How is Japan embracing the relevance of cyber security?
Last month, Computer Futures partnered with Security Days Tokyo – a major cyber security event attracting close to 12,000 visitors. Computer Futures had a booth at the event and it was very exciting to see the growing interest of many enterprises in cyber security.
Varun Sancheti, Manager of Computer Futures stated that "this has been our third consecutive year sponsoring such a major cyber security event. Computer Futures is proud to be the only recruiting company at the event and it was great to catch up with many of our clients and learn about the ever-evolving cyber security technologies.”
Event overview and highlights
Amongst the 30 sessions held over the three day conference, 14 of them featured counter-measures against data breaches. With the advent of digital transformation within the workplace and confidential company data being stored in digital form – it is of utmost importance that key business information such as customer relations is safeguarded and protected.
Another popular topic at the conference was responding to targeted cyber-attacks such as phishing. The National Police Agency of Japan recently announced that the number of targeted cyber-attacks over 2018 was the highest ever with 6,740 reported cases. Cyber-attacks are becoming more sophisticated by the day and protecting company data against cyber threats should therefore be prioritised by every business to ensure their sustainability.
However, one thing we have to bear in mind is that many data breaches are caused by deliberate human error rather than technology. For example, one of the biggest data breach incidents in Japan was Benesse – a leading education and publishing company. This data breach was deliberately caused by a contract system engineer and as a result, more than 200 million pieces of personal customer information were breached in 2014. The company compensated the customers by reducing their service fee and handing out vouchers, which cost up to 20 billion JPY (200 million USD). It also damaged the company’s credibility, resulting in 26% decrease in the number of registered members and nearly 100 million JPY negative earning over the following year. This goes to show that it is essential to raise awareness about cyber-attacks within the workforce through training programs and routine compliance exercises.
Further to the above, a number of industry-leading companies introduced their products in the exhibition area of the event. We note the following examples:
・ Cybereason – Endpoint Detection and Response (EDR), a cyber-attack prevention platform for enterprises that use AI
・ Fire Eye – A platform for targeted cyber-attack counter-measures
・ Dark trace – A cyber defence solution using AI algorithm inspired by human immune system
・SecureWorks – An intelligence-driven, next-generation security solutions based on accumulated experience
・ Cyfirma – Next-generation cyber threat intelligence that analyses information from the attacker's planning phase to the execution phase on its own platform and predicts the cyber threat that may occur to a specific company
・ ASK – A security solution for centralised management of Internet of Things (IoT) that is poorly recognised
Awareness of cyber security in Japan
According to the 21st CEO survey conducted by Big 4 firm PwC – only 24% of respondents were “very concerned” with cyber threats to their organisation’s growth in 2014; compared to 40% in 2018. This 16% increase indicates that more CEOs are perceiving cyber threats as a critical disruptor of the business.
This prompts the question – what actions can companies take to protect themselves against cyber threat? Information-technology Promotion Agency (IPA), a research organisation which analyses trends in the IT sector, has published a report of 10 guidelines on how a business can consider implementing cyber security:
1. Recognise cyber security risks and formulate an organisational policy
2. Build a cyber security risk management system to clarify the duties of each team
3. Secure resources (budget, human resources, etc.) for cyber security measures
4. Create a plan for understanding cyber security risks and dealing with them
5. Construct a mechanism to respond to cyber security risks
6. Implement the plan-do-check-action cycle in cyber security measures
7. Develop emergency response system when an incident occurs
8. Promote supply chain security measures
9. Understand measures and situations of the entire supply chain including business partners and outsourcing vendors
10. Acquire attack information through participation in information sharing activities and its effective utilisation and provision
Based on the conversations we had with customers at our Computer Futures booth, many companies have room for improvement in the cyber security space. For example, formulating policy in regards to cyber security risks as mentioned above at item 1. Another feedback received was that management relied too much on the IT department or outside vendor to handle cyber risks. Whilst the IT department or vendor are responsible for technical issues, management should demonstrate greater commitment and engagement towards their company policy regarding cyber threats.
How is Japan responding to the cyber security trend?
Many companies have encountered a shortage of securing cyber security talent to assist in the implementation of cyber security measures in their business. According to NRI Secure Insight 2018, a global survey conducted by Nomura Research Institute (NRI), 86.9% of survey respondents in Japan reported they lack cyber security specialists in their company. However, NRI advised that the cyber security shortage can be eased with proper automation, optimisation of security-related process, and correct allocation of security-related tasks.
Varun Sancheti further added that “the cyber security market continues to grow with a huge increase in demand for cyber security professionals". The shortage of cyber security professionals is further compounded by the work culture in Japan whereby people are more conservative and prefer to stay in a permanent role for a long period of time. As a result, software engineers who could have transitioned their transferable skills to a cyber security role would never realise how valuable their talent could be in a different industry. Building more fluid environment in terms of people’s choice of jobs could be another element to address the talent shortage.
Ever thought of joining the cyber security market?
As stated by Varun Sancheti, "we are proud to be leading the cyber security recruiting for many of the key market players with the cyber and network security vertical”. Our cyber security specialists at Computer Futures are specialised in niche technology markets and have the expertise and market knowledge to help you find your next cyber security role or your next talent. If you are have any enquiries related to the cyber security market, please don’t hesitate to contact us. You can also learn more about what we do by checking our website and LinkedIn page for industry updates.