[Security Days 2024 Session Report] Exploring the Latest Trends in Cybersecurity and Human Resource Development

Introduction

Hemanth from the Alliance Department here. This time around writing Security Days 2024 Session Report, Latest Trends in Cybersecurity and Human Resource Development Key Note Session.

Keynote Speaker

Shiho Moriai, Executive Officer and Director of Cyber Security Research Institute at the National Institute of Information and Communications Technology

Insights on Cyberattacks and Ransomware Damage Cases Over the years

The Percentage of financial demands among cyber attacks in 2022, the number of 27% in 2022. Europe will be the most targeted region in 2022. In 2021, Hospital had fallen prey to ransomware attack. The problems with electronic medical record systems etc. The hospital was forced to temporarily stop accept new patients and they were unable to claim medical feels. LockBit claimed responsibility. In 2022, An animation company the content production and delivery due to system outages. Another company in same year suffered damage in charge of design and development. In 2023, port container terminal boasts highest total cargohandling volume in japan was shutdown due to ransomware attack.

Ransomware Response

The average time to complete a ransomware reduced by 94 percent meaning it took more than two months in 2019 less than four days in 2022.

Attacker Division of Labor/ecosystem construction progresses

In addition to restoring encrypted files, the ransom is increased by threatening to reveal stolen confidential and personal information (double extortion). A hacker group has developed and distributed a package (RaaS*) that allows organizations without the ability to create ransomware to carry out attacks. Turning ransomware into a business *RaaS: Ransomware as a Service.

Top Intrusion Method

The percentage of incidents where phishing is infection method growing threat of 41%.

Economic Losses due to cyber attacks

Japan's ransom payment rate is lowest among 15 countries. 20% in 2021 and 33% in 2020, decreasing for 2 consecutive years.

Average Stock price after security incident disclosure

Impact on stock price after timely disclosure of security incident. It was 10% down.

CISO establishment status

In US 70% of executives appointed by CISO's. In Japan it is about 40%.

Summary of situation surrounding Cybersecurity

Rising Threats, siginificant increase in related activities, vulnerabilities. There is a growing fear that cyber-attacks will have harmful effects. Economic loss Cybersecurity measures are a management issue for organizations, including the impact on business continuity, stock prices, trust in the organization, and brand image. In terms of responding to cyber risks, leadership by management is weaker in Japan than in the United States.

Initiatives at NICT Cyber Security Research Institute

Japan's only public research institution specializing in the ICT field Main duties (from “National Institute of Information and Communications Technology Act”). Research and development in the field of information and communication (ICT). Research and development of observation technology using radio waves, etc. Determination of Japan Standard Time and transmission of standard radio waves Exercises related to cyber security, business, Research, development, support etc. Support for research and development in the information and communications field conducted by the private sector, universities etc.

NICTR Observation Information

Providing observation information to security related organizations such as fixed point observation friends association (SIGMON), sharing results such as JPCERT, IPA etc. DoS attack imminent-WG i.e sharing information related to DoS attacks with ICT-ISAC Japan. Tokyo 2020 Games, sharing information related to attacks with NISC, Olympic and Paralympic Organizing Committee etc. Cyber sceurity Council, NISC participates in information sharing with related organisation as Class 2 member.

Investigation of Iot devices with Incorrect password settings

NOTICE: National Operation Towards Iot Clean Environment
Ministry of Internal Affairs and Communications, NICT, and ISPs are working together to identify devices that may be exploited in cyber attacks. Investigation and efforts to alert users of the device. Currently collaborating with 82 domestic ISPs and conducting surveys on approximately 112 million IP addresses every month.

7 IoT device security measures that can be done now

1. Reboot the IoT device (disappear volatile malware)
2. Firmware update (close vulnerabilities)
3. Change ID/password (prevent intrusion using initial password)
4. Setting to deny access from the Internet side (no access from outside)
5. Installed inside the gateway device (not directly connected to the Internet)
6. Replace old devices (No devices without automatic update function)
7. If you receive a warning from a NOTICE, respond immediately!

