, the cost of countermeasures is cheap when you consider the possibility that a cyber-attack could cause significant financial and social damage. There are examples of well-known companies paying high rewards to outside white hackers (hackers working in "good faith") who find bugs in their systems.
That's why cyber-attacks are so familiar to companies, and they want to prevent them at all costs.
-
3. Questions about cyber security
We've covered cyber security briefly so far, but we'll go further and answer some of the most common questions.
-
a) What should we do for cyber security measures?
Cyber security is not only for large companies and government agencies, but also for small and medium-sized businesses, SOHOs and individuals. However, there are many people who don't know where to begin with, even if they are told to take cyber security measures.
- 【Step1】System maintenance such as anti-virus, vulnerability, and gateway measures
If you are a company, the first step is to understand the current state of your cyber security measures and implement systems that are lacking. Instead of thinking that "it’s okay because you’ve already installed the anti-virus software", it is important to discuss and check whether your system is okay with the current countermeasure or not.For example, the following security concerns need to be addressed
・OS or software security patches have not been applied or are no longer supported.
・An unknown virus or spyware enters
・Become a target of a targeted attackIf you are unsure about the cyber security measures you need to take, it's a good idea to ask an outside expert to investigate and consult with you.
- 【Step2】Periodic review of measures by PDCA cycle
Don't think that just because you have a system in place, the measures are over. It is also important for security personnel to think about security measures over the long term through the PDCA (Plan, Do, Check, Action) cycle.In cyber security, there is a need to periodically check whether the installed system detects and prevents cyber-attacks, and if there are any deficiencies, you need to take separate measures and check the detection status again and so on.
For this reason, knowledge of system operation is essential.
In addition, when a virus or cyber-attack is detected, it is important to keep a history of the circumstances and countermeasures that can be used in the future.
In order to counter increasingly complex cyber-attacks, cyber security measures need to evolve as well.
- 【Step3】Establish a response plan in advance
Nevertheless, there are times when damage may occur due to overlooked countermeasures or unknown cyber-attacks. In order to prepare for such cases, it is also important to establish a response plan in the event of an incident. It's like an evacuation drill in the cyber domain.In case of an attack, the response will be smoother if the level of damage is set according to the scale of the damage and how to act according to the level.
For example, in addition to the measures to be taken in the event of damage to customers due to information leaks, it is a good idea to include how to recover damaged IT assets such as servers and computers, as well as the time and procedures for recovery.
- 【Step1】System maintenance such as anti-virus, vulnerability, and gateway measures
-
b) Is cyber security different from information security?
One word that is often confused with cyber security is "information security". One of the many definitions of these is the phrase "cyber security is inclusive of information security".
Cyber security is often defined as the protection of electronic information in cyberspace, and cyber security measures are limited to the cyberspace. For example, it is limited to measures that are taken on the system, such as the malware and unauthorized access measures listed above, and even digital forensics.
In contrast, information security, in the broadest sense of the term, involves the use of physical security measures to protect information. For example, a room or server room with sensitive information may be locked up so that only certain employees can enter, or a replication server may be installed in case of a disaster.
For information security, it is also necessary to build a system for long-term information security measures, such as raising employee awareness, clarifying responsibilities within the organization, and maintaining rules and manuals.
-
c) What is the Basic Act on Cyber Security?
The basic act on cyber security was enacted in 2014.
In response to a spate of serious information leaks caused by cyber-attacks on large companies and other entities, the National Cyber Security Act was enacted to address cyber security as a nation.The basic act on cyber security has the following purpose.
・Improving economic and social vitality and sustainable development
・Realization of a society in which all citizens can live with safety and security
・To ensure the peace and security of the international community and to contribute to the security of Japan.The organizational structure was also strengthened, with the establishment of the National center of Incident readiness and Strategy for Cybersecurity (NISC) in addition to the Cyber Security Strategic Headquarters headed by the Chief Cabinet Secretary.
Please note that the basic act on cyber security has been amended several times in accordance with the social situation. In order to cope with cyber-attacks, which are becoming more diverse and complex every day, it will be necessary to review the content of the act every step of the way.
-
-
4. Conclusion
Cyber security will become more and more important not only for companies and organizations, but also for individuals.
This is because in today's digital age, the risk of damage from the exchange of electronic information such as cashless payments, online shopping and personal authentication services is only increasing.In particular, it is urgent for companies to take the following steps to plan their cyber security measures.
・System maintenance such as antivirus, vulnerability measures, and gateway measures.
・Periodic review of measures by the PDCA cycle
・Establish a response plan in advance
