IPA (Information-technology Promotion Agency, Japan) publishes "10 Major Threats to Information Security" every year, which lists the top 10 cases in information security that are considered to have had a large impact on society.

The latest version of "Information Security 10 Major Threats 2020" has the following results.

* Each threat is ranked from different positions of "individual" and "organization", and 10 major threats are determined for each position.

Information Security 10 Major Threats: Individuals

　　　() Indicates last year's ranking

　　1st place: Unauthorized use of smartphone payment (NEW)

　　2nd place: Fraud of personal information by phishing (2nd place)

　　3rd place: Unauthorized use of credit card information (1st place)

　　4th place: Unauthorized use of Internet banking (7th place)

　　5th place: Money request by intimidation / fraud method using e-mail or SMS (4th place)

　　6th place: Damage to smartphone users due to unauthorized applications (3rd place)

　　7th place: slander, slander, hoax on the net (5th place)

　　8th place: Unauthorized login to services on the Internet (8th place)

　　9th place: Internet fraud due to false warning (6th place)

　　10th place: Stealing personal information from services on the Internet (12th place)

Top 10 Information Security Threats: Enterprises

　　　() Indicates last year's ranking

　　1st place: Theft of confidential information by targeted attacks (1st place)

　　2nd place: Information leakage due to internal fraud (5th place)

　　3rd place: Money damage caused by business email fraud (2nd place)

　　4th place: Attack that exploits weaknesses in the supply chain (4th place)

　　5th place: Damage caused by ransomware (3rd place)

　　6th place: Business suspension due to unexpected IT infrastructure failure (16th place)

　　7th place: Information leakage due to carelessness (comply with the rules) (10th place)

　　8th place: Stealing personal information from services on the Internet (7th place)

　　9th place: Unauthorized use of IoT devices (8th place)

　　10th place: Service suspension due to denial of service attack (6th place)

"Theft of confidential information by targeted attacks" ranked first for the fifth consecutive year

“Theft of confidential information through targeted attacks” ranked first among corporate threats, and has been ranked number one for five consecutive years since the “10 Major Threats to Information Security 2016”.

There are three main attack methods as follows.

Open email attachments and links

Opening (clicking) an attachment or link in an email sent by an attacker will infect your PC with a virus (malicious software). The sender, subject, and text may be disguised as if they were business-related.

Website tampering

This is a method of tampering with a virus (malicious software) on a website that is often visited by a target organization (company / group) by a so-called watering hole attack.

Unauthorized access

It exploits vulnerabilities in cloud services and WEB servers used by target organizations (companies / organizations) to steal information and invade internal networks.

Countermeasures against cyber attacks

In addition to targeted attacks, cyber attacks targeting companies are also ranked in.

Ransomware is 5th and business email fraud is 3rd. In addition, attack methods such as the malware "Emotet", whose damage reports have been increasing rapidly recently, are becoming more diverse and sophisticated.

For cyber attacks targeting corporate information and funds, we will actively collect and disseminate the latest attack method information, etc., and provide security education to employees such as not opening attachments and URLs carelessly. Measures such as taking measures are very important.