Prepare for cyber attacks!

What small businesses can do June 15th, 20:30

Cyber ​​attacks are becoming more sophisticated every day.

In March, all Toyota Motor plants in Japan were temporarily suspended.

The target was the parts manufacturer of the customer.

Weaknesses in the supply chain = SMEs are being attacked more and more.

However, there is not as much money as a small company.

Is there a way to prepare?

That is ...

(Kotaro Tanikawa, Reporter, Ministry of Economic Affairs)

Training for cyber attack assumptions in large companies

One day in May.

The system staff of major electric power manufacturers and electric power companies are gathered in one room of a building in Tokyo.



What was being done was training assuming a cyber attack.



The instructor who plays the role of a hacker launches cyber attacks on the students one after another in an attempt to take over the system.

Employees open emails disguised as business partners and get infected with a virus, or the in-house email service can be stopped by remote control.

While experiencing typical attack patterns, you will learn how to identify suspicious communications and how to quickly block them from the corporate network.

And by discussing whether their response was correct, it seems that they will improve their proficiency.



This course is gaining popularity when you acquire responsiveness with a practical menu.



The fee is 330,000 yen per person for 2 days.

It's not cheap at all.

Participants from electrical equipment manufacturers


"This kind of training is very important because you cannot take countermeasures without understanding what kind of attacks will be carried out. If something goes wrong, it will cause great damage. The frequency of attacks will increase. I really have a sense of crisis. "

These courses started six years ago, but according to the operating company, the number of participants began to increase in 2019 before the Olympics, and last year it exceeded 3,000.



We can see the high need for security measures.

Mr. Matsuyama


"There is a growing awareness that human resource development is important, and we are trying to provide exercises that meet those needs. In the future, we would like to expand the scope to people who are not security experts."

33% of SMEs do not need to invest

While interest in cybersecurity is increasing, especially among large companies, what is happening to small and medium-sized companies?

There are some survey results that I am interested in.

In a survey conducted last year by the Information-technology Promotion Agency (IPA), which promotes the spread of security measures, 33.1% of companies answered that they have not invested in security measures in the last three years.



When I asked why ...

"I don't feel the need" ... 40.5%


"I can't see the cost-effectiveness" ... 24.9%


"It costs too much" ... 22.0%

As revealed in March when all Toyota factories in Japan were temporarily shut down, cyber-attackers can find holes in security measures and enter the supply chain.



Not only large companies but also small and medium-sized enterprises need security measures, but this survey shows that not many business owners realize the need.

Is there a cheap and easy measure?

Are there any security measures that are highly effective even at low cost?



The "Cyber ​​Security Help Team" developed by the Ministry of Economy, Trade and Industry is a service that is trying to meet the needs of such small and medium-sized enterprises.



It can be installed simply by connecting a dedicated device about the size of a lunch box to the company network line.

The content of the service is narrowed down to the minimum necessary, and the monthly usage fee is 10,000 yen or less excluding tax.

Although it is the minimum necessary service, it monitors the system 24 hours a day, notifies you by e-mail if there is an abnormality, and in case of an emergency, an information security expert will rush to take initial measures such as virus removal.



With this, you don't have to have a lot of employees who are familiar with security.

Simple insurance can cover the cost of rushing specialists.



This service started two years ago, and now 12 businesses such as the Chamber of Commerce and electric power companies are the contact points for accepting applications for use.

At the site of popularization

The Osaka Chamber of Commerce and Industry is one of the organizations that promotes the spread of this "help team".



The number of consultations on cyber attacks sent to the Osaka Chamber of Commerce and Industry continues to increase, and two years ago, some small and medium-sized enterprises suffered damage of more than 20 million yen from attacks by ransomware.



As a means to prevent such damage, I focused on the "help team".



Miki Noda, chief of the Management Information Center of the Osaka Chamber of Commerce and Industry, says that he is calling for introduction while visiting member companies.

Osaka Chamber of Commerce and Industry Director Noda


"The attackers are trying to obtain technical information and personal information using small and medium-sized enterprises as a foothold. In the event of damage, small and medium-sized enterprises will be victims but also perpetrators. If you are asked to suspend transactions or compensate for damages, you may not be able to continue your business and you may go bankrupt, so please take measures without thinking of a fire on the opposite bank. "

In the company that actually introduced it

With Mr. Noda's call, more than 220 of the member companies of the Osaka Chamber of Commerce and Industry decided to introduce it.



Although it is still less than 1% of the member companies, I was able to talk to the president of a textile wholesale company that introduced it in April.

The president has recently heard that a suspicious e-mail has arrived at a company close to him, and when he sees reports of Toyota Motor's factory suspension, he has come to think that it is something that his company cannot overlook. It is called Ta.

President of a textile wholesale company


"If you inconvenience customers due to a cyber attack, it may stop trading. I felt a sense of crisis when I saw the recent news about cyber attacks. I have been recommended by the Osaka Chamber of Commerce and Industry for some time. I heard the explanation again and decided to introduce it. "

Other measures for small and medium-sized enterprises

There are other moves to provide security measures that are easy for SMEs to implement.



NTT East will establish a new company jointly with Tokio Marine & Nichido and Trend Micro.

In addition to listening to the needs of each company in detail and starting a "made-to-order" type security service, we also propose insurance in the event of damage.



We are aiming for annual sales of 2 billion yen in five years.



The need for cyber security measures is expected to spread not only to large companies but also to small and medium-sized companies that make up the supply chain, and such services are expected to increase.

Security measures are no longer the most important management issue

The words of Mr. Noda of the Osaka Chamber of Commerce and Industry that I interviewed left an impression on me.

It was an urgent complaint that "if you do not take measures, the technology created by dropping blood, sweat and tears will be stolen by a group of criminals."

The Internet has become indispensable for corporate activities.



Security measures may be the most important management issues to protect the company, protect the technology, and protect employees and business partners.



From the perspective of economic security, I hope that measures will be taken at some cost to build a strong supply chain.


Kotaro Tanikawa ,

Reporter, Ministry of Economic Affairs


Joined in 2013


After working at the Okinawa Bureau and the Osaka Bureau, he is currently in charge of the information and communication industry.