April 24, 2019
Digital Arts Inc.
Fact-finding survey on implementation and awareness of measures against targeted attacks at workplaces
A fact-finding survey was conducted with information systems administrators and employees in Japan.
Around 50% of administrators answered that training against targeted e-mail attacks resulted in an increase in the time it took to open e-mails or web pages, negatively affecting business productivity.
There is an increased need for security measures that allow administrators and employees to freely browse e-mails and the web without worry.
Information security solution provider Digital Arts Inc. (headquartered in Chiyoda-ku, Tokyo, Japan, CEO: Toshio Dogu, hereinafter referred to as "Digital Arts," Code 2326) has conducted a fact-finding survey regarding awareness of targeted attacks at workplaces with 330 administrators and 1,105 employees responding.
In recent years, attacks targeting specific businesses and organizations, particularly via e-mail, are on the rise, and in 2018, Japan’s National Police Agency noted that the number of cyber-attacks was the highest ever recorded, and that the threat against institutions is continuing to grow. In this situation, for businesses one of the main measures being taken against these kinds of attacks is training against targeted attack e-mails. Digital Arts has listened to information systems administrators and employees regarding the status of implementation and overall awareness of these measures.
In this survey, 59.1% of administrators said that they are experiencing issues with their company’s web and e-mail, and of those, 73.8% answered that they have given up on finding a solution. It is estimated that because security measures such as multilayered protection solutions are being implemented but are not solving the issues, there is a shift toward raising employees’ security awareness in the form of targeted attack e-mail training.
71.8% of companies are implementing some form of training as a measure against targeted attack e-mails. Both information systems administrators and employees responded that employee education and training within the company was more effective than the implemented product, and that the accumulated trainees’ knowledge was beneficial. This shows that employee training, including targeted attack e-mail training, is providing measurable results.
At the same time, 30.8% of system administrators responded that the training e-mail results affected their employee assessment. Because of this, around 50% felt that the time it took to confirm the safety of and open a single e-mail with a single URL was getting longer compared to before, and 80% of those felt that it was taking around twice or 3 times as long. This is estimated to be because the results are inversely proportional to how thorough the training is, and this can be seen to be negatively affecting business productivity. Also, 21.0% of employees and nearly a third of administrators have experienced opening either a training e-mail or questionable e-mail without realizing, and this is estimated to be because companies are not taking measures such as conducting training or issuing warnings (or there is no awareness of these) which are leaving these problems to go unnoticed.
- Web and E-mail Situation
- 59.1% of information systems administrators are experiencing issues with their companies’ web and e-mail situation, and of those 73.8% have given up on finding a solution.
- Targeted attack e-mail training
- 71.8% of companies and organizations have implemented targeted attack e-mail training as a measure against targeted attacks.
- More than half of both information systems administrators and employees believe in-company training is more effective, and responded that the training is "beneficial in that it is accumulating trainees’ knowledge." Half of the system administrators feel that the implementation of the product has been effective.
- In cases where an employee opened a targeted attack e-mail, around half of administrators impose some sort of follow up training or issue a warning to the employee, and among those 30.8% responded that the result affects their employee assessments.
- At the same time, 32.7% of employees were not aware of how their company would respond in the case of a targeted attack e-mail being opened.
- 21.0% of employees have experienced opening a training e-mail or other unknown e-mail, however many have not undergone training or received any warnings, and there is the possibility that many may have opened these e-mails without realizing what they were.
- Of those who responded that the time it took to confirm whether an e-mail was safe became longer after implementing targeted attack e-mail measures, around 70-80% of administrators and more than 80% of employees responded that it was taking twice or 3 times as longer.
- Distinguishing suspicious web pages and e-mails
- For 60% of respondents, the sender’s e-mail address and the e-mail subject were the factors examined in determining if an e-mail is suspicious.
- 60-70% of respondents determined that they look at the domain to judge whether a URL or web page was suspicious.
- Around half of the system administrators used information from co-workers and others.
- Regarding the response taken when a suspicious URL or web page was opened, similar to targeted attack e-mail training, around half of the system administrators take some action with the offending employee, such as providing education or issuing a warning. Meanwhile, 80% of regular employees in this case answered "Nothing in particular/I don’t know," highlighting a gap between the understanding of administrators and regular employees.
Survey subjects: Employees aged 20+ from around Japan
Survey term: Mar. 28 (Thu.) – Apr. 1 (Mon.), 2019
Survey method: Internet survey
Number of valid responses: 1,435 samples (IT systems administrators: 330 samples, Regular employees: 1,105 samples)
Survey engine: Fastask
The trend for this survey’s results is that overall targeted attack e-mail training is being implemented, and both on administrator side and the employee side measurable results are being seen. However, there is a divergence in responses between administrators and regular employees about opening training e-mails, as it seems clear that many employees are not even aware that there is any training going on, and that there is a need to re-examine education and information sharing in this area. Also, implementing a wide variety of security solution products means that measures are in place, but IT system administrators still consider there to be many issues with these measures. Thus, there is a need to continue making plans to educate individual employees to raise security awareness. With this in mind, going forward from a business efficiency point of view, there is a clear need to have a way for employees to browse the web and e-mails without worrying about security threats, via a product-based solution.
At Digital Arts, seeing that the threat from targeted e-mail attacks targeting business and organizations is increasing, through regular IT security-related surveys and by continuing to call attention to stopping confidential information leaks that could shake the foundation of companies, we aim to contribute to reducing security-related incidents. Going forward, we plan to continue to share the variety of information that comes from the results of our Japan-wide surveys.
- Digital Arts
Digital Arts is an information security manufacturer that deals with the provision of security software such as those for the web, mail, and files.
We are at a leading company for presenting Japanese web filtering software to the world for the first time at the dawn of the internet in 1998, and based on the knowledge we have gained we present cutting-edge information security products that implement measures against cyberattacks such as information leaks and targeted attacks.
While making use of our strength as a domestic manufacturer, we consistently provide every phase from product planning through development, sales, and support. Our web filtering database, which is the greatest level in Japan for supporting the foundation of products, and our technological strength, with patents acquired in 27 countries and areas of the world, are highly regarded. Our record of over 95% contract renewal rate is the proof of our high customer satisfaction.
Our product lineup, centered on the web security software "i-FILTER" that has over 50% market share in Japan, includes "i-Filter" for individuals and households, the email security software "m-FILTER," and the file encryption and tracking solution "FinalCode," so we can provide web security measures for the web, mail, and files in one stop.
Under the concept of "contributing to a more convenient, more comfortable, and safer internet life," Digital Arts continues to grow as a company that is listed on the First Section of the Tokyo Stock Exchange and that is trusted by all stakeholders.https://www.daj.jp