SecurityScorecard: Tech Products Key Source of Third-Party Breaches in Japan

SecurityScorecard has released a comprehensive cybersecurity report highlighting Japan’s growing third-party cyber risks. The report, titled “The Third-Party Cyber Risk Landscape of Japan 2024,” delves into an analysis conducted by the SecurityScorecard STRIKE threat intelligence team. They examined numerous cyber breaches affecting Japanese organizations over the past year, uncovering the primary threats and vulnerabilities impacting the country’s cyber resilience.

As one of the world’s largest economies and a leader in industries such as manufacturing, automotive, technology, and finance, Japan holds a crucial position on the global stage. A significant third-party breach in Japan could trigger disruptions not only within the nation but also across global supply chains and markets, making the country’s cybersecurity posture critical.

Dai Fujimoto, Country Manager at SecurityScorecard K.K., emphasized the high stakes for Japan: “Japan’s critical position in the global economy makes it a high-stakes target for cyber threats. In this landscape, an organization’s security is only as strong as its weakest link, and that is often its third and fourth-party vendors. Holding partners to the same rigorous security standards as your own network is essential to preventing breaches and protecting Japan’s economic stability.”

Key Findings from the Report

  • Surge in Third-Party Breaches: Third-party breaches in Japan have risen significantly. In 2023, 41% of all cyber breaches in the country involved third-party attack vectors, which is much higher than the global average of 29%.
  • Technology Products and Services as Primary Risk: Technology-related products and services accounted for the majority of third-party breaches in Japan. A staggering 58% of breaches were tied to third-party technology vendors. A significant portion (33%) of these breaches also stemmed from subsidiaries and acquisitions of Japanese firms, especially those with operations overseas.
  • Vulnerable Industries: The Technology, Media, and Telecommunications (TMT) sector was the most susceptible to third-party breaches, representing 26% of all incidents. This was followed closely by the Manufacturing, Automotive, and Construction (MAC) industries, which accounted for 24%. The Retail and Hospitality (RH) sector experienced 17% of breaches.
  • Ransomware and State Actors: Cybercriminal ransomware groups were responsible for 73% of the third-party breaches in Japan with an identifiable perpetrator. The remaining 27% were linked to state-sponsored actors from North Korea and China.

Cybersecurity Recommendations for Japan

In light of these findings, SecurityScorecard’s STRIKE team provided several actionable recommendations to help mitigate third-party risks in Japan:

  • Prioritize Third-Party Tech Vendors: Focus on identifying and managing risks originating from third-party technology vendors. Since these relationships account for the majority of breaches, organizations should ensure that their tech partners adhere to rigorous security standards.
  • Strengthen Security Across Subsidiaries and Acquisitions: Companies should enforce consistent security protocols across all subsidiaries and acquisitions, particularly those based overseas. Implementing network segmentation and restricting unnecessary network access can prevent lateral movement by attackers.
  • Address Industry-Specific Risks: Tailoring third-party risk management strategies to specific industries is crucial. For example, manufacturing and automotive companies should bolster their defenses against disruptions in supply chains, while tech firms must prioritize protections for internal assets and customer data. Retail and hospitality organizations, on the other hand, should ensure that their e-commerce and payment vendors are thoroughly vetted to protect sensitive customer information.
  • Defend Against State-Sponsored Attacks: Given the growing threat from state-sponsored actors, organizations should ensure their third-party vendors, particularly in sectors like defense and finance, meet stringent security standards to minimize the risk of attacks.

Additional Resources and Methodology

The full report, “The Third-Party Cyber Risk Landscape of Japan 2024,” is available for download, providing more detailed insights and recommendations for improving cybersecurity across Japan.

SecurityScorecard’s threat intelligence team uses a proprietary collection of open-source data from various channels, including news outlets, security publications, press releases, corporate disclosures, and dark web communications, to track and document cyber breaches. The data analyzed in this report spans from late September 2023 to September 2024, covering 160 reported breaches that affected Japanese organizations or their subsidiaries abroad.

About STRIKE and SecurityScorecard

The STRIKE team at SecurityScorecard combines specialized threat intelligence with deep expertise in incident response and supply chain cyber risk management. STRIKE’s insights empower organizations to identify and address vulnerabilities in their digital ecosystem.

SecurityScorecard is a leading cybersecurity ratings provider, serving over 25,000 organizations globally. The company’s patented security ratings technology helps businesses manage risks, enforce third-party risk management, and comply with regulatory requirements. With over 12 million companies continuously rated, SecurityScorecard’s mission is to enhance global cybersecurity resilience through transparency and actionable insights.

For more information on the report or to access SecurityScorecard’s cybersecurity resources, visit securityscorecard.com.

Source link

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter