Japan counts 117.6 million Internet users and more than a hundred thousand of cybercrime cases every year. Attacks are becoming more frequent but also more effective and destructive. Many types of criminal activities exist: hacking, phishing, denial-of-service attack, infection with malware, identity fraud, electronic theft, etc. Even though Japan is known as a technology and innovation leader, it remains late in cybersecurity. Why is it so? Let’s review the situation.
Why Cybersecurity is Essential
Cyberthreats should not be taken lightly since personal and financial data can be stolen, causing damage to a brand’s reputation at the same time. The number of cases is increasing every year as the world becomes more digital. According to the National Police Agency (NPA), there were around 130 thousand cases in 2017 in Japan. The Japanese police, however, successfully investigated 9,040 cases only. The total cost worldwide is huge, and Japan is not spared.
“Average consumer costs caused by cybercrime incidents worldwide, 2nd half of 2017 (in U.S. dollars)” – Statista.
“Cybercrime with the highest amount of victim losses in 2018, by type (in million U.S. dollars)” – Statista.
Having a good protection system is even more important with the coming 2020 Summer Olympics and Paralympics. A great number of Japanese officials participated at a conference about cybersecurity, including a tabletop exercise (TTX) which helped to prepare cybersecurity teams for the big events coming. Large scale attacks are more complex, costly and must involve both private and public sectors.
Who Is Targeted?
Everyone is a potential target, but the biggest ones are small businesses, the healthcare industry, law firms, personal devices and financial institutions, according to eTeam in 2018. Large corporations and governments are also at risk. In 2017, the Japanese Ministry of Defense suffered an attack. In 2020, a cyberattack on Mitsubishi Electric (an important supplier of defense and structure system for the government) exposed again the Ministry since the company converted official papers into PDF and stocked them even though they were not allowed to do so – according to the Ministry.
Besides, a cyberattack from a foreign government is considered as the beginning of cyberwar, but every country has a hard time figuring out when it can be considered as an attack or not and how to respond accordingly. Russia, China and North Korea target Japan because it is technologically, economically and militarily threatening.
Why Is Japan Late?
Yes, Japan is technologically advanced, but its cybersecurity system is quite bad. First, according to the Asia-Pacific Defense Outlook 2016, Japan is vulnerable because of its number of mobile phone owners, not secured Internet servers, frequency of Internet use, etc. Japan is therefore, with 4 other countries (Singapore, Australia, New Zeland and South Korea, the “Cyber Five”), 9 times more likely to suffer cyberattacks than other Asian countries.
Also, even though the archipelago is vulnerable, the fear of mistakes and failure prevents many organizations and companies from responding quickly and effectively. Both in the private and public sectors, people prefer hiding the attack than focusing on solving the problem quickly. In the same way, Japanese fear risks, so few people are ready to insist on the important threat that cyberattacks represent. People also prefer keeping quiet when there is a danger since Japan is a competitive country, where people want to achieve their personal and professional goals.
But more important, Japan is lacking professionals. With the aging population and the fact that women are traditionally housewives or working as, for example, secretaries or sales assistants, talents are more than needed in cybersecurity. Besides, seniors don’t know about cyber threats and are often targeted. Young people are also unaware of what cybersecurity really is since they learn to program in universities only, if never. How can they know that they want to work in this field if they are not exposed to it? Besides, businesses consider it as an additional cost, so don’t set up a huge budget for this, while it should be one of the foundations of any company.
At a governmental level, policymakers work only 2 years in the same position, which is not enough to think about long-term policies (or even to be trained, since some of them knew nothing about cybersecurity before being in charge of this sector). A scandal in November 2018 also involved the minister in charge of cybersecurity, Yoshitaka Sakurada, who had not used a computer since he was 25 years old. He was 68 when he admitted it, as when he said that he did not know what a USB drive was.
Fortunately, Japan is catching up thanks to new legislation planned for this year and new training centers, programs or partnerships between the government and private firms.
Reference: wisdom.nec.com/en/technology/2017120601/index.html www.japanindustrynews.com/2017/01/japans-approach-tackling-cybersecurity-challenges/ investingnews.com/daily/tech-investing/cybersecurity-investing/why-is-cybersecurity-important/ thediplomat.com/2017/12/preparing-for-cyber-attacks-on-japan/ iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan thediplomat.com/2016/04/japans-achilles-heel-cybersecurity/ www.bankinfosecurity.com/interviews/cyber-crime-new-threats-new-targets-i-484 www.eteam.io/blog/targets-for-cyber-criminals-2018 www.cisomag.com/japan-confirms-defense-data-breach-after-cyberattack-on-mitsubishi-electric/
