<Survey of security measures taken by teleworking organizations that faced incidents in 2020>
More than 80% of security incidents are caused by web access and email
100% of organizations that have implemented telework are willing to continue teleworking despite experiencing incidents.
- As telework becomes permanent, taking measures to prevent attacks via e-mail and the web is of utmost importance -

Information security solution provider Digital Arts Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Toshio Dogu; hereinafter referred to as “Digital Arts”; Code 2326) conducted a "survey on the awareness of security measures for organizations introducing or considering the introduction of telework" targeting 1,065 IT systems and information security personnel in private companies and government agencies nationwide.

The introduction of telework has advanced rapidly due to the spread of COVID-19, however, at the same time, cyber attacks targeting telework environments with inadequate security measures have also increased. Given this, Digital Arts conducted a survey on the occurrence of security incidents (incidents that pose security threats, "incidents"), awareness of security measures, and the current implementation status of these measures by organizations utilizing telework. The survey targets organizations that are well aware of their incident(s), are involved in decision-making on information security measures, and experienced incidents between January and December 2020.

More than 80% of security incidents are caused by web access and email, including phishing emails and access to unsafe websites

A survey of 1,065 IT systems and information security personnel from private companies and government agencies nationwide on what types of incidents occurred in their organizations in 2020 showed that more than 80% of incidents were caused by web access and email. While internal fraud, such as the taking of trade secrets by former employees, has recently been a hot topic, it's become clear that there are still more incidents of external attacks than internal ones.

Security Incident Breakdown
Phishing emails	695	Denial of Service (Dos/DDos) attacks	179
Business email scams	534	Information leakage due to internal fraud (e.g. staff leaving with information)	177
Accessing unsafe websites	395	Infection from malware such as Emotet	124
Unintentional information leaks such as mistaken emails destinations	380	Attacks that exploit weaknesses in the supply chain	98
Targeted attacks	345	Fake company websites	81
Infection from ransomware	309	Other	17

• * When 1,065 respondents were asked about incidents that occurred in their organizations in 2020, the number of incidents totaled 3,334. Of those, a total of 2,782 incidents, or 83.4%, were thought to be caused by receiving unsafe emails or accessing to unsafe websites.

Of the 1,065 respondents, 695 (65.3%) reported receiving "phishing emails," and 534 (50.1%) reported receiving "business email scams," indicating that more than half of the surveyed organizations experienced email incidents in these top two categories. In addition to "phishing emails," "business email scams," and "accessing unsafe websites," the top ranked incidents such as targeted attacks and infection from ransomware, were also caused by emails targeting organizations, phishing emails, and access to fraudulent websites.

Even among the organizations that experienced such incidents, more than 80% answered that their risk management system and CSIRT, a specialized team for handling cyber security incidents, were generally functioning well, indicating a high level of risk awareness.

These organizations considered information security measures a "critical issue," but only 54.6%, just over half of the organizations, considered it an arguably more important "management issue," despite having already experienced cyber incidents.

100% of organizations implementing telework intend to continue. Is telework here to stay? Focus on exit control and internal security

Of the organizations implementing telework, 60% are implementing it "company-wide," 23.9% are implementing it "for the majority," and 16.1% are implementing it "only in some departments," indicating that telework has been widely adopted. As for their intention to continue telework, 75.4% of organizations plan to continue, and 24.6% expect to continue but are undecided. It indicates that organizations already implementing telework is expected to continue permanently.

In telework environments, connecting to internal networks and internal file servers is required, and VPN (Virtual Private Network) and Remote Desktop (operating internal computers from remote locations) are often used. About 90% of the respondents answered that internal rules such as management of computers taken off premises are "thorough." However, about half of the respondents answered that security measures and connections to internal networks and file servers are "lacking." The top priority areas for security measures when utilizing telework are devices and servers, employee security education, and rule making, with the majority of respondents saying they have already taken these measures. Major endpoint measures are generally covered by more than 50% of the organizations, with anti-virus, personal information (files), and email being the most important areas.

Over 70% of respondents showed interest in considering the popular security measures "Zero Trust," "SWG," and "SASE"

When surveyed about "Zero Trust," a security measure based on the concept of not trusting anything that is gaining popularity, "SWG (Secure Web Gateway)," a cloud service that integrates web security management functions, and "SASE," which provides both network security functions and WAN functions, it was found that more than 70% of respondents are considering them and are highly interested in them.

More than 70% of all respondents are considering measures based on Zero Trust. It was also found that more than 80% of respondents are considering SWG, and more than half (57.9%) of the organizations with more than 5,000 employees have already implemented it. SASE, one of the latest security frameworks, is also being considered by more than 70% of respondents. However, about 50% of SMEs with 199 or fewer employees are "not aware" or "don't know" about Zero Trust or SASE, indicating that awareness and understanding of these issues is not growing enough.

	Measures have been implemented	Budget has been acquired	Measures are being considered and looked into.	No plans of considering	Unsure
Zero Trust	21.0%	32.2%	23.3%	17.7%	5.8%
SWG	42.7%	25.4%	19.8%	6.9%	5.1%
SASE	21.6%	22.1%	28.9%	15.7%	11.7%

Incidents caused by external attacks occurs regardless of the size of the organization. Security measures for entry points such as web access and email become increasingly important

From the results of this survey, it was found that the incidents experienced by organizations implementing telework in 2020 were external attacks originating from web access and email, and that the organizations encountered incidents regardless of their size. These organizations consider security measures an important issue and are not neglecting them, emphasizing measures such as Zero Trust and other security measures that do not rely on traditional perimeter model. However, it was also seen that many organizations place high priority on human resource measures, such as building security rules for employee off-site devices and security education.

While most of the incidents are caused by email and web access, the reason why measures for devices and human resources are prioritized over other security measures is thought to be that the sophistication of cyber attacks has made it difficult for systems to secure entrance control, so the emphasis has shifted to internal security and exit control after an intrusion has occurred. However, as was seen, most intrusion routes are still web access and email.

The surveyed organizations implementing telework were aware of the security risks, but were positive about continuing telework. In post-pandemic Japan, work styles, with telework as the base, will continue to diversify into the future. With the diversification of work styles, there is a limit to human resource measures such as device management and employee morale, and it will once again be paramount that entrance controls tailored to major attack methods that use web access and email -the cause of most incidents - be implemented.

Based on the trend of increasing incidents targeting private companies and government agencies seen in our regular information security surveys, we have become determined to contribute to the reduction of incidents by raising awareness of the need to prevent information leaks that could shake the very foundations of organizations' business. As an information security solutions provider, we will continue to provide a variety of information through the results of our nation-wide surveys.

Survey Summary
Survey target	Information security personnel from private companies and government agencies nationwide - Understand the security incidents of their own organizations and be involved in decision-making on information security measures - Must be an organization that has experienced a security incident of some kind in 2020
Implementation period	April 16, 2021 (Friday) - April 21, 2021 (Wednesday)
Survey method	Internet survey
Number of valid responses	Sample size: 1,065
Inspecting agency	Cross marketing