DNP Launches Cyber Security Package for Financial Institutions
Bundles hardware, software and cyber skills training
Dai Nippon Printing Co., Ltd (DNP) is pleased to announce the September 15 launch of a cyber-security package that bundles together hardware, software and training designed to improve the cyber security skills demanded by financial institutions.
Recent years have seen a sharp increase in cyber-attacks on companies and organizations in Japan. In concrete terms, this refers to the implanting of malware* on websites with security vulnerabilities that infect all users viewing the site, and unauthorized money transfers in internet banking. And this trend has led to concerns about active cyber-attacks designed to disrupt the social order, and those targeting important infrastructure.
It was against this backdrop that in December 2015 the Ministry of Economy, Trade and Industry (METI) drew up the Cyber-security Management Guidelines, amid expectations that corporate managers would exert leadership and promote cyber security measures. At the same time, in July 2015, the Financial Services Agency (FSA) released Policy Approaches to Strengthen Cyber Security in the Financial Sector, in which the Agency requires awareness of the importance of cyber-security management of groups including management, as a result of which, it is anticipated that security awareness will be further heightened at financial institution management.
Referencing developments in cyber-attack techniques at financial institutions in recent years, DNP will commence offering a bundled menu of three selected services as cyber security steps required of financial institution. Each service is designed to have an immediate effect.
*Malware is a malicious software created with the intent of causing illegal or harmful action.
1, Website cyber-attack package
A comprehensive service focused on illegal access to websites, which has caused increased damage in recent years, while also tackling web site tampering and Distributed Denial of Service (DDoS) attacks, which refers to attempts to make online services unavailable by overwhelming them with traffic from multiple sources.
- Illegal access countermeasures: web vulnerability diagnostic service
- DDoS attack countermeasures: Cloud-based Web Application Firewall (WAF)
- Website anti-tampering measures: Web-tampering detection service
- Pricing: From 5.0 million yen
2, Targeted attack, non-specific attack and ransomware*-based attack countermeasures
A package designed to counter attacks on in-house networks that also need guarding in a similar manner to websites. A comprehensive service focuses on malware-driven attacks that are difficult to detect with currently available anti-virus software.
- Entrance/exit measures: A next generation firewall that detects and shuts down malware access from external networks and communications with external servers.
- Human measures: Education and training to allow employees to take appropriate measures when they receive and open e-mails with pseudo random malware attachments. This will lead to a reduction in cases where employees download illegal software to their computers.
- Endpoint measures: Traps, the latest in anti-malware software, designed to detect and shut down illegal malware operations against the possibility that such malware bypasses the WAF, and is downloaded by company employees.
- Pricing: From 38.0 million yen
*Ransomware is an illegal program that prevents users from accessing their system, by locking the system or encrypting user files until a ransom is paid.
3, Educational and Training Practice Package
A service offering training for managers, training practice for Computer Security Incident Response Team (CSIRT)* staff and comprehensive education for general staff.
- Creation of CSIRT, and CSIRT skills strengthening practice: Action Manual Development assistance against incidents, necessary when creating CSIRT. Tame Range is an Israeli training system that boasts world leading cyber security technology. And the DNP educational and training practice package helps train technology experts using Tame Range practical exercises.
- Manager training: Training to develop the necessary data security awareness for managers, via onsite training conducted by specialist consultant contractors, or group training at DNP.
- Training for general staff: Onsite training conducted by specialist consultant contractors, or via provision of e-learning teaching materials.
- Pricing: From 10.0 million yen
* CSIRT is the acronym for Computer Security Incident Response Team, an organization that monitors computers and networks to make sure problems do not arise. In cases where such incidents occur, CSIRT analyzes the causes and investigates the surrounding impact, while also taking other counter measures.
It is considered that in line with the penetration of internet driven open payment services, referred to as Fintech, financial systems will face new risks. As a result, DNP will augment its service lineup of consultant services, including offering definitions of the information to be protected, risk assessments, and countermeasures.
The Company aims for adoptions by 30 financial institutions, and sales of 2.0 billion yen over the next three years.