The Journal The Authority on Global Business in Japan

The frequency of security breaches seems to increase each day. The media has a way of making disastrous events seem more common than they are, but in this case it’s not an illusion. According to the Identity Theft Research Center, as of May 17—the day the Embassy of the United States in Tokyo held its Spotlight on Cybersecurity event at Keio University—there have been 399 data breaches in 2016. Their final report for 2015 tallied 781, a number that, at the current pace, will be shattered by the end of the year.

The Commercial Section of the US Embassy, together with the Keio Cybersecurity Research Center, Sasakawa Peace Foundation USA, and the Asia Pacific Institute for the Digital Economy (APIDE) at Keio University, organized this daylong event. Erick Kish, commercial attaché at the US Embassy, says it “brought together thought leaders from the US and Japanese private sectors, academia, and government to discuss cybersecurity challenges and encourage a multi-stakeholder approach to solutions.” He pointed out that “cybersecurity is a foundation of the digital economy, and a key to building the online trust which is essential for e-commerce.”

Admiral Dennis Blair (Ret.), chairman and CEO of Sasakawa USA and former director of US National Intelligence, gave a keynote address titled “Securing the Internet of Things” Speaking beforehand to The Journal about his goals, Blair said they are two-fold: “to strengthen US–Japan bilateral ties by finding issues of common interest and working together to solve them, and to make tangible contributions towards the actual resolution of same.”

Once those common interests are identified, infrastructure is key to addressing the threat. Amandeep Kalra, an automation engineer at Schweitzer Engineering Laboratories, cited the sharing of “best known methods on engineering, deployment, and maintenance of safe, reliable, and secure power systems” his goal.

Darktrace, a pioneer of the enterprise immune system approach to cybersecurity and founded by machine learning specialists from the University of Cambridge, participated in a couple of panels. Citing the tendency of organizations to remain blind to in-progress attacks for extended periods of time, regional director John Kirch told The Journal that the benefit of this approach is that it shines a light on anomalous activity on the network, even when the perpetrators are insiders.

Kane Lightowler of Waltham, Massachusetts-based endpoint security company Carbon Black, pointed out a worrisome shift. “The fact that cybercrime rapidly is becoming a paid service is fueling a tremendous amount of disruption of our IT systems. Today, attack campaigns often are run by those who aren’t technical enough to build the tools themselves, but who are motivated and have the money to hire skilled professionals eager to provide these services.”

A common point was that, in order to combat cybercrime and keep pace with the rapid evolution of the threat, private businesses must take the lead. Legislation alone cannot provide effective security. Speaking to The Journal on the topic, Eric Basu, president and CEO of technology service provider Sentek Global, said, “Putting legislation out that forces companies out of business in order to comply would of course defeat the purpose.” This can also lead to misplaced energy. Basu pointed out that “possibly the biggest mistake corporate IT managers make is to assume that compliance equals security.”

The event, attended by around 750 people, was part of the US Embassy’s Solutions 2020 Spotlight Series. In keeping with that theme, Ken Modeste of global independent safety science company UL told The Journal, “I believe the best opportunity for Japan is to build processes and systems that have longevity. After 2020, there will be more sporting, political, or other major events. Japan faces considerably more natural disasters compared with other countries. A strategy to address cybersecurity threats should focus on Japan during the 2020 Olympics and beyond in building world class innovative systems.”

Christopher Bryan Jones is Editor-in-chief of The Journal. Originally from Birmingham, Alabama, he has lived in Japan since 1997.
Possibly the biggest mistake corporate IT managers make is to assume that compliance equals security.