Here we provide an overview of the key characteristics and services of LAC's security business as well as the business performance of the SSS Business Division, which constitutes a reportable segment.
Emergency Response Services
Cyber Emergency Center®: Staffed by experts specializing in incident response
Cyber 119 is an emergency response service for rapidly assisting customers when a security-related emergency occurs. The service is provided by the Cyber Emergency Center, an organization staffed with experts with professional expertise and track records in successfully responding to numerous incidents.
The center provides a response 24 hours a day, 365 days a year. Services encompass every stage from the initial response/incident response to restoration support, assistance in reinforcing countermeasures (including measures to prevent reoccurrence), and follow up. The ability to obtain information on previously unknown cyberattack techniques and virus samples through frontline response activities helps secure and boost LAC's competitive advantage. The center accepts requests for assistance with incidents from any and all companies, not only existing customers, which is an effective catalyst for starting new business relationships.
Support for in-house CSIRTs that draws on an extensive track record
More than ten years have passed since malware (a collective term for malicious code, including viruses, worms, and Trojan horses) began causing damage within company networks. The most common incident the Cyber Emergency Center deals with is malware infection at companies. This trend has remained unchanged over the past several years (as of January 2020).
An example of malware that became famous overnight is the ransomware program Wannacry. It locked victims' computers and demanded payment of a virtual currency ransom in exchange for the unlock password. This cyberattack, which spread around the world, posed a significant risk to company management.
In response to this type of cyber incident, in December 2017 the Ministry of Economy, Trade and Industry formulated and announced the Cybersecurity Management Guidelines*. Establishment of computer security incident response teams (CSIRT) is a countermeasure mentioned in the guidelines, and the development and operation of CSIRTs has progressed, mainly at large corporations.
* From the perspective of protecting companies from cyberattacks, the Guidelines set out "three principles of cybersecurity management" that corporate managers need to recognize and "ten important items of cybersecurity management" that corporate managers should direct the executives in charge (CISOs, etc.) to observe when implementing information security solutions.
The number of Cyber 119 responses peaked around 2015 (fiscal year 2016 to 2017), when a data leak incident occurred at the Japan Pension Fund. The number has since decreased now that large companies have become able to deal with minor incidents in-house thanks to progress with CSIRT formation and operation. As a result, the role of the Cyber Emergency Center is shifting toward dealing with high-level incidents, which are more serious and have widespread impact.
Rapid response to meet endpoint security requirements
As the practice of taking PCs off company premises to work outside of company networks becomes increasingly widespread, cyberattacks targeting so-called endpoints (terminals), mainly client PCs, are on the rise. Countermeasures that presuppose infection with malware are necessary, and services called endpoint detection and response (EDR) offer a solution for rapidly responding after a malware infection.
LAC introduced a service that utilizes Microsoft Defender ATP in 2017 and another that utilizes U.S.-based CrowdStrike's highly competitive product platform in 2019. When an infection has been confirmed the Cyber Emergency Center handles computer isolation and investigation and analysis. In this way, we are able to prevent damage from spreading. We expect increasing demand for this service from large corporations that require solutions for their Group companies or supply chains.
FalconNest: A malware investigation tool
In November 2018, LAC released FalconNest, a tool that enables customers to investigate malware free of charge. FalconNest is effective for companies that have established internal CSIRTs as well as smaller companies with small teams of employees tasked with management and operation of information systems and implementation of cybersecurity measures.
By enabling customers to conduct malware investigations themselves ahead of time, LAC aims to rapidly ascertain the situation and limit the spread of damage when a problem occurs. FalconNest also enables us to further increase added value in the services we provide customers by accumulating a variety of data on previously unknown threats.
The starting point of the cybersecurity business
LAC began assessment services in 1995 as its first cybersecurity business. Through assessment services, we identify vulnerabilities that increase the risk of cyberattacks and implement cyberattack countermeasures by considering various attacks against customers' IT systems from the perspective of cyberattackers and conducting mock attacks.
Web application assessment: The core assessment business
Web application assessment accounts for a large proportion of LAC's assessment services sales. This is because websites linked to corporate servers are likely to be used as routes of entry for cyberattacks. Due to a sharp rise in website tampering and other cyberattack damage, the need for a service for discovering vulnerabilities in development software used on websites and in web applications is increasing year by year.
A key characteristic of LAC's business is that we don't simply perform assessments using tools provided by vendors. Rather, security engineers known as "white hat hackers" perform advanced assessments utilizing expertise accumulated within LAC over many years. A key feature of our business is that we are able to provide highly advanced assessments by reflecting in the service up-to-date threat information and frontline information obtained from other services.
Extensive service lineup
Against a backdrop of increasingly sophisticated and malicious cyberattacks, we have responded with services focused specifically on measures to counter the expanding malware threat, such as IT security inoculation, involving the provision of training in how to respond to targeted attack emails, and the APT preemptive strike service, which assesses the effectiveness of countermeasures based on the premise of a malware infection within the customer's LAN.
We also provide smartphone application analysis and an IoT security analysis service in accordance with our customers' business environments. Furthermore, we provide the penetration test service, our top-of-the-line service by which we actually penetrate a customer's system through all entry routes and confirm whether data can be obtained for the purpose of verifying the effectiveness of security measures.
At the same time, in view of the increasing speed of service development and provision by customers, we are also proceeding with an insourcing support service to enable customers to perform certain vulnerability assessments internally using simple tools.
Business seasonality (concentration in the fourth quarter)
Demand for platform assessment, which involves assessing the safety of web applications and servers and network equipment, is concentrated ahead of customers' new service launches beginning in April, and engineer utilization also increases at that time. For this reason, the assessment services business is seasonal, and sales and profit are concentrated in the fourth quarter of the fiscal year. Conversely, demand tends to fall off in the first quarter.