Cybersecurity human resource development at NICT

1st is the security operator Developing (practical operators) Security operators within organizations such as government agencies and private companies (Information system personnel, etc.) At the stage where your organization has suffered a serious cyber attack (= Practical incident response skills in “emergencies”) nurturing.

2nd is the security innovator (Innovative research/developers) training Simply use existing tools as a “user”. Rather than being security-minded and innovative Research and develop security software, etc. Developing high-level human resources.

What is CYDER?

CYDER, or Cyber Defense Exercise with Recurrence, is a practical cyber defense exercise that teaches participants how to respond to cyber attacks. The exercise is based on simulation attacks, such as how attackers attack client computers and servers in DMZ. Targeting information system personnel at national institutions, local governments, critical infrastructure operators, etc., to create an organization's network in virtual space. A human resource development program that recreates an environment and conducts practical defense exercises that simulate a series of incident responses. Approximately 3,000 people attend each year, mainly through group exercises (approximately 100 times in all prefectures). Over 5,700 people took the course in FY2020

Overview of Practical Cyber Exercise RPCI

Specific training for information processing security support personnel. Incident handling exercises with increased reality by utilizing NICT's large-scale exercise environment. The first specific training course for information processing security supporters at a public institution. Specific training: This course is required once every three years in order to renew the national qualification "Information Processing Security Supporter (Registered Sequispe)" for professionals with the latest security-related knowledge and skills.This is as determined by the Minister of Economy, Trade and Industry. For more information click here.

Young talent development program SecHack365

Targeting young ICT human resources to develop human resources (security innovators) who can use their hands to create new security-related products. We will take advantage of NICT's long-standing research and development know-how, actual cyber attack-related data, and an environment where research and development can be carried out by safely using that data. A one-year program that provides full-scale instruction in security-related technology. Target audience: Live in Japan, Young ICT human resources under the age of 25 (students, working adults, unemployed, etc). From FY2021, subsidies will also be provided to unemployed and non-income earners under the age of 25. Features: Events 4 times a year, support for students, Unique for NICT, experience cutting-edge technology, online instruction

Strengthening Industry-Academia-Government Collaboration

Low cybersecurity self-sufficiency rate, Cybersecurity Strategy Headquarters Research and Development Strategy Expert Committee (May 17, 2019) Spiral of data loss, Unable to collect data → Unable to develop R&D/human resources → Unable to create domestically produced technology. Domestic technology is not widespread → Data is not collected. What Japan needs now, Mechanism for collecting and storing real data on a large scale. Mechanism to regularly and systematically analyze real data. Mechanism to operate and verify domestic products using actual data. Mechanism for generating and sharing threat information from real data. A system for open human resource development using real data.

CYNEX: Cybersecurity integrated intellectual and human resources development platform

In addition to collecting, storing, analyzing, and providing cybersecurity information domestically. Also Build a common platform to develop cybersecurity human resources and open it as a nexus for industry, academia, and government. Project promotion through four “Co-Nexus”, Co-Nexus A (Accumulation & Analysis), Co-Nexus S (Security Operation & Sharing), Co-Nexus E (Evaluation), Co-Nexus C (CYROP: Cyber Range Open Platform). Also Developing advanced analysts at CYNEX.

Human resources development open platform

Revitalize domestic security human resources development business by opening up cyber exercise infrastructure. Open the exercise environment and training materials necessary for cybersecurity exercises. Based on the needs of industry, academia, and government, training materials are prepared in accordance with the NIST NICE Framework.

Conclusion

Security Days 2024 provided invaluable insights into the evolving landscape of cybersecurity and the indispensable role of human resource development in combating emerging threats. With concerted efforts and strategic collaborations, we can navigate the complexities of the digital age and safeguard our digital assets for a secure future.