With ever expanding digital transformation (DX), a company’s data also increases in volume and value. As a result, data protection is one of the top priorities for any company. This is especially true for companies located in Japan who need to prepare for two dangers that threaten their data security: natural disasters and cyber attacks. In this article, we will discuss the urgency of these threats and the preventative measures that should be implemented.
Japan: One of the most disaster prone countries in the world
While it goes without saying that Japan is a disaster-prone country, there are still many people who think that they and their companies are safe from the risks. However, based on historical records and research, the government and many scientific organizations are well aware of the risks and do their best to educate people about them. Business people operating in Japan would be well advised to pay attention to the following facts.
A history and future of disasters
・The probability of a Southern Ocean Trough earthquake is 70-80% over the next 30 years.
・The probability of a severe tremor (6 or higher on the Japanese “Shindo” scale) within 30 years in metropolitan Tokyo is 47%, 38% in Yokohama, 46% in Nagoya, and 30% in Osaka.
・Although the probability of future earthquakes in Tohoku and the Sea of Japan is relatively low, they have occurred in the and caused significant damage (e.g., the Niigata Chuetsu Earthquake and the Tohoku Earthquake in 2011).
・Flood damage in Japan in 2019 totaled 2.18 trillion JPY, the largest recorded amount of non-tsunami flood damage in a single year
・In August 2021, the Japan Meteorological Agency (JMA) issued a “Special heavy rainfall warning” and “General information on significant heavy rainfall due to the occurrence of linear precipitation zones in various areas. In Northern Kyushu, some areas reached 50% of their annual rainfall in less than a week in that same month.
Cyber attacks: “Disasters” in the digital world
In addition to real world disasters, there is another risk that companies should be wary of: cyber attacks. These digital disasters threaten more than just corporate data. The ransomware attack on the Colonial Pipeline fuel company earlier this year and the damage it caused to human lives and social infrastructure is still fresh in our minds.
Ransomware damage
According to the August 2021 “10 Major Security Threats 2021” report from the IPA (Information-technology Promotion Agency, Japan), “damage from ransomware” is considered to be the largest threat for organizations.
Source:”10 Major Security Threats 2021” / IPA(Information-technology Promotion Agency)
https://www.ipa.go.jp/security/vuln/10threats2021.html
Ransomware is a virus-based cyber attack that encrypts the data stored on a company’s computer or server. or renders the device itself unusable. It is an extremely malicious cyber attack in which money or encrypted assets are demanded in exchange for data recovery or for not exposing confidential information.
In fact, according to data released by the Tokyo Metropolitan Police Department in September, ransomware attacks in the first half of 2021 increased by nearly three times compared to the second half of 2020. Of the affected companies, nearly 40% incurred a total of more than 10 million JPY in investigation and recovery costs.
Ransomware damage and attack routes in Japan
According to the Metropolitan Police Department report mentioned above, the routes of ransomware infection are through VPN devices (55%), remote desktops (23%), suspicious emails with attachments (13%), and others (10%). As companies have responded to the COVID-19 pandemic by implementing remote work and relying on remote desktops and VPN devices to allow outside connection to company networks, hackers are increasingly taking advantage of the disruption.
Keeping your data safe
The above information is a sobering reminder of the threats that corporate data faces in 2021.
However, companies should not let the fear of future possible threats derail their plans. Instead, they should take proactive and preventative action now.
Disaster countermeasures
One excellent way to prepare for natural disasters is to store company data in the cloud. By storing the data in a location that is both unlikely to be affected by a disaster and that is protected even in the event of a disaster, companies can easily restore their data to existing or new computers and devices. In addition, it is possible to retrieve only the necessary files and folders from the cloud back-up data to get up and running again.
Ransomware countermeasure
As a general rule, the best defense against cyber attacks should be mult-ilayered. As security threats are diverse and ever changing, it is possible to be better prepared for all kinds of risks by implementing overlapping defenses. Specifically, firewalls and WAFs should be installed to prevent intrusion from the outside and internal security systems should be created.
To be better prepared against ransomware, one of the most alarming cyber attacks, please follow the three following steps.
■Prevent intrustion
・Always update security software, operating systems, and major software
・Do not click on suspicious links or pop-ups, and do not open suspicious emails
・Use trusted websites
■Prevent attacks
・Use the latest security products and procedures
・Do not involve those with administrator authority in daily operations if possible
■Recovery
・Regularly backup data and systems
・Maintain at least one offline data backup
Tsukaeru Cloud Backup
Finally, an effective solution to protect your data from two ever present threats to your company and your data: natural disasters and cyber attacks.
Cloud Backup protects your data with the best security measures
Tsukaeru Cloud Backup is the most powerful solution that combines backups as a natural disaster countermeasure and security as a cyber attack countermeasure.
Backup protocols provide quick and reliable restoration for all incidents that affect applications, systems, and data on any device.
Security protocols detect threats before they occur and protect data with full security measures.
For a low cost of 1,408 JPY per month (two-year contract), Tsukaeru Cloud Backup provides a 200GB capacity service for one personal computer and up to three mobile devices.
To find out about our exciting free trial offer, please contact us using the link below.
Click here for more information on Tsukaeru Cloud Backup.
.jpg)
Call toll-free: 0120-961-166
Office hours: 10:00-17:00
Small and medium-sized businesses around the world are suffering from a chronic shortage of workers, and in reaction, many businesses are implementing IT solutions to make up the difference. However, while this can improve productivity, it also increases cyber security risks. The more that a company relies on IT, the greater the possibility of damage or stoppage from cyber attacks. As a result, appropriate security measures are becoming even more important for small and medium-sized businesses.
