Fujitsu Forum 2016 was held for two days on May 19 and 20, 2016 at the Tokyo International Forum in Yurakucho, Tokyo. On May 20, Fujitsu held a conference entitled "The Reality of Cyberspace in the World: What Should Business Managers Think Now?" and introduced a variety of solutions in the exhibition hall.
Leadership by Top Management―The Key to Cyber Security Measures
First to the podium at the conference was Taishu Ohta, Evangelist of the Global Marketing at Fujitsu, who explained the latest trends in cyber security.
Ohta noted: "The Internet has grown explosively since 2000, and now four waves of technologies are making the world more affluent, namely IoT, mobility, AI, and robotics." At the same time, he posed an issue: "Meanwhile, the leakage of important information, such as intellectual property and confidential information, causes companies considerable management risk related to their corporate social responsibility." Ohta concluded his presentation by emphasizing that "all business managers must exercise leadership to ensure safe use of ICT in the world" as he passed the baton to the next presenter.
The Reality of Cyber Wars: What Actions Should Businesses Take
Next at the podium was Tatsuhiro Tanaka, Research Principal at Fujitsu System Integration Laboratories, who gave a presentation on the current status of cyber wars and countermeasures companies should take in response.
Tanaka introduced the recent trend in cyber attacks: "Attack campaigns are underway in which not only states but also organizations such as international criminal organizations, domestic criminal groups, and hacktivists (people who make political and social statements and protests through hacking) attack vulnerable points by setting clear goals and targets." To fight against such attacks, he proposed the following: "While abiding by the principle of self-defense, we must protect all cyber physical systems*, take strategic measures, and share information on cyber threats across national boundaries."
On the other hand, cyber security's role in protecting systems against various threats has changed. Tanaka explained: "In the past, the safety of systems was ensured by system experts mainly for the purpose of Information Assurance (IA). However, today Mission Assurance (MA) and Business Continuity (BC) are required. We must ensure business operations by overcoming unexpected business problems caused by cyber attacks and other threats." Tanaka then concluded his presentation: "It is important for business managers to exercise leadership and show their subordinates how to continue to carry out business operations."
*: Services or systems that integrate computing capabilities in cyberspace into the real world to realize a more efficient, advanced society.
Cyber Security from a Management Viewpoint
Next, Hajime Omura, Corporate Senior Vice President of the Fujitsu Research Institute, gave a presentation under the theme of business continuity.
A risk factor refers not to a disaster itself but to the possibility of adverse effects on corporate activities when a disaster occurs. Therefore, cyber security measures relate not only to systems and administrators but are also important management matters given the huge impact of cyber disasters if they occur. Omura pointed out the following issue: "The reality is that there are many companies that do not prepare for potential cyber incidents by considering solutions for issues."
The key to current security measures is how quickly and accurately management makes decisions when an incident occurs. However, Omura added that "it is important to construct a system to monitor operations during normal times and to respond to emergencies by integrating human resources and organizations, not just information systems and hardware equipment."
"The word 'unexpected' was used frequently after the Great East Japan Earthquake struck. Now, the ability to respond to something 'unexpected' is required," Omura emphasized. "Responding to cyber attacks is a serious management issue, which, in a sense, leads to profits, not costs," he said as he stressed the importance of implementing proactive operations to integrate human resources and organizations.
"It is always necessary to anticipate the impacts on management caused by cyber attacks," he said. "Huge human resources are required to address this. However, we would like to ask customers not to try to solve all matters by themselves and instead to consider the use of outside personnel," he continued as he asserted the need for a cooperation system that stretches across corporate boundaries. Concluding his presentation, Omura declared "Fujitsu's full-fledged support for customers."
Fujitsu's Global Security Strategies
Last to the podium was Akihiro Okada, VP, Head of the Security Management Service Business Unit at Fujitsu, who gave a presentation on Fujitsu's global security strategies.
When we think of security as a strategy, "business continuity" and "global perspectives" are important. Okada described "three viewpoints necessary in cyber security" by referring to the outline of the "Cyber Security Management Guidelines" released by the Ministry of Economy, Trade and Industry at the end of 2015.
The first viewpoint is that "business managers should exercise leadership to protect security." Security must be considered to be an investment, not a cost. Second is that "instead of hiding, we should share the fact that cyber attacks have occurred with affiliated companies and throughout the entire supply chain in order to take measures." If companies only think about protecting their own information systems, their recognition will be insufficient. Third is "information disclosure." To prevent similar attacks, there must be a mechanism for communicating information to related companies.
In such a case, what is the current situation regarding leadership related to cyber security at Japanese companies? Okada explained it as follows: "The amount of money invested by Japanese companies in cyber security measures is approximately half the world average," thus showing that in reality Japanese companies lag behind the rest of the world. This means that Japanese companies are highly likely to be targeted by cyber attacks.
