▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

SecurityScorecard Threat Intel Reveals Technology Products as Leading Source of Third-Party Breaches in Japan

SecurityScorecard today released new cybersecurity research on Japan’s escalating third-party cyber risks. In “The Third-Party Cyber Risk Landscape of Japan 2024,” SecurityScorecard STRIKE threa...

Business Wire

New report reveals ransomware and state-sponsored groups as top threats to Japanese companies and vendors

NEW YORK: SecurityScorecard today released new cybersecurity research on Japan’s escalating third-party cyber risks. In “The Third-Party Cyber Risk Landscape of Japan 2024,” SecurityScorecard STRIKE threat hunters analyzed numerous reported breaches affecting Japanese organizations over the past year, uncovering the top targets and threats impacting the nation’s cyber resilience.

As one of the world’s largest economies and home to renowned global brands, Japan plays a pivotal role on the international stage. Its leadership across industries like manufacturing, automotive, technology, and finance extends well beyond its borders. A significant third-party breach in Japan could disrupt global supply chains and impact markets worldwide.

Dai Fujimoto, Country Manager, SecurityScorecard K.K., said:

“Japan's critical position in the global economy makes it a high-stakes target for cyber threats. In this landscape, an organization’s security is only as strong as its weakest link, and that is often its third and fourth-party vendors. Holding partners to the same rigorous security standards as your own network is essential to preventing breaches and protecting Japan's economic stability.”

Key findings

  • Third-party breach rate surges: 41% of Japanese breaches last year involved third-party attack vectors, compared to the global rate of 29%.
  • Tech products and services fuel the risk: Third-party technology products and services are the top causes of Japan’s third-party breaches, with 58% of breaches attributed to these relationships. A third (33%) stemmed from subsidiaries and acquisitions of Japanese companies, primarily from those operating overseas.
  • Tech and media companies under fire: The technology, media, and telecommunications (TMT) industry is the most vulnerable to third-party breaches, accounting for over a quarter (26%) of all incidents. This is followed by the manufacturing, automotive, and construction (MAC) industry at 24%, with retail and hospitality (RH) experiencing 17%.
  • Ransomware and state actors drive attacks: Criminal ransomware groups were responsible for 73% of all of Japan’s third-party breaches with an identifiable perpetrator. The remaining 27% were linked to state-sponsored groups in North Korea and China.

Cybersecurity recommendations for Japan

Based on this analysis, the SecurityScorecard STRIKE team also offers actionable insights for enhancing cybersecurity across Japan:

  • Prioritize top risk sources: Focus on managing risks from third-party technology vendors and relationships with subsidiaries or acquisitions, especially those overseas, to mitigate primary third-party breach vectors.
  • Strengthen security across subsidiaries and acquisitions: Enforce consistent security standards across all business entities, including network segmentation to limit lateral movement and minimum necessary network access.
  • Address industry-specific third-party risks: Tailor third-party risk management strategies to the unique needs of an industry. For manufacturing and automotive, prepare for cyber disruptions in supply chains; in technology, prioritize defenses that protect both internal assets and customers from attack vectors; and for retail & hospitality, rigorously vet e-commerce and payment-processing vendors to safeguard sensitive customer data.
  • Defend against state-sponsored threats: State-backed actors exploit third-party vulnerabilities to bypass highly secure targets, especially in sensitive sectors like defense and financial services. Hold vendors to the same security standards to reduce these risks.

Additional resources

Methodology

SecurityScorecard maintains its own capability for the collection of open-source reporting on data breaches and other cyber security events. This breach feed collects relevant data points from a variety of online sources, including mainstream news media, specialized security news publications, press releases, corporate disclosures, government and legal documents, social media posts, and Dark Web communications, among others. Its primary purpose is to establish the breach correlations that enable our scoring algorithm and also to document breaches that affect organizations’ scores.

This report reflects the first full year of in-house data collection, beginning in late September 2023 and ending in late September 2024. SecurityScorecard extracted 160 reported breaches affecting Japanese organizations that surfaced in sources from this period. Some of these breaches may have occurred before this time period but only surfaced in open-source reporting later due to delays in detection, disclosure, or other factors. SecurityScorecard also included breaches that affected the overseas branches or subsidiaries of Japan-based multinational businesses, given their structure and the potential for such breaches to enable lateral movement into the parent companies in Japan.

About STRIKE

The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide, empowering the entire digital ecosystem to identify, measure, and resolve cyber risk.

About SecurityScorecard

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.

Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Mutual of Omaha and Workday to Help Companies Enhance Employee Benefits…

Mutual of Omaha is excited to announce its relationship with Workday, Inc. to help employer-provided insurance customers improve their benefits programs…

Sei Labs Releases New “Giga” Roadmap That Will Bring 50x Improvement to…

Sei Labs, the main contributor to Sei, the fastest Layer 1 EVM blockchain, today announced its latest roadmap, dubbed “Giga”, charting its path to becoming…

Swoop Celebrates Triple Recognition in PM360’s 13th Annual Innovations…

PM360's 13th Annual Innovations Issue recognizes Swoop for its cutting-edge contributions to data-driven healthcare marketing. Honored with three prestigious…

Mastercard Finalizes Acquisition of Recorded Future

Mastercard (NYSE: MA) today completed its acquisition of Recorded Future. “As the world becomes more digitized, there's an increased focus on securing…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!