1. What is cyber security?
Cybersecurity means protecting digital data and systems in your possession from cyberattacks such as theft and destruction, as well as other threats.
| What is cyber security? | |
|---|---|
| Examples of protected objects |
|
| Examples of attacks/threats |
|
Cyber security protects the digital environment, including digitized information, from malicious attacks. Specific examples include the introduction of security software and access control of server installation locations.
According to a survey by the Small and Medium Enterprise Agency, the cost of security measures was less than 500,000 yen for SMEs and 1.5 million to 2 million yen for large companies.
Here, we will explain the reasons why cybersecurity is necessary and the types of cybersecurity, which are the basis for understanding cybersecurity.
1-1. Reasons why cyber security is necessary
Cyber security specialized in the digital environment is required because it is susceptible to attacks and the damage tends to be large.
Cyberattacks can target anyone with an internet connection. Since there is a risk of being attacked due to trivial actions in the course of work, such as browsing sites and downloading data, it will be difficult to prevent without taking appropriate measures.
Digital data that can be easily taken out without taking up space has a low hurdle for insiders to illegally take it out, which is another reason why cyber security is necessary.
Furthermore, if such attacks are received,
- Loss of credibility and economic loss due to data leakage
- Lost business opportunities due to system outages
- Business continuity becomes difficult
It is troublesome because it causes great damage in many ways. Economic losses include investigation costs related to the scope and cause of data leakage, loss of sales due to business interruption, and compensation for damages. According to the report of the Ministry of Internal Affairs and Communications, the total amount per company is calculated to be about 200 million yen.
【point】
It is difficult to prevent attacks unless appropriate measures are taken, and once attacked, the damage is huge, so cyber security is necessary.
1-2. How to improve cyber security
There are several ways to increase cyber security, including networks, software, systems, and information management.
| How to increase cybersecurity | |
|---|---|
| network |
|
| software system |
|
| information management |
|
Even if you ensure safety in only one place, if security is inadequate in other parts, you will not be able to prevent damage such as cyber-attacks, so you need to be careful.
Try to combine several cybersecurity measures according to your internal environment.
2. The difference between cyber security and information security
Cyber security and information security differ in the points that are emphasized in security measures.
Cybersecurity is taking measures to protect the digital environment from attacks and other threats, while information security is thinking about management methods that can ensure the confidentiality, integrity, and availability of information.
| The difference between cyber security and information security | |
|---|---|
| cyber security | Address threats to digitized information and infrastructure |
| Information security | Ensure the confidentiality, integrity, and availability of all information, whether digital or analog |
Cyber security can only deal with digitized information, and information security can deal with both digital and analog. Focusing on the aspect of information, cyber security is included in information security.
However, the purpose of cyber security is to prevent threats to the entire digital environment, including information.
Even companies that have been working on information security so far should reconfirm whether there are any deficiencies from the perspective of cyber security.
3. What cyber-attacks should be prevented by cyber security?
There are various types of cyberattacks that require cybersecurity countermeasures, such as unauthorized access, DDoS attacks, and attacks that target vulnerabilities. Let’s take a look at typical examples of cyberattacks and recent trends.
3-1. Representative examples of cyber attacks
Typical cyberattacks include unauthorized access, DDoS attacks, attacks targeting vulnerabilities, targeted attacks, and distributed attacks.
| Representative examples of cyber attacks | |
|---|---|
| Unauthorized access |
【Overview】
|
|
【example】
|
|
| DDoS attack |
【Overview】
|
|
【example】
|
|
| Attacks targeting vulnerabilities |
【Overview】
|
|
【example】
|
|
| targeted attack |
【Overview】
|
|
【example】
|
|
| Scatter attack |
【Overview】
|
|
【example】
|
|
Let’s get an image of what a cyber attack is and use it as a reference when considering what to do with cyber security measures.
3-2. Trends in recent cyberattack cases
In recent years, cyber-attacks have been on the rise, and in particular, the number of cases of ransomware damage has increased significantly. According to the “Cyber Security 2022” survey by the Cabinet Cyber Security Center, damage from ransomware, which has been increasing rapidly since 2021, quadrupled year on year between July and December.
[Reference: What is ransomware?]
- A cyberattack encrypts files stored on an intruded computer and renders them unusable, then demands payment of a ransom to restore them.
In addition, the malware “Emotet” has been increasing rapidly since February 2022. Emotet, which mainly spreads via email, hijacks infected devices to send infected emails to other addresses and steal information.
The scary thing about Emotet is that once infected, it can be targeted or used as a base for various cyberattacks.
[Reference: What is Malware?]
- A general term for unauthorized software, which includes various types such as viruses and spyware.
4. Cybersecurity is technical, human, and physical
To make cyber security measures effective, it is necessary to work from the following three perspectives.
| Three Perspectives of Cyber Security | |
|---|---|
| 1. Technical measures | Enhancing security with digital technology such as IT tools |
| 2. Human measures | Raise security awareness among employees and ensure thorough implementation of countermeasures |
| 3. Physical measures | Thoroughly manage the infrastructure of servers and systems that store information, etc., and manage entry and exit to the installation location |
We will explain what to do about each.
4-1. Technical measures
Technological measures for cyber security are measures to enhance security by utilizing digital technology such as IT tools. Specifically, there are the following countermeasures.
| Practical examples of technical measures |
|---|
|
By implementing technical measures, it is possible to promptly respond to cybersecurity risks such as cyberattacks and prevent damage.
