Toshiba Publishes English Edition of Cyber Security Report 2024

-Enhancing cyber resilience by monitoring and vulnerability management of IT equipment attack routes; raising risk awareness of top executives-

August 30, 2024

Toshiba Corporation

TOKYO—Toshiba Corporation has published the English edition of Toshiba Group Cyber Security Report 2024, a summary of Toshiba's cyber security policy, measures and activities in FY2023.

Global society relies on IT that is increasingly subject to cyberattacks that can disrupt and even destroy businesses, and that increasingly targets essential infrastructure and industrial systems. The risk of network hijacking and system shutdowns grows stronger every day and every year. Toshiba Group is responding with strategies that go beyond internal security management to incorporate the philosophy of cyber resilience, the realization of total security for information, products, control systems, and data, including supply chains.

Cyber resilience

As an example of Toshiba Group's measures to achieve cyber resilience, the report looks at efforts to manage and fix vulnerabilities in attack surfaces, and a phishing email drill designed to raise the security awareness among executives.

The attack surface is the totality of different points in IT assets and attack routes that can be exploited in a cyberattack. In recent years, changes in ways of working, most notably telework, have seen IT environments expand, dramatically increasing the attack surface. Along with poor management of remote access devices, this has resulted in increasing numbers of cyberattacks via attack surfaces, making attack surface monitoring and vulnerability management increasingly important.

Toshiba Group promotes risk-based vulnerability management by classifying three levels of cyberattack risk, an approach that provides security personnel with specific guidelines for detailed vulnerability investigations and remediation. The Group protects against increasingly sophisticated cyberattacks by using attack surface intelligence to address vulnerabilities and reduce risk.

Toshiba Group is also aware of the increase in business email compromise (BEC) attacks. In this cyber fraud, the attacker impersonates a specific person and exchanges several emails with the target to convince them they are legitimate, with the goal of tricking the target into transferring money or divulging sensitive information.

Toshiba Group has received cleverly worded phishing emails that can slip through email filters, and is aware that it could sustain substantial damage if an executive were to be tricked by a BEC attack. The Group's response is phishing drills for executives, and in FY2023 it conducted a drill that involved 215 executives and managers in Japan and overseas. It also enhances overall awareness of the need for security by providing management and employees, and supply chain partners, with a comprehensive program of training sessions, awareness-raising events, and seminars.

Toshiba Group will continue to fulfill its responsibilities in cyber security. It will ensure that stakeholders are informed of its initiatives by publishing detailed reports on policies, strategies, and specific measures for promoting security, both on its website and in the cyber security report.

■Toshiba Group Cyber Security Report 2024 is available here:
https://www.global.toshiba/ww/cybersecurity/corporate/report.html

■Toshiba Group's Cyber Security Website
https://www.global.toshiba/ww/cybersecurity/corporate.html