{"id":17557,"date":"2016-08-25T15:00:07","date_gmt":"2016-08-25T22:00:07","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=17557"},"modified":"2016-08-31T08:51:09","modified_gmt":"2016-08-31T15:51:09","slug":"cso-big-news-for-small-businesses-in-japan","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/08\/cso-big-news-for-small-businesses-in-japan\/","title":{"rendered":"Big News for Small Businesses in Japan"},"content":{"rendered":"<p><em>(This blog post is <a href=\"https:\/\/www.paloaltonetworks.jp\/company\/in-the-news\/2016\/160901_cso-big-news-for-small-businesses-in-japan.html\" rel=\"nofollow,noopener\"  target=\"_blank\">also available in Japanese<\/a>.)<\/em><\/p>\n<p>In August 2016, the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) published a new document, <a href=\"http:\/\/www.nisc.go.jp\/active\/kihon\/pdf\/keiei.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\"><em>Cybersecurity Approach for Business Management<\/em><\/a> (this is a Japanese link), targeted at major companies as well as small and medium-sized businesses (SMBs). The NISC document follows up on Japan\u2019s September 2015 <a href=\"http:\/\/www.nisc.go.jp\/eng\/pdf\/cs-strategy-en.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">Cybersecurity Strategy<\/a>, which encourages business management to be cybersecurity-minded and invest in the same, and also the <em>Cybersecurity Guidelines for Business Leadership Version 1.0<\/em> issued by the Ministry of Economy, Trade and Industry (METI) and the Information-Technology Promotion Agency (IPA), which we profiled in our May 2016\u00a0<a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2016\/05\/japans-cybersecurity-guidelines-for-business-leadership-changing-the-japanese-business-mindset-and-potentially-raising-the-global-bar\/#more-13765\" target=\"_blank\">blog post<\/a>.<\/p>\n<p>While the METI\/IPA guidelines are aimed squarely at business executives of major and medium-sized companies, the new NISC document fills an important need by targeting small businesses. In Japan, <a href=\"http:\/\/www.smrj.go.jp\/recruit\/environment.html\" rel=\"nofollow,noopener\"  target=\"_blank\">99.7 percent<\/a> of companies are small and medium-sized businesses (SMBs), employing <a href=\"http:\/\/www.smrj.go.jp\/recruit\/environment.html\" rel=\"nofollow,noopener\"  target=\"_blank\">69.7 percent<\/a> of Japanese workers (Japan generally <a href=\"http:\/\/www.chusho.meti.go.jp\/faq\/faq\/faq01_teigi.htm\" rel=\"nofollow,noopener\"  target=\"_blank\">defines<\/a> SMBs as businesses with fewer than 300 employees). In Japan, like elsewhere, more and more SMBs are reliant on information technology (IT). According to the <a href=\"http:\/\/www.chusho.meti.go.jp\/pamflet\/hakusyo\/H25\/PDF\/0EHakusyo_part2_chap1_web.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">METI White Paper on SMBs in 2013<\/a>, 73 percent of medium-sized and 40 percent of small companies had their own website in 2007, rising to 80 percent and 46 percent in 2012, respectively. Although Japanese SMBs are aware that IT utilization can help them streamline their business operations, cut costs, and increase sales, they lack IT manpower, let alone cybersecurity specialists. Usually, the head of the company or family members take care of IT needs, due to limited resources.<!--more--><\/p>\n<p>But SMBs are becoming more vulnerable. As major companies have enhanced their security, attackers have <a href=\"http:\/\/news.mynavi.jp\/series\/network_security\/001\/\" rel=\"nofollow,noopener\"  target=\"_blank\">ramped up targeting of SMBs<\/a>, who often are short of resources even to detect breaches. A March 2016 IPA <a href=\"http:\/\/www.ipa.go.jp\/files\/000051252.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">report<\/a> on SMB information security analyzed responses from nearly 4,000 SMB representatives in November 2015. According to the IPA survey:<\/p>\n<ul>\n<li>SMBs that use no information security product or service:\n<ul>\n<li>25% of small businesses with fewer than five employees<\/li>\n<li>15% of SMBs with fewer than 100 employees<\/li>\n<li>8% of SMBs with 101\u2013300 employees<\/li>\n<\/ul>\n<\/li>\n<li>SMBs that have no point of contact to consult about cybersecurity issues:\n<ul>\n<li>72% of small businesses with fewer than five employees<\/li>\n<li>38% of SMBs with fewer than 100 employees<\/li>\n<li>30% of SMBs with 101\u2013300 employees<\/li>\n<\/ul>\n<\/li>\n<li>SMBs that have no cybersecurity educational program for their employees:\n<ul>\n<li>81% of small businesses with fewer than five employees<\/li>\n<li>52% of SMBs with fewer than 100 employees<\/li>\n<li>40% of SMBs with 101\u2013300 employees<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>This is alarming to the health of the Japanese economy and national defense as well as Japan\u2019s trade partners. Japan\u2019s economic strength and major companies are reliant on Japanese SMBs, which have high technical competence and provide parts for precision machines and metal-processing. Thus, the cybersecurity of Japan\u2019s SMBs is crucial for Japan\u2019s economy and both national and international security.<\/p>\n<p>The NISC<em> Cybersecurity Approach<\/em> was issued based on a <a href=\"http:\/\/www.nisc.go.jp\/conference\/cs\/pdf\/jinzaiwg-konkyo.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">Working Group for Security-Minded Business Management<\/a>, formed by NISC in December 2015, that included <a href=\"http:\/\/www.nisc.go.jp\/conference\/cs\/pdf\/jinzaiwg-meibo.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">experts<\/a> from academia, industry and law to explain how Japanese companies can integrate cybersecurity into their business strategies. The NISC document complements the METI\/IPA <em>Cybersecurity Guidelines<\/em> by addressing how SMBs can seek cybersecurity effectively. The Working Group, aware that SMBs\u2019 limited resources make it difficult to adopt sophisticated security products or solutions, suggests SMBs use cloud-based security services and also consider cyber insurance. The Working Group also proposes the creation of local \u201cconsultation desks\u201d and seminars targeting SMBs and that companies and business partners in the same sector should work together, such as by sharing cybersecurity best practices.