Tackling Cyber Security Threats [Fujitsu Forum 2015 Conference Report]

Conference: Fujitsu's Approach to Mitigating and Managing Sophisticated Cyber Risks—Fujitsu's Own Experiences and Cutting-edge Technologies

Fujitsu Forum 2015 Tokyo, Fujitsu’s largest annual event, was held on May 14-15 at the Tokyo International Forum in Yurakucho. At this conference presentations were made on business innovation as well as on in-house testing and the latest Fujitsu technologies to counter emerging cyber security threats.

Tailored Solutions for Every Customer

Taishu Ohta, Head of Security Initiative Center, Service and Platform Business Development Unit, Fujitsu Limited

Taishu Ohta opened the conference with an address on the rapidly expanding Internet of Things (IoT), estimating there will be some 50 billion internet-connected devices by 2020 and just under 43 million security incidents in 2014. The issue then becomes how to best to address the growing security threats.

Fujitsu’s response is the FUJITSU Security Initiative, announced in January 2014. This is a comprehensive framework of products and services bringing together cyber security techniques and solutions from around the world in a tailored solution that is optimized to every customer's needs.

The next three speakers at the conference spoke on specific aspects of the FUJITSU Security Initiative: the latest technological developments, the in-house testing program, and associated training programs.

Conventional Firewall-type Solutions Unable to Protect

Masahiko Takenaka, Project Director of Cyber and System Security Project, Knowledge Information Processing Laboratories, Fujitsu Laboratories Ltd.

Masahiko Takenaka from Fujitsu Laboratories described recent technological advances in an address entitled “Forefront Research on Cyber-security— Pursuing human-centric security technologies.”

He noted that cyber threats are becoming increasingly sophisticated, and now include highly targeted attacks that use internal company networks to reach specific individuals and access sensitive data. Conventional firewall-type solutions are unable to protect against these sorts of threats.

Virus detection based on pattern matching has a success rate of only about 30 to 40%.

Corporate customers require security solutions designed to prevent unauthorized access to data in the event of a security breach, i.e., by identifying malware that has infiltrated via internal networks and monitoring choke points for detecting remote commands from a C&C (command and control) server.

Mr. Takenaka also mentioned the new rapid detection technology from Fujitsu Laboratories for identifying latent malware activity in corporate computer systems. This technology is designed to identify infected machines prior to a data breach occurring and design an appropriate course of action.

On targeted attacks, he spoke of the pivotal importance of employee awareness. As a training exercise, Fujitsu sent out an internal email that simulated a targeted attack, and monitored how many employees opened it. Those whose duties involve frequent external contact, such as sales teams and customer center staff members were more likely to open the email. This exercise indicates that awareness training must accompany even the very best technology to ensure that it is used effectively.

Governance and Employee Training Go Hand in Hand

Motomichi Mori Deputy Head of IT Strategies Unit, Fujitsu Limited

The next speaker was Fujitsu’s Motomichi Mori, who made a presentation entitled “Global Security Governance as Practiced by Fujitsu—Responding to Increasing Contemporary Threats.” This presentation focused on security management in the Fujitsu Group and security strategies at the global level.

The Fujitsu Group comprises some 300 subsidiaries and affiliates around the world, and it is unrealistic to expect every one of these organizations to implement the same security policies and strategies. He pointed out that security controls are predicated on two key planks: security policy (the domain of management) and standard security (the domain of technology). Fujitsu sets out the security requirements of each affiliate based on the security definitions and pursues both in an incremental and ongoing fashion.

According to Mr. Mori, a security strategy is more than just a collection of products and services; optimum outcomes are dependent on proper operation. In other words, customer satisfaction means more than just supplying and installing products and services.

Another key aspect of corporate security is personnel. According to a 2014 survey by the Information-Technology Promotion Agency (IPA), Japan needs another 22,000 trained personnel in this field. The survey also found that 137,000 of 230,000 information security engineers and technicians have insufficient training.

700 New Consultants by the End of FY2016

Masayuki Okuhara, Head of Security Technology Center, Fujitsu Limited

Masayuki Okuhara then described the Security Meister Certification System for security engineers in a presentation entitled “Security Engineer Skills Development in Cyber Attack Protection for Social Infrastructure Systems.”

This certification system is designed to boost the visibility of security engineers within the organization, and includes a dedicated Security Meister training program. Fujitsu aims to produce some 700 certified security engineers by the end of FY2016 for deployment at Fujitsu subsidiaries and affiliates.

Mr. Ohta then returned to the lectern to close the conference by reiterating Fujitsu’s ongoing commitment to security products and services. In particular, Fujitsu is focusing on encryption, privacy protection and IoT authentication infrastructure as part of an underlying mission to ensure safe and secure ICT experiences for all.

Overall, the session demonstrated that technology alone is not enough to tackle the increasingly sophisticated and high-tech nature of cyber crime. It is important to augment technology with operational experience and systems as well as trained personnel.

  • Taishu Ohta
    Head of Security Initiative Center
    Service and Platform Business Development Unit
    Fujitsu Limited 

  • Masahiko Takenaka
    Project Director of Cyber and System Security Project
    Knowledge Information Processing Laboratories
    Fujitsu Laboratories

  • Motomichi Mori
    Deputy Head of IT Strategies Unit
    Fujitsu Limited

  • Masayuki Okuhara
    Head of Security Technology Center
    Fujitsu Limited