Next, Okada introduced the fact that Fujitsu is providing the Global Managed Security Service (GMSS). This security service offers complete protection to Japanese companies from the following three angles: "risk reduction," "damage minimization," and "development of continuous security hardening."
"The pillars of GMSS are human resources, technologies, and total services," Okada said as he introduced Fujitsu's efforts to develop capable employees throughout the entire Fujitsu Group by an in-house security contest and by promoting the Security Meister Certification System. He also noted that Fujitsu has integrated its global services into a five-region structure in order to quickly catch up with the latest technology trends through enhanced partnerships with global partners as well as to provide 24-hours-a-day, 365-days-a-year services.
Giving Fujitsu's AI technologies and global security operation as examples, Okada emphasized that "Fujitsu enjoys great advantages in total services in order to advance the digital transformation." He talked about the advantages of Fujitsu Digital Business Platform MetaArc as follows: "Solutions supporting total risk management have already been incorporated into the MetaArc cloud system. Use of MetaArc realizes a secure environment automatically."
At the end of his presentation, Okada concluded as follows: "Fujitsu has established a system to completely protect domestic companies, companies operating overseas, and those looking to expand overseas from cyber attacks."
Taishu OhtaEvangelist, Global Marketing
Tatsuhiro TanakaResearch Principal at Fujitsu System Integration Laboratories
Formerly Principal of the JGSDF Signal School and Head of the Defense Information Infrastructure Management Division
Hajime OmuraCorporate Senior Vice President
Fujitsu Research Institute
Akihiro OkadaVP, Head of the Security Management Service Business Unit
Cyber Incident Response Drill for Business Continuity
In the workshop area, Fujitsu held an event entitled "Cyber Incident Response Drill for Business Continuity."
This drill aimed to develop participants' awareness of security issues and necessary actions by presenting a unannounced security incident scenario and simulating response actions taken for the incident. In the workshop area, Fujitsu employees demonstrated the drill and customer participants held discussions in groups of five to review. Customers who met each other for the first time in the workshop actively discussed their respective companies' situations, making the workshop an effective place for exchanging information.
Exhibitions for Experiencing Security Measure Solutions
In the exhibition hall, Fujitsu introduced new security technologies alongside its Global Managed Security Service (GMSS) and other security services. Fujitsu held "attack demonstrations" featuring real-time simulated cyber attacks, replicating the modus operandi of targeted email attacks and how infections spread through organizations, in addition to exhibiting countermeasure products and technologies.
Global Managed Security Service (GMSS)
GMSS provides total support for customers who are developing their businesses globally by focusing on "reducing the risk of incident occurrence," "minimizing damage," and "hardening against cyber attacks." The GMSS is an one-stop service that uses Fujitsu's know-how to operate its own systems in five regions worldwide and harness the knowledge of security vendors from around the world.
Gateway-type Service that Eliminates the Risk of Malware Infections
Fujitsu introduced a service that can eliminate the risk of malware infections caused by accessing illicit websites. Even if a user visits a website that has been infected by malware, that malware will be removed in the cloud before it reaches the user's client environment, ensuring only safe information is displayed.
Automatic Control by Detecting and Blocking Cyber Attacks
Fujitsu exhibited a linkage solution that automatically implements data exfiltration measures for all departments by installing detection devices on the in-house LAN and detecting malicious communications with behavior detection technology. A demonstration showed how to shut off attacker's remote control and prevent information leakage by blocking external communications throughout the entire company upon identifying a security issue through linkage with Fujitsu's IPCOM EX series of integrated network servers and iNetSec Intra Wall, an internal countermeasure appliance that prevents targeted cyber attacks.
Technology to Quickly Detect and Remove Latent Malware Using Attack Traces
Fujitsu introduced a solution that analyzes attack traces to detect latent malware within an organization and quickly remove it. This solution draws attention to attackers' activities to spread infections, quickly extracts the traces of such activities from more than 1,000 types of events recorded in device log files, and diagnoses the extent of devices attacked.
Blocking Cyber Attacks in Advance by Reading Attackers' Minds
Passive defenses that deal with incidents each time they occur are limited in their ability to fight off advanced targeted attacks. By taking a proactive approach and forecasting attacks from the viewpoint of the attacker, a more comprehensive, active defense can be realized.
The Security that Ensures MetaArc's Reliability
In the MetaArc zone, Fujitsu exhibited its internal practices and advanced technologies under the theme of the advanced security that ensures the reliability of Fujitsu's Digital Business Platform MetaArc. Fujitsu introduced its security services that continue to ensure the stable operation of ICT platforms of more than 1,000 global group companies on a 24-hours-a-day, 365-days-a-year basis; Fujitsu Cloud CERT, a specialized security organization that supports security services; and AI and other advanced technologies used in the company's services. Fujitsu also introduced the Security Meister Certification System as an initiative for human resource development as well as education and training programs by using a cyber-range (virtual training area).