TOKYO - Toshiba Corporation (TOKYO: 6502) has published the English edition of Toshiba Group Cyber Security Report 2022, a summary of Toshiba's cyber security policy, measures and activities in FY2021.
As digitization advances in industry and society, cyberattacks are increasingly targeting social infrastructure control systems and devices, raising the risk of equipment hijackings and forced shutdowns. In these circumstances, Toshiba
Group has taken on the mission of providing society and its customers with enhanced support, and helping to realize a circular, carbon-neutral economy through digitization. In meeting these challenges, Toshiba Group is enhancing the security of its in-house information and production systems, and the products, systems, and services it offers to customers.
Toward realizing total security of information, products, control systems, and data across the supply chain, Toshiba Group is implementing strategies that incorporate the concept of cyber resilience: the ability to minimize and quickly recover from security incidents, including cyberattacks. This concept centers on preparing for cyber security incidents (P), mitigating losses during incidents (M), and reducing the response and recovery time.
This year's report details Toshiba's three key measures for realizing cyber resilience: Governance that clarifies decision-making and command systems; Security Operations that monitor, detect, respond, restore and defend and Human Resources Development that trains the people needed to develop and operate security systems.
In Governance, Toshiba Group is promoting consistent security measures, thereby facilitating early detection of and response to cyber security incidents. As part of surveys of the systems and networks shared with partner companies, Toshiba Group regularly performs security assessments to determine whether all the security measures stipulated in its in-house regulations are in place. In addition, some Toshiba Group companies are using techniques to quantify and visualize cyber security risk in the assessment and selection of partner companies.
In Security Operations, Toshiba Group is implementing an initiative to minimize the impact of security risks on corporate activities by promoting the automation of prediction and detection, response and recovery, and the use of cyber threat intelligence(1).
In Human Resources Development, Toshiba Group promotes e-learning programs that ensure that security personnel learn the importance of supply chain security according to their defined roles. In addition to training programs designed to develop specialists and highly skilled personnel capable of handling security vulnerabilities and incidents, Toshiba Group is enhancing its product security educational programs for managers responsible for improving security quality during product development. Furthermore, Toshiba Group offers training programs designed to promote the use of the acquired knowledge and skills in daily work, as well as a security contest for employees that aims to introduce, spread, and strengthen security practices.
As a data service provider, Toshiba Group is promoting an initiative for privacy governance. Public demand for privacy protection is growing as the utilization of personal data expands. Prior to the launch of a business that uses personal data, Toshiba Group has established a system and rules for identifying and evaluating privacy risks. Minimizing privacy risks is crucial for using personal data for business purposes. Toshiba Group is educating its employees on privacy protection in order to raise their awareness.
Toshiba Group will continue to fulfill its responsibilities in this crucial area, and ensure that stakeholders understand its thinking, strategies, and specific measures to enhance security, by issuing regular website updates, and the annual cyber security report.