Do not Give in to Heinous Threats Amid Surge in Cyber-attacks

Editorial

14:44 JST, November 28, 2020

There has been a spate of cyber-attacks involving the theft of confidential corporate information and attempts to extort money. It is necessary to quickly prepare to respond to such heinous criminal acts.

In early November, information was stolen from game software giant Capcom Co. by an unknown party and a ransom was demanded. It is believed the attack came from overseas. Up to 350,000 items of personal information of the company’s customers, shareholders and others may have been hacked.

Capcom said it refused to pay the ransom and has consulted the police. It is feared that the stolen personal information could be used for fraudulent and other illicit purposes. This is a serious situation.

The cyber-attack involved “ransomware,” malicious software through which an attacker hacks into a computer, steals data and encrypts the original data to make it unusable. A ransom is then demanded to decrypt the information.

Such ransomware attacks spread globally in the past, affecting a large but unspecified number of targets. This time, however, the attackers targeted a specific company. It is called a “double extortion” because companies also risk having the stolen information exposed if the demands are not met.

According to experts, about 20 criminal groups are operating around the world, and ransoms are getting higher and higher. In Japan, the first victims were confirmed this summer. An overseas survey found that about 30% of targeted Japanese companies paid the ransom. More vigilance is urged.

There is no guarantee that even if victims comply with the demands, attackers will keep their promise and decrypt data or not leak the information. If Japanese companies give in to the threats, they will be perceived as easy targets, which could lead to more attacks. In principle, it would be a good idea to take a firm stand.

In recent years, a huge number of viruses have been created, and attacks have become more sophisticated. It is difficult to prevent being victimized completely.

Cases involving attacks on employee computers with inadequate safeguards and the central computer systems of companies are on the rise. Amid the novel coronavirus pandemic, telecommuting is spreading, which increases the risk of vulnerabilities being exploited.

It is imperative that companies strengthen measures to prevent their systems from being compromised by, for example, updating the latest version of software and introducing two-step authentication. Important data should be backed up. It is also important to consider in advance what to do if a hack occurs.

There is a limit to how much a company can do on its own. In the United States, legislation has established an intelligence-sharing system between the public and private sectors for information on attack threats or damage.

In November, the government and the Japan Business Federation (Keidanren) set up a new public-private organization to strengthen measures against cyber-attacks. It is important for information to be shared between the government ministries and agencies concerned and the business community to improve their response capabilities.

(From The Yomiuri Shimbun, Nov. 28, 2020)