TOKYO -- It’s every CEO’s worst nightmare: Invisible invaders rummaging through internal documents, collecting private emails, salaries and even trade secrets.
When that sensitive information is made public or falls into the wrong hands, at best it can damage morale -- at worst it can cost a company billions of dollars or become an issue of national security.
Honda had its own brush with cybercrime on June 8 when it came under a file-encrypting ransomware attack that disrupted essential systems and was forced to stop production at nine factories around the world.
The ability to respond quickly, and efficiently, to a cyberattack can be the difference between a minor blip or a major catastrophe. To this end, companies here have stepped up efforts to develop inside expertise that will allow them to stay ahead of constantly updated international cyberlaws, while saving time and money responding to digital crimes, data breaches and other attacks.
"To protect its enterprise value, a company must race against time from discovering an incident to substantiating its claim," said Naritomo Ikeue, executive vice president of Fronteo, a Japanese IT company that uses artificial intelligence to spot suspicious exchanges among millions of emails, cutting time spent by lawyers sifting through data by as much as 90%.
Japanese businesses are under pressure to step up digital forensic abilities particularly because of the European Union's privacy and security law, the General Data Protection Regulation, which went into effect in 2018. Under these rules, companies are required to report a data breach to an authority within 72 hours or face fines.
Digital forensics has also emerged as an important tool following scandals that rocked corporate Japan, including Suruga Bank's massive loan screening manipulation and bribes made to Kansai Electric Power executives.
Businesses had left such work to service providers, but are now beginning to train their own digital investigators.
Interest has been seen across industries. Computer engineers from the likes of Hitachi and Dai Nippon Printing, as well as communication and advertising companies, gathered in Tokyo in February to take a practice exam for a new digital forensics certification.
The certification will be offered in September by the Institute of Digital Forensics, a non-profit organization with members in relevant fields and academia. Test takers will be assessed on their skill in information searches and security technology as well as legal knowledge. More than 200 people have taken three practice exams since autumn.
Companies want their own digital investigators because it is increasingly important to "grasp the scope of damage before contacting a service provider and respond to an incident in the initial stage," said a security official at Dai Nippon Printing.
Toshio Nawa, of Nihon Cyber Defence, said last month that the Ministry of Economy, Trade and Industry reported 20 attacks on midsize companies in the supply chains of defense and nuclear companies.
Meanwhile, in January, Mitsubishi Electric Corp. said it had been targeted in a massive cyberattack, and that information regarding government agencies and other business partners may have been compromised.
The player in Japan’s defense and infrastructure industries said potentially leaked information included email exchanges with the Defense Ministry and the Nuclear Regulation Authority as well as documents related to projects with private firms, including utilities, railway operators, communications and automakers.
Companies have also had to worry about insiders stealing closely guarded trade secrets. Police arrested Yutaka Araki in January for allegedly taking proprietary information from Japanese phone carrier SoftBank Corp., where he was an employee. Police said Araki, 48, took the information from a computer server and gave it Russian officials in 2019.
In the event of digital malfeasance, coordination with a service provider is important for companies, especially a contact person who knows where the necessary data is and what information should be kept confidential. The quality of these contacts determines the difference in response.
Companies have been reaching out to Fronteo for digital forensic technology training. "Every time an information breach is reported, we see an increase in demand for our training service," Ikeue said.
One step in ramping up internal capabilities is hiring an expert, but the talent pool is still relatively small in Japan. Demand for these specialists is so strong that corporations and government agencies are offering pay 50% above that for general security personnel, according to the Institute of Digital Forensics.
Digital forensics can be tapped for other uses, such as dealing with electronic discovery -- an information disclosure step in the U.S. legal proceedings. Companies subject to an anti-trust investigation or defendants in intellectual property litigation may be required to present necessary materials from among a staggering volume of data, including, for instance, "any and all information concerning product development," according to U.S. regulations.
In such cases, having an in-house forensic expert proves to be more than helpful.
"There was a case where an in-house engineer without forensic expertise unnecessarily manipulated data, and it ended up losing its ability to serve as evidence," said Makoto Funahashi of the Institute of Digital Forensics.