AGL 40.09 Increased By ▲ 0.09 (0.23%)
AIRLINK 131.50 Increased By ▲ 1.97 (1.52%)
BOP 6.82 Increased By ▲ 0.14 (2.1%)
CNERGY 4.52 Decreased By ▼ -0.11 (-2.38%)
DCL 8.80 Decreased By ▼ -0.14 (-1.57%)
DFML 42.30 Increased By ▲ 0.61 (1.46%)
DGKC 84.00 Increased By ▲ 0.23 (0.27%)
FCCL 33.11 Increased By ▲ 0.34 (1.04%)
FFBL 76.70 Increased By ▲ 1.23 (1.63%)
FFL 11.95 Increased By ▲ 0.48 (4.18%)
HUBC 109.51 Decreased By ▼ -1.04 (-0.94%)
HUMNL 14.27 Decreased By ▼ -0.29 (-1.99%)
KEL 5.51 Increased By ▲ 0.12 (2.23%)
KOSM 8.21 Decreased By ▼ -0.19 (-2.26%)
MLCF 39.50 Decreased By ▼ -0.29 (-0.73%)
NBP 64.00 Increased By ▲ 3.71 (6.15%)
OGDC 197.60 Decreased By ▼ -2.06 (-1.03%)
PAEL 25.90 Decreased By ▼ -0.75 (-2.81%)
PIBTL 7.62 Decreased By ▼ -0.04 (-0.52%)
PPL 156.80 Decreased By ▼ -1.12 (-0.71%)
PRL 26.30 Decreased By ▼ -0.43 (-1.61%)
PTC 18.01 Decreased By ▼ -0.45 (-2.44%)
SEARL 81.46 Decreased By ▼ -0.98 (-1.19%)
TELE 8.10 Decreased By ▼ -0.21 (-2.53%)
TOMCL 34.10 Decreased By ▼ -0.41 (-1.19%)
TPLP 8.80 Decreased By ▼ -0.26 (-2.87%)
TREET 16.78 Decreased By ▼ -0.69 (-3.95%)
TRG 59.08 Decreased By ▼ -2.24 (-3.65%)
UNITY 27.70 Increased By ▲ 0.27 (0.98%)
WTL 1.45 Increased By ▲ 0.07 (5.07%)
BR100 10,580 Increased By 173.3 (1.67%)
BR30 31,633 Decreased By -80.5 (-0.25%)
KSE100 98,770 Increased By 1441.9 (1.48%)
KSE30 30,754 Increased By 561.1 (1.86%)

Apart from rogue hackers, criminal organisations or even state-backed cyber warfare units, Japan's businesses and government agencies are facing a unique cyber security foe: themselves.
Even with the frequency and severity of cyber attacks booming world-wide, efforts by the world's No 3 economic power to improve its data security are being hobbled by a widespread corporate culture that views security breaches as a loss of face, leading to poor disclosure of incidents or information sharing at critical moments, Japanese experts and government officials say.
Improving cyber security practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defence contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs.
Toshio Nawa, a top Japanese security consultant who is advising the Tokyo 2020 Olympics organisers, said he encountered a telling instance this summer when he was called to investigate a breach at a major Japanese government agency.
Nawa found that five different cyber security contractors employed by the agency had discovered the breach? But that not one reported or shared their findings.
With evidence from the contractors pooled together, Nawa matched the digital fingerprints to a Mexican group that he believes was responsible for a previous attack on Japanese diplomatic servers. The breach was patched, but Nawa walked away flustered.
"In the U.S., if they find a problem, they have to report," he said. "The Japanese engineer feels he fails his duty if he escalates a report. They feel ashamed."
To be sure, the cyber security industry around the world, not just in Japan, frequently echoes the call for greater transparency within and among organisations. The U.S. Senate last month passed the Cyber security Information Sharing Act to ease data sharing between private companies and the government for security purposes, although civil liberties advocates warned it posed a threat to privacy.
But the problem may be particularly acute for Japan's private sector behemoths and government ministries? Sprawling bureaucracies wrapped in a "negative culture that cuts against wanting to communicate quickly," said William H. Saito, the top cyber security adviser to Prime Minister Shinzo Abe.
While rank-and-file workers fear reports of security lapses may get them punished, the problem reflects a broad lack of understanding of cyber security in the Japanese C-suite, Saito said in an interview on the sidelines of the Cyber3 conference in Okinawa.
"This is Japanese culture where in some situations the upper management doesn't know how to use email and IT integration is voodoo magic," said U.S.-born Saito, also an executive at Palo Alto Networks, a security firm. "The reality is companies either have been hacked or will be hacked. My message is, 'It's not your fault.'"
In 2013, the latest year of available data, the Japanese government network faced an eightfold increase in cyber attacks from two years prior, with attacks spreading into civil infrastructure, as well as the telecommunications and energy sectors.
Against that backdrop, the Abe administration has pinpointed the 2020 Tokyo Olympics as a chance to upgrade Japan's national security capabilities while calling for a more hands-on government role to nudge companies to take cyber security seriously.
A Cabinet-level cyber security agency in September published a strategy paper that proposed, among other things, extending government-run cyber security classes to companies, awarding financial incentives for firms that demonstrate improved security capabilities and requiring companies to fill a chief cyber security officer role.
The Cabinet report also highlighted the issue of disclosure, saying "it is essential to relieve (network) operators' psychological burden of possibly losing credit or ruining reputation of their business if providing information to others."
Jim Foster, a former U.S. diplomat and Microsoft Japan executive who heads the Keio International Center for the Internet and Society in Tokyo, said the fast-evolving threat of hacking poses a looming challenge for Japanese industry, which never developed a deep pool of cyber security expertise with active exchange of ideas and know-how.
"Japanese companies grew up too big too quick and didn't have to cooperate or rely on outside expertise," he said. "But now there's this new threat unlike anything else and things suddenly get difficult."
But changing habits is hard, said Nawa, the security adviser for the Olympics, who is now holding simulations and educational sessions around the country, where he emphasises to security engineers? Who do not necessarily lack technical chops? The importance of sharing findings and speaking up when they spot a problem.
He said he uses a simple mantra on the training circuit: "What I say is: 'Please remove your pride.'"

Copyright United Press of Pakistan, 2015

Comments

Comments are closed.