4-2. Human measures
Human measures for cyber security are intended to raise the security awareness of employees and ensure thorough implementation of measures. Let’s check a concrete example.
| A practical example of human measures |
|---|
|
By implementing human measures, it is possible to increase the effectiveness of technical measures. No matter how much antivirus software and two-factor authentication are installed, if an employee opens a suspicious email and brings a virus into the company, it will not be possible to prevent attacks.
4-3. Physical measures
Physical measures refer to installing servers and system infrastructure that store information in highly secure locations and thoroughly managing them.
| Practical examples of physical measures |
|---|
|
It is important to prevent not only intruders from the outside, but also malicious people inside the company from easily accessing servers, etc., and to prevent the system from being affected even in the event of a disaster.
5. Key points for ensuring cyber security
Here are three things you can do to effectively increase your cybersecurity effectiveness:
| Three points of cyber security |
|---|
|
1. Thoroughly implement the three basic measures 2. Raise security awareness 3. Incorporate third-party perspectives |
I will explain how to effectively improve cyber security.
5-1. Thoroughly implement the three basic measures
In cybersecurity, there are many measures to be taken. Here are three basic steps you should take first: At first, it would be more effective to steadily implement these three measures than to take multiple measures half-heartedly.
| Three Basic Cyber Security Measures |
|---|
|
A vulnerability is a weak point in a program that can easily cause adverse effects when attacked. If a vulnerability is targeted and attacked, the system will immediately stop, malfunction, or leak information. By properly updating your OS and software, you can eliminate this vulnerability quickly, so don’t forget to do so.
Thorough management of IDs and passwords is essential for preventing unauthorized access. This is because no matter how much a system that prevents unauthorized access is introduced, it cannot be prevented if the ID and password are known. Manage IDs and passwords so that they are not leaked, and do not set passwords that are easy to guess.
By installing antivirus software and systems, you can detect and eliminate malicious programs in advance, so we recommend that you always install them.
5-2. Improve security awareness
Improving the security awareness of every employee is an important point for the success of security measures.
If you do not raise your security awareness, you may forget the importance of updating your OS or software, or you may inadvertently leak your ID, password, or other important information.
Don’t just hand over cybersecurity manuals, but also devise a way to share information so that the importance of security measures is communicated, such as training.
5-3. Incorporating Third-Party Perspectives
If you are concerned about your company’s security, we recommend using a security check service.
Security check refers to a service that checks for vulnerabilities in systems, servers, networks, etc., and provides necessary countermeasures.
The advantage of having a third party diagnose your security is that you will be able to learn about inadequacies in settings and high-risk areas that you would not have noticed on your own.
NTT East also offers a cloud security check service, so if you are currently using a cloud service, why not try a security check?
6. Building an environment strong in cyber security with NTT East’s cloud
If you want to introduce a cloud that is safe in terms of cyber security, please consider NTT East’s cloud introduction and operation for AWS/Microsoft Azure first. At NTT East, we can introduce security-focused cloud services as a one-stop service, so we can reduce security risks and the burden on the person in charge.
| Secure cyber security with NTT East’s cloud |
|---|
|
1. Secure not only the cloud but also the safety of the line at the same time 2. Support is available 24 hours a day, 365 days a year even after installation |
Here are some reasons why you should be comfortable with security.
6-1. Peace of mind because not only the cloud but also the connection can be secured at the same time
NTT East’s cloud implementation and operation for AWS/Microsoft Azure provides centralized support for all cloud-related matters. You can rest assured that you can consult us not only about the security of the cloud service to be introduced but also about the line connecting to the cloud service.
If you are concerned about the security of your current line, you can combine your line with the cloud and migrate to one with perfect security.
In addition, you can leave the environment settings directly related to security, such as firewall settings, to us, so you can reduce the risk of information leaks due to careless initial setting mistakes.
If you choose a cloud introduction method with an emphasis on cyber security, NTT East’s cloud introduction and operation for AWS/Microsoft Azure is a one-stop support that does not leave out any countermeasures.
6-2. Peace of mind because you can receive support 24 hours a day, 365 days a year even after installation
If you are concerned about security after starting a cloud service operation, we recommend NTT East’s “Cloud Installation and Operation for AWS/Microsoft Azure”. Since you can receive a wide range of operational support, including security, it is characterized by reducing the burden on the person in charge and security risks.
| Details of NTT East’s cloud operation support | |
|---|---|
| Monitor/notify |
Status check, resource monitoring, service process monitoring, log monitoring Communication monitoring/PaaS status monitoring/notification of monitoring system alerts |
| Troubleshooting/primary response |
Receiving failures, isolating failure locations, and primary countermeasures |
| operation agency |
Retirement Support / Virtual Server Type Change Create image/backup, change the volume size Server stop, start, reboot, OS security patch application, etc. |
Why don’t you take advantage of cloud professional operation support to realize cyber security measures without trouble and peace of mind?
7. Summary
Cybersecurity refers to protecting digital environments such as data, networks, and computers from cyberattacks and other threats. It differs from information security in that it focuses on the protection of digitized information and systems.
Cyber-attacks that should be prevented by cyber security include unauthorized access, DDoS attacks, attacks targeting vulnerabilities, as well as targeted attacks and distributed attacks. It is important to check the latest attack status and take appropriate countermeasures.
