News

  • Report

Share

Facebook Twitter linkedin
2018.07.25

Cyber Security Cloud, Inc. announces web security awareness campaign for the summer holidays 2018 based on its attack detection report

Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo, CEO: Akira Ohno, hereinafter referred to as "Cyber Security Cloud") has compiled a list of measures to take during long holidays based on the cyber-attack situation observed using Cloud-based WAF "Shadankun" provided by our company.
By publishing this report, we hope to raise awareness of cybersecurity among companies.

■Table of contents:
1. Introduction
②Cyberattacks during long holidays
3. Pre-holiday measures
④ Post-holiday preparations
⑤ Conclusion (Summary)

■Introduction:
During long holidays (year-end/New Year's, Golden Week, summer holidays), system administrators and external vendor staff are absent for long periods of time, which means that if damage from a cyber attack occurs, it may be prolonged, unlike normal times. This press release uses data from Cloud-based WAF "Shadankun" to warn of the situation during long holidays.

■ Cyber attacks during long holidays

Trends in the number of attacks detected from August 1 to August 31, 2017 (by country of origin)

The cyber attack situation during the summer holidays in 2017 is as shown in the figure above.
There was no increase in the number of attacks during the typical Obon holiday period (August 11th to August 15th, 2017). However, since the number of attacks did not decrease significantly from the number before the summer holidays, it can be said that it is important to take preventative measures when the person in charge is absent.
Additionally, a rise in attacks was observed in the first week after the Obon holiday (after August 17, 2017). This was due to a temporary rise in attacks originating from the Netherlands in 2017. However, no major global events were identified during this period, and the reason for the increase in attacks originating from the Netherlands is unknown.

■Pre-vacation measures:
①Confirmation of emergency contact system and contact details
Considering the unlikely event of an emergency, confirm the emergency contact system and response procedures. This includes not only your own company but also collaboration with external companies, including outsourced companies.
To prevent situations where a person in charge is traveling overseas and cannot be contacted during their vacation, it is necessary to clarify the whereabouts of each member during their vacation. Also, to ensure a smooth response in the event of a serious incident or a vulnerability being discovered in the system being used, it is important to establish a contact flow and authority to decide who has authority. Also, make sure to confirm that there have been no changes to emergency contact information.
② Turn off the power of devices you are not using
It is recommended that you turn off all devices that you will not be using during your long vacation.
It's too late to do anything after something has happened, especially with servers, so try to turn off anything that can be turned off. We also recommend backing up your data in case of an unforeseen incident.

■Post-vacation measures:
As a precaution after the holidays, even if no visible incidents such as service outages or tampering have occurred, we recommend checking system logs, access logs, etc. to see if there has been any suspicious access to the server, just in case. Because cyber attacks are not visible, do not simply assume that the situation is no different from normal, but be sure to check.

■ Conclusion (Summary):
The number of cyber attacks does not decrease even during long holidays, so attacks are expected to continue in 2018.
Taking into account the fact that staff will be thinned, it is important to establish a system that allows you to communicate and respond in the same way as usual, and to check after the holidays to make sure there are no problems.

■ About "Shadankun"
"Shadankun" is Cloud-based WAF web security service that visualizes and blocks cyber attacks on websites.
It is used by a wide range of companies, from government agencies and financial institutions to large corporations and venture businesses, regardless of industry or size, and in the approximately three and a half years since the service was launched in December 2013, it has become the number one service in Japan in terms of the cumulative number of companies and websites that have adopted it*1.
*1 Source: Market research on "Cloud-based WAF services" (as of August 25, 2017) <ESP Research Institute> (survey conducted in August 2017)

■About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Address: 4th floor, No. 5 Fuji Shoji Building, 24-4 Sakuragaokacho, Shibuya-ku, Tokyo 150-0031
Representative: Akira Ohno, Representative Director
Established: August 2010
URL: https://www.cscloud.co.jp/
https://www.shadan-kun.com/

Cyber Security Cloud is committed to the philosophy of "creating a safe and secure cyberspace for people all over the world." We develop, operate, maintain, and sell web security services in-house. We will continue to take on the challenge of developing services that all companies can use safely and securely, and contributing to the advancement of the information revolution.