Cyber security you should know
As the number of unauthorized accesses and cyberattacks from the outside continues to increase around the world, the term "cybersecurity" has been widely reported in the news.
However, even if we say cyber security in one word, there are many words that are easy to confuse, such as conventional information security and internal security, and as a result, it is not uncommon that the necessary measures are not taken. In this article, we will explain the information dissemination and cyber security knowledge required as a service provider.
- What is cyber security
- Latest trends in cyber security
- Three necessary measures for cyber security
- 3-1. Technical measures
- 3-2. Physical measures
- 3-3. Personnel measures
- summary
- What is cyber security
- Cybersecurity is defined in Article 2 of the Cybersecurity Basic Law enacted in November 2014.
■The Basic Act on Cybersecurity (Act No. 104 of 2014)
Article 2 The term "cybersecurity" as used in this Act shall mean information recorded by electronic, magnetic, or other methods that cannot be recognized by human perception (hereinafter referred to as "electromagnetic methods" in this Article), or To prevent leakage, loss or damage of transmitted, transmitted or received information, take necessary measures for the safety management of such information, and ensure the safety and reliability of information systems and information communication networks. Necessary measures (measures necessary to prevent damage caused by illegal activities on computers through information communication networks or recording media for records made by electromagnetic methods (hereinafter referred to as "electromagnetic recording media")) ) is taken and its condition is properly maintained and managed.
In summary, it is to prevent unauthorized access to your computer (PC) and published websites, etc., and to prevent leakage and alteration of stored information in the event of a breakthrough. It means general security measures to maintain the confidentiality, integrity and availability of IT information.
- Latest trends in cyber security
- Today's cyber security situation is changing dramatically with new risks and threats appearing on a daily basis. In addition, in a highly organized information society, even now, the number of people is increasing enormously through various platforms such as websites, blogs, and SNS.
From 2017 to 2018, incidents that occurred due to failure to comply with cyber security included ransomware damage, supply chain attacks, the spread of business email fraud, and serverless (cloud) attacks. It is
Looking back on this unexpected cybersecurity incident, it's understandable to feel anxious. In such a situation, it is necessary to obtain the latest information from reliable sources. We recommend that you check the latest cyber security trends on the following websites.
2-1. Information-technology Promotion Agency (IPA)
Information-technology Promotion Agency (IPA) is an independent administrative agency under the jurisdiction of the Ministry of Economy, Trade and Industry established to support domestic IT-related strategies. New information and security information are updated on the "Information Security" page of the IPA site almost every day. A wealth of information is provided as a guideline for how to proceed with information security measures as a country. It is one of the sites that I would like to check regularly as an information security officer of a company.
https://www.ipa.go.jp/security/index.html
2-2.National Cyber Security Center (NISC)
The Cabinet Cyber Security Center (NISC) was established in the Cabinet Secretariat based on the Basic Act on Cyber Security enacted in 2014. The organization itself is divided into several groups to carry out activities. The site mainly distributes activity reports and event information of conferences and meetings held by the Japanese government. If you want to get information on national strategies specific to cybersecurity, you should check out the NISC site.
https://www.nisc.go.jp/
2-3.JPCERT/CC
JPCERT/CC publishes information on incidents such as security attacks and service interruptions that have actually occurred on the Internet. In particular, it is characterized by being the first to provide information on vulnerabilities in software and services. The published information describes in detail the version information of the software and services that contain the vulnerability and the specific impact.
You can prevent security incidents from occurring by checking whether your company is using the software or services for which vulnerabilities are distributed on this site.
https://www.jpcert.or.jp/
- Three necessary measures for cyber security
- So, what exactly do you need for cyber security measures?
We will explain the three general classifications of "technical measures", "physical measures", and "human measures".
3-1.Technical measures
Technical measures include the introduction of security products and the implementation of measures to prevent intrusions.
It is also important to list and visualize the measures to be implemented as much as possible.
It may not be possible to implement all measures immediately, so let's start with the minimum necessary measures. By repeatedly discussing which measures can be implemented within the company, it is possible to reaffirm the problems in cyber security measures.
<Examples of technical measures>
・Install anti-virus software on your PC
・Introduction of IDS/IPS
・Introduction of WAF
・Regular update of the software used
・Implementation of security diagnosis
・Create a system that is conscious of not exposing vulnerabilities
Some can be implemented only by internal efforts, while others use external services and products. It is important to find out what is right for your company.
3-2. Physical measures
Physical measures refer to measures against physical factors such as theft and disasters.
I don't know if it can actually happen, but let's assume the worst and take measures.
<Example of physical measures>
・Installation of security cameras
・Thorough locking of employee desks
・Thoroughly lock the office
・Management of entry/exit records
・Introduction of biometric authentication system
・Reinforcement of earthquake resistance, introduction of earthquake-resistant equipment
3-3. Personnel measures
Human measures are measures that set rules for security.
In addition to setting rules, it is also important to hold briefing sessions and other training to ensure that employees comply with them.
<Example of human measures>
・Restrictions on taking work home
・Set rules for password management
・Education about targeted emails
・Implementation of security education
・Determination of communication and reporting system in the event of an incident
Safety can be further improved by implementing three measures: technology, physics, and people.
- summary
- In this article, we briefly explained trends in cyber security and what measures should be taken. I believe that understanding cyber security is necessary for individuals and organizations to protect themselves.
Also, you are not the victim, but the perpetrator, causing trouble to others. In addition to attacks on servers and personal computers, there is also the possibility of being directly deceived or damaged by e-mails and messages.
We would appreciate it if you could keep in mind that those who think they cannot be deceived or who think that they will not be harmed are more likely to be harmed when they are attacked by a malicious third party.
In the midst of the shortage of security personnel, we are always collecting as much information as possible, not to mention the information on the web, and we are gradually trying to find out what tricks are available and whether our computers and smartphones are up to date. It's also important to be aware.