<\/p>\n<p>The NISC <em>Approach<\/em> is not the only Japanese government effort to encourage SMBs to take cybersecurity more seriously. In 2015, the Japanese government revised the 2003 Personal Information Protection Act to remove an exception for SMBs holding fewer than 5,000 pieces of personal information to protect and prevent breaches of personal information. The Act\u2019s revision was specifically timed to coincide with the January 2016 introduction of \u201c<a href=\"https:\/\/www.kojinbango-card.go.jp\/en\/mynumber\/\" rel=\"nofollow,noopener\"  target=\"_blank\">My Number<\/a><u>,<\/u>\u201d a new personal identification system for Social Security and taxation information, which has resulted in SMBs (and all companies) holding more personal information on residents in Japan. Even Japan\u2019s Tourism Agency is getting involved\u2014immediately after <a href=\"http:\/\/www.japantimes.co.jp\/news\/2016\/06\/15\/business\/corporate-business\/personal-info-7-93-million-people-may-leaked-japans-biggest-travel-agency\/\" rel=\"nofollow,noopener\"  target=\"_blank\">JTB Corp., the largest travel agency in Japan<\/a>, lost 7.93 million pieces of personal customer information due to a spear phishing attack in June 2016, the Japan Tourism Agency established the <em>Advisory Committee to Address Breaches in the Tourism Sector<\/em>. Its July 2016 <a href=\"http:\/\/www.mlit.go.jp\/common\/001140698.pdf\" rel=\"nofollow,noopener\"  target=\"_blank\">interim report<\/a> encourages travel agencies to take a number of steps, with specific recommendations for SMBs.\u00a0 These include using cloud-based security services and purchasing cyber insurance; the report further suggests that a trade association provide consultation services, as well as a CSIRT function, for SMBs throughout the sector.<\/p>\n<p>Of course, budgetary constraints will remain the biggest stumbling block for SMBs to invest in cybersecurity. It is unclear how much financial support the government will provide for SMBs in these efforts it is suggesting, if at all. For larger SMBs with larger budgets, perhaps cloud-based, automated cybersecurity services can cut costs and increase efficiency. Nonetheless, NISC\u2019s <em>Approach<\/em> and the other activities profiled in this blog showcase some important efforts Japan is making to help such an essential part of the country\u2019s economy\u2014small firms\u2014be more secure. Many governments globally have the same goal. For example, the U.S. Small Business Administration has <a href=\"https:\/\/www.sba.gov\/managing-business\/cybersecurity\" rel=\"nofollow,noopener\"  target=\"_blank\">cybersecurity tools and resources specifically targeted at<\/a> small companies. Japan\u2019s activities are worthy of note and consideration.<\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara.jpg\"><img loading=\"lazy\" decoding=\"async\"  class=\"size-full wp-image-17659 alignleft lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara.jpg\" alt=\"MihokoMatsubara\" width=\"225\" height=\"225\" srcset=\"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara.jpg 225w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-100x100.jpg 100w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-40x40.jpg 40w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-32x32.jpg 32w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-64x64.jpg 64w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-96x96.jpg 96w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/MihokoMatsubara-128x128.jpg 128w\" sizes=\"auto, (max-width: 225px) 100vw, 225px\" \/><\/a><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz.jpg\"><img loading=\"lazy\" decoding=\"async\"  class=\"size-full wp-image-17656 alignleft lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz.jpg\" alt=\"Headshot_Danielle Kriz\" width=\"225\" height=\"225\" srcset=\"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz.jpg 225w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-100x100.jpg 100w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-40x40.jpg 40w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-32x32.jpg 32w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-64x64.jpg 64w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-96x96.jpg 96w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/Headshot_Danielle-Kriz-128x128.jpg 128w\" sizes=\"auto, (max-width: 225px) 100vw, 225px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><em>This is the fourth in a series of blogs co-authored by Mihoko Matsubara and Danielle Kriz aimed at introducing Japan\u2019s cybersecurity efforts and their significance to a global audience, including governments, global industry, and other thought leaders. Subsequent blogs are expected to cover additional thoughts on the METI\/IPA Cybersecurity Guidelines, Japan\u2019s role in global cybersecurity capacity-building, the cybersecurity ramifications of planning for the Tokyo Olympic Games 2020, and other topics.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(This blog post is also available in Japanese.) In August 2016, the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) published a new document, Cybersecurity Approach for Business Management &hellip;<\/p>\n","protected":false},"author":182,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1766,155,484],"tags":[2524,473,1922,1924,2527],"coauthors":[1873,1920],"class_list":["post-17557","post","type-post","status-publish","format-standard","hentry","category-cso-perspective","category-cybersecurity-2","category-government","tag-cybersecurity-approach-for-business-management","tag-japan","tag-meti","tag-nisc","tag-smb"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/17557","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/182"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=17557"}],"version-history":[{"count":8,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/17557\/revisions"}],"predecessor-version":[{"id":18127,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/17557\/revisions\/18127"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=17557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=17557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=17557"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=17557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}