In addition to the threats from hackers, various criminal organizations, and state-backed cyber-warfare units, Japanese companies and government institutions have to deal with an additional cyber-security threat, one which coming from themselves.
As the number and severity of cyberspace attacks around the world continues to rapidly grow, Japan’s attempts to curtail these attacks and improve its general cyber security keeps hitting a roadblock set up by a business culture that equates breaches in security with a loss of face. This in turn leads to very few incidents being disclosed and the necessary information being shared at crucial moments.
Some security consultants have found that, even in cases of serious security breaches in Japanese government agencies, the situations were discovered but not reported by their numerous predecessors, as they perceived it as a personal failure and were trying to avoid the shame associated with it.
Lack of Understanding
In addition to fears that reporting a security breach will have adverse consequences, Japan also has an issue of a distinct lack of understanding among its top level executives of how cyber-security actually works. Part of this comes from an environment in which some echelons of upper management do not even know how to use e-mail, and certainly cannot fathom the idea of IT integration. This lack of knowledge only makes it easier on the attackers.
This is best illustrated by the data from 2013 which shows that the Japanese government network saw an eightfold increase in cyber-attacks compared to the two previous years, with those attacks affecting civil infrastructure, telecommunications and even the energy sector.
However, with the 2020 Tokyo Olympics approaching, the Abe administration is trying to combat this. They are seeing this as the perfect moment to upgrade the capabilities of Japan’s national security, while at the same time asking the government to make stricter rules that will make companies take cyber-security more seriously.