Cyber security threats are on the rise
In March 2019, the Information-technology Promotion Agency, Japan (IPA), an independent administrative agency, revised its information security measures guidelines for small and medium-sized enterprises (SMEs) for the first time in more than two years. Referencing the increase of cyber security threats. IPA states that, "there are concerns that SMEs in the supply chain may be used as a foothold for targeted attacks on the companies they serve, and it is essential to take measures as soon as possible.” IPA also points out that SMEs often have less security awareness and inadequate measures compared to large companies and are therefore easier targets for attacks.
Cyber attacks: an ongoing problem
As an example of the threats that industries are facing, in 2017, the Osaka Chamber of Commerce and Industry (OCCI) surveyed SMEs with 50 or fewer employees, mainly in the construction, manufacturing, wholesale, and service industries. Out of 315 companies, 97, or nearly 30%, had been affected by cyber attacks, and among them, 22 companies, or 7% of all companies, had been infected by ransomware. In addition, a 2019 OCCI supply chain survey revealed that while the supply chain partners of one in four companies had experienced cyber-attacks, approximately 70% were unaware of their supply chain partners' cyber-attack preparedness or damage.
.jpg)
What is ransomware?
Recently, ransomware is becoming a growing problem for businesses, including SMEs. The word is created from the combination of the words “ransom” and “software,” and can also be described as “ransom malware.”
When a computer is infected with ransomware, the stored data will be encrypted or the computer itself will be disabled. It is basically impossible to access the data or computer unless cash or virtual currency is transferred to the attackers’ designated account to obtain the encryption key. When a ransomware infection occurs, not only the computer but also all data in other externally connected storage devices can be encrypted, potentially causing tremendous problems and loss for SMEs.
Cyber security vulnerabilities
Cyber attacks are usually conducted by exploiting security vulnerabilities, but what are these vulnerabilities exactly? Simply put, they are weaknesses in a program. Computer operating systems and software often contain programming and design errors and defects. Obviously, during the development process, programmers constantly check for these problems. However, some vulnerabilities do not become apparent until the software is actually released to the market.
Therefore, IT companies that provide operating systems and software will release information about the potential problems or software updates as soon as the vulnerability is identified. However, if a malicious third party creates an attack method that targets the vulnerability before the update, a company's data may be exposed to cyber attacks.
Common tactics and countermeasures
As the three main routes of ransomware infection are websites, links and attachments in emails, and USB flash drives, the following measures are recommended to protect your company’s data:
・Infection prevention measures
The first step is to be aware of the above three infection routes and implement basic precautions to protect your company's computers. Email attachments or links should not be opened carelessly, and if there is a security concern, ask the sender for confirmation or check the extension of the attached file. Extra caution should be taken with compressed file extensions (.zip, .rar, etc.). Also, USB drives should not be used casually, even in the office.
However, no matter the vigilance of each employee, it is impossible to protect your computers and systems from cyber attacks. Therefore, it is extremely important to always update your computer's OS to the latest version to reduce vulnerability. It also goes without saying that you should install virus software and keep it updated, as well.
・Damage mitigation measures in the case of infection
Even with the above precautions, a ransomware infection is still possible, and you should plan accordingly. With a good backup system, you can restore your data even if you experience an attack. If backing up to an external storage device, make sure that it is not connected to the system to avoid the spread of infection.
Security: What is the perfect backup?
A backup is the process of duplicating the data on your computer and storing it separately in case of data loss or other unexpected situations. So, what is the best way to actually backup your important data?
.jpg)
The "3-2-1" backup rule
In the backup world, it is said that in order to perfectly protect your data, you need to follow the "3-2-1 Rule.” Originally proposed in 2012 by US-CERT, a security organization run by the Cybersecurity & Infrastructure Security Agency, an operational component of the U.S. Department of Homeland Security, it was initially thought to be too time-consuming and impractical. However, as mentioned above, it is now being reevaluated as a rule to protect data from the growing frequency and sophistication of ransomware attacks in recent years.
The 3-2-1 rule refers to the following three rules:
・Create three backups
・Save backups in two different media
・Backup one copy to a remote location
Let's take a closer look at each of these rules.
Creating the backups
With only one or two backups, there is always a possibility that one or both may be lost or destroyed, as well as the original data. A third backup creates an extra layer of security.
Storing in two different media
If all of your data backups are in the same media, you could lose it all if the problem is related to the type of media. Storing it in a variety of media, such as DVD and hard disk, or tape and online, reduces the chance that one problem could wipe all your backups.
Backing up one copy to a remote location
What if your home or office catches fire? In Japan, earthquakes are relatively common, so it is possible that you could be affected by such a disaster. If all of your backups are in one place, they could be easily damaged or compromised. By keeping at least one backup in a remote location, you can be better prepared for different types of man-made and natural disasters.
Data protection with Tsukaeru Cloudbackup +
Cloud-based backup services are an excellent option that works perfectly with the 3-2-1 rule mentioned above. By storing your data in the cloud, your data will be backed up to a location separate from your physical office. It also stores your data virtually, providing a backup in a different media as compared to physical DVDs and hard drives.
We would like to introduce Tsukaeru Cloudbackup+, a cloud-based backup service from Tsukaeru.net. This innovative and reliable service is easy to set up, requires no capital investment, and backs up not only your files, but all your accounts, settings, and OS as well.
If you are considering a cloud-based backup service as part of your security measures, or if you are considering switching from your existing service, please contact us below.
Click here for more information on Tsukaeru Cloudbackup +.
.jpg)
Call toll-free: 0120-961-166
Office hours: 10:00-17:00
