Japan is in the midst of a terrorism crisis, specifically cyberterrorism, yet the government is doing little about it — and its shocking complacency threatens us all.
In the first half of 2017, over 6 billion records were exposed through data breaches, more than in all of 2016. And the problem is particularly severe in Japan, which saw its total number of cyberattacks explode from 12.8 billion in 2013 to 128.1 billion in 2016 — a 900% increase in just three years. Yet while roughly 80% of U.S. companies and 65% in Europe conduct cybersecurity risk assessments, only 55% in Japan do so, and while about 78% of U.S. companies and 67% in Europe have a chief information security officer (CISO), only 27% in Japanese do.
Worldwide security spending is projected to increase 8% over last year to hit $96.3 billion, partly due to the WannaCry ransomware attack (which affected over 200,000 computers across 150 countries, with total damages of up to $4 billion), the Equifax breach (which cost the company $4 billion) and the NotPetya ransomware attack (with $10 billion in total damages, making it the “most devastating cyberattack in history“).
But such problems are often easily averted. One of WannaCry’s biggest victims, for example, was the National Health Service (NHS) in England and Scotland, though it was later found that the NHS could have prevented the attack with “basic IT security.”
But while Japan has recognized the need for more cyber warriors, it evidently hasn’t seen the importance of good leadership — the country’s cybersecurity minister, Sakurada Yoshitaka, said on Thursday while answering questions about a bill to revise the Basic Act on Cybersecurity that he isn’t familiar with cybersecurity.
But it gets worse. Sakurada also confessed earlier this month that he has never in his life used a computer.
This may sound like something straight out of The Onion, but sadly it’s all too true. And it matters for us all. As noted by Jack Danahy at Barkly Endpoint Security Blog:
The current model is to identify infected systems, quarantine them, identify the infecting systems, and treat them with pretty aggressive measures like wiping and rebooting. However, this approach is failing because there are simply too many attacks, too little appetite for downtime, and too much cost. The only way out of this downward spiral is to take advantage of the same Herd Immunity concept that worked so well for Dr. Salk with polio.”
Herd immunity refers to a population’s resistance to disease as a result of enough members of that population being immune, usually through vaccination. The idea that herd immunity works in cybersecurity terms has been echoed by Diana Kelley at IBM’s Security Intelligence blog, as well as by the computer security software company McAfee. McAfee notes that while herd immunity may make a somewhat sloppy metaphor, the idea of securing everyone by securing most is a good goal, adding that we all must do our part. Japan, we’re looking at you.