New report reveals ransomware and state-sponsored groups as top threats to Japanese companies and vendors
SecurityScorecard today released new cybersecurity research on Japan’s escalating third-party cyber risks. In “The Third-Party Cyber Risk Landscape of Japan 2024,” SecurityScorecard STRIKE threat hunters analyzed numerous reported breaches affecting Japanese organizations over the past year, uncovering the top targets and threats impacting the nation’s cyber resilience.
Also Read: CIO Interview Featuring Arpan Sarkar, Senior Security Engineer at Vectra AI
“The Third-Party Cyber Risk Landscape of Japan 2024”
As one of the world’s largest economies and home to renowned global brands, Japan plays a pivotal role on the international stage. Its leadership across industries like manufacturing, automotive, technology, and finance extends well beyond its borders. A significant third-party breach in Japan could disrupt global supply chains and impact markets worldwide.
Dai Fujimoto, Country Manager, SecurityScorecard K.K., said:
“Japan’s critical position in the global economy makes it a high-stakes target for cyber threats. In this landscape, an organization’s security is only as strong as its weakest link, and that is often its third and fourth-party vendors. Holding partners to the same rigorous security standards as your own network is essential to preventing breaches and protecting Japan’s economic stability.”
Key findings
- Third-party breach rate surges: 41% of Japanese breaches last year involved third-party attack vectors, compared to the global rate of 29%.
- Tech products and services fuel the risk: Third-party technology products and services are the top causes of Japan’s third-party breaches, with 58% of breaches attributed to these relationships. A third (33%) stemmed from subsidiaries and acquisitions of Japanese companies, primarily from those operating overseas.
- Tech and media companies under fire: The technology, media, and telecommunications (TMT) industry is the most vulnerable to third-party breaches, accounting for over a quarter (26%) of all incidents. This is followed by the manufacturing, automotive, and construction (MAC) industry at 24%, with retail and hospitality (RH) experiencing 17%.
- Ransomware and state actors drive attacks: Criminal ransomware groups were responsible for 73% of all of Japan’s third-party breaches with an identifiable perpetrator. The remaining 27% were linked to state-sponsored groups in North Korea and China.
Also Read: CIO Influence Interview with Donald Fischer, Co-founder and CEO, Tidelift
Cybersecurity recommendations for Japan
Based on this analysis, the SecurityScorecard STRIKE team also offers actionable insights for enhancing cybersecurity across Japan:
- Prioritize top risk sources: Focus on managing risks from third-party technology vendors and relationships with subsidiaries or acquisitions, especially those overseas, to mitigate primary third-party breach vectors.
- Strengthen security across subsidiaries and acquisitions: Enforce consistent security standards across all business entities, including network segmentation to limit lateral movement and minimum necessary network access.
- Address industry-specific third-party risks: Tailor third-party risk management strategies to the unique needs of an industry. For manufacturing and automotive, prepare for cyber disruptions in supply chains; in technology, prioritize defenses that protect both internal assets and customers from attack vectors; and for retail & hospitality, rigorously vet e-commerce and payment-processing vendors to safeguard sensitive customer data.
- Defend against state-sponsored threats: State-backed actors exploit third-party vulnerabilities to bypass highly secure targets, especially in sensitive sectors like defense and financial services. Hold vendors to the same security standards to reduce these risks.
