News and Topics
Toshiba Publishes English Edition of Cyber Security Report 2020
Ensure information security and product security through proactive use of threat intelligence, and autonomous organizational structureTOKYO—Toshiba Corporation (TOKYO: 6502) has published the English edition of “Toshiba Group Cyber Security Report 2020,” a report of cyber security policy, measures and activities in FY2019.
Toshiba Group aims to achieve further growth and maximize corporate value as an infrastructure services company that makes full use of cyber-physical systems (CPS) technologies, which fuse the cyber (digital) and physical (real) worlds. CPS connects an ever-widening range of devices and equipment to networks, increasing the risk of cyber-attacks and physical damage to infrastructure and control systems. Toshiba Group constantly monitors internal and external network threats, toward reinforcing a system for predicting and preventing risk before it poses a danger. If an incident does occur, the company responds promptly, to minimize damage and recover the business.
Toshiba Group’s goal is sustainable security grounded in its concept of “Security Lifetime Protection (SLP).” SLP promotes a virtuous cycle in which threats are recognized, countered and analyzed, and the results are fed back to design and development teams, so as to improve and protect the security of in-house information systems, factory production systems, and the products, systems and services delivered to customers.
Concept of Security Lifetime Protection
This year’s report describes the progress in introducing Endpoint Detection and Response (EDR) tools to Toshiba facilities around the world. As part of SLP, EDR strengthens Security by Design by finding and responding to unknown viruses that standard antivirus software cannot handle, and also to advanced attacks that cannot be detected in network gateway nodes.
The report also covers how SLP is being integrated into group-wide operations, and reinforced in practice by making full use of a wide range of resources. The first is showcased by the appointment of a Product Security Incident Response Team (PSIRT) manager in the product division of a major group company, and the establishment of a dedicated support organization. The second is demonstrated by proactive use of threat intelligence* from public authorities and a range of external sources, which are applied in all phases of SLP to enhance security operations.
Going forward, the Group will continue to fulfill its responsibilities in this crucial area, and will ensure that stakeholders understand its thinking, strategies, and specific measures to ensure security by issuing regular website updates and the annual cyber security report.
* A generic term for information that can be used for threat prevention and detection, such as hacker attacks, threat trends, and vulnerability information
Toshiba Group’s Cyber Security Report 2020 is available here:
https://www.toshiba.co.jp/security/en/report
Toshiba Group’s Cyber Security Website:
https://www.toshiba.co.jp/security/en/