ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter

Telework rush leaves Japanese companies at risk of cyberattack

Experts see smaller businesses as weak link as remote work grows amid coronavirus

(Nikkei Montage/ Source photo by Getty Images and Reuters) 

TOKYO -- A hurried shift to telework is leaving Japanese companies open to cyberattacks through videoconferencing services, cloud storage and unsecure internet connections, according to security experts.

"There are no borders in the cyberworld, so malicious attacks from outside targets on Japanese companies and employees are increasing because we are not familiar with teleworking," said Kenji Uesugi, a cybersecurity consultant with PwC Japan.

Prime Minister Shinzo Abe's emergency declaration has prompted a range of Japanese companies to supply employees with equipment to ensure business continuity while sheltering at home. But it has been a halting start for a professional culture largely unfamiliar with telework.

"Almost all Japanese companies depend on paper-based work, that's why it's a big challenge to introduce IT-based remote working," said Uesugi.

The pandemic has forced companies to rush to invest in hardware and software for remote work. But not all businesses have such resources. "A lot of companies cannot provide PCs and smartphones, which means employees have to use their own private PCs," said Toshio Nawa of Nihon Cyber Defence.

These vulnerabilities, combined with a high appetite for information on the coronavirus, are giving cyber criminals a prime opportunity to penetrate company networks, according to a joint advisory issued this month by the UK's National Cyber Security Centre and the U.S. Department of Homeland Security.

According to a report last year by the National Center for Incident Readiness and Strategy for Cybersecurity, Japan’s cybersecurity authority, a survey of private businesses in 2018 uncovered over 53,000 cyberhacking incidents. Of those attacks, 76% were attempts to steal money from companies, and 20% were corporate espionage.

Phishing -- eliciting information through fraudulent emails -- remains the most common method worldwide for cyber thieves looking to transfer proprietary data or funds, or steal employee credentials to infiltrate a company's network. In one phishing attack identified by cybersecurity analysts, cyber criminals send links to coronavirus maps or fake websites selling scarce essentials such as face masks and sanitizers. Once the link is clicked, a virus is downloaded into the recipient's computer.

The process of downloading and installing telework software -- including virtual private networks or apps such as Zoom -- has also been identified by experts as a point of entry for malicious actors.

Cybersecurity consultants at PwC identified banks, digital payment systems and e-commerce companies as some of the industries and businesses most at risk from global cyberattacks. Internet providers have grown more prone to concentrated traffic attacks that can overwhelm and shut down a server in what is known as distributed denial of service. Analysts at Nokia Deepfield observed a 40% increase in global DDoS traffic from levels before the pandemic.

Such an attack was used against the U.S. Health and Human Services Department to slow the country's pandemic response which the agency is leading, while a ransomware attempt on the Paris metropolitan hospital system was thwarted by authorities. But Japan's public health system has not faced anything similar, perhaps because hackers know they are not immune to the coronavirus. "There are groups that have decided not to target hospitals and the healthcare sector for now," said a Tokyo-based security engineer for a Japanese digital payments company.

On the other hand, teleworking employees in the influential Ministry of Economy, Trade and Industry have been targeted by cyberattacks because they are privy to sensitive company information. When it comes to cybersecurity, the weak link in Japan's economy consists of small and midsize companies that typically lack the capital for sophisticated IT infrastructure.

"In the past two months, I received reports of over 20 incidents from METI of attacks on midsize companies in the supply chains of defense and nuclear companies," said Nawa, who consults on cybersecurity for several government agencies.

Subsidies for telework costs were included in the emergency relief package approved by the Japanese government last month. The Tokyo Metropolitan Government, for instance, will provide up to 2.5 million yen ($23,000) per company to help defer telework equipment costs and software fees. SMEs can also call on a cybersecurity support network set up by the Tokyo police.

The shift has been a boon for companies that provide teleworking facilities. Konica Minolta, whose encrypted public wifi network provides a secure VPN connection from 100,000 nationwide locations, said the company received twice the number of signups it expected last Friday, when it began selling licenses for a monthly fee of 780 yen per user.

Experts advise managers to start with setting up layered defenses for their internal networks. Such barriers include installing antivirus software, secure email gateways and spam filters, and requiring passwords and pins to join teleconferences.

But the first line of defense for a company would be training employees to recognize and report fraudulent emails, and to be smart about securing their home networks. 

"Internal threats may be increasing because it becomes easier to steal a company's information during remote working," said Uesugi.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends July 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more