Last updated : February 24, 2021
With a full-fledged digital society, risks and opportunities by digitalization are emerging. Against this backdrop, the role of security is expanding. It is no longer simply a defensive measure that protects information assets and gives rise to expenses. Security is also a target for strategic investments aimed at transforming and growing businesses and forming new markets.
As a global ICT corporate group that believes in the potential of digital society, NTT Group is committed to contributing to global cyber-resilience. Further, we will proactively help realize cybersecurity worldwide by providing cybersecure ICT services.
➡ It has become necessary to steadily pursue digital businesses through the protection of information assets and the securing of safe ICT platforms.
➡ Due to the importance of cyber-resilience, companies are expected to take security measures, while companies in the ICT industry are expected to strengthen the security of their own products and solutions as well as the security of society overall.
Relevant Laws, Regulations, and Global Trends
Digital society remains in its initial phase, while cybersecurity is in its infancy. Precisely because cybersecurity is in its infancy, rather than wait for the industry to take shape, NTT Group will be in the vanguard of efforts to take the initiative and create the industry.
As the socio-economy digitalizes and the international situation changes, cyberattacks and other security threats are becoming increasingly advanced and serious. In such conditions, NTT Group’s responsibility is to protect the infrastructure of ICT services as well as clients’ information assets and to provide sound platforms with a view to the growth of the digital economy.
In accordance with the medium-term management strategy, NTT Group has defined its mission as supporting the infrastructure of the digital economy and contributing to the construction and development of free, open, and safe ICT platforms. NTT Group must realize its own digital transformation and those of clients in a reliable, safe manner. Moreover, these capabilities should be the reason why NTT Group is the first choice of clients. In other words, our vision is for clients to choose us because we offer security.
Moreover, these capabilities should be the reason why NTT Group is the first choice of clients. In other words, our vision is for clients to choose us because we offer security.
The impact of COVID-19 shows no signs of abating. Although socio-economic activity is beginning to return to previous levels in countries around the world, including Japan, we expect remote working and online activity to increase beyond past levels. This situation represents a new challenge for NTT Group, which provides telecommunications and IT systems. Security will also become an increasingly important issue in the post-COVID world. Realizing our vision for the future will necessitate security across all activities, including customer response, research and development, operations, finance, human resources, and other administrative areas. We are pursuing initiatives aimed at ensuring NTT is considered the number one company in terms of security.
NTT Group will become the enabler both of its own digital transformation and those of clients.
The Group will be the first choice of clients because it ensures security.
Provision of Comprehensive Security Solutions Based on Development and Verification that Leverage Business Scale
Early Detection of and Rapid Responses to
Development of a Security Workforce with
Cooperation with Stakeholders Aimed at Leading the Dissemination of Knowledge and at Developing a Digital Society
We will demonstrate leadership with a view to the sound development of an international digital society and prepare the groundwork for expansion of the ICT services market. At the same time, we will move forward with the rollout of security solutions that leverage advanced technologies and personnel.
We aim to provide safe and secure ICT services, which are an integral part of society's infrastructure and underpin the digitalization of the socio-economy. Therefore, we are strengthening the security of all our services, including our telecommunications equipment, IT service environments, and services related to smart cities and buildings.
Given the integration of our global businesses, we are also advancing global coordination with respect to security. To facilitate coordination within NTT Group, which spans a variety of different businesses and regions, the Group has introduced a risk-based management approach, built a framework founded on the recommendations of the U.S. National Institute of Standards and Technology, and established common Group standards for identification, protection, detection, responses, and recovery.
Centered on the United States and Europe, we participate in government and industry initiatives aimed at strengthening cybersecurity and share information on security threats and best practice. Also, we are working with companies and organizations to form communities based on mutual trust.
Participation in communities in Japan and overseas for the sharing of information on cyberthreats and best practice
Establishment with ICT companies worldwide of CSDE,*3 an international council for the realization of a secure digital economy
In three countries and regions worldwide, coordination with bodies that conduct collaborative efforts aimed at sharing information on and neutralizing cyber-crime
We aim to increase the quality and number of security personnel. In these efforts, Group companies are advancing personnel development measures designed for respective personnel categories and skill level. The rise in cybersecurity threats attendant on the holding of international events necessitates even more countermeasures. Therefore, we are strengthening our security monitoring capabilities and stepping up personnel development.
Thanks to these initiatives, we had approximately 47,000 certified cybersecurity personnel as of March 31, 2019. Of these personnel, 3,500 have become certified as advanced and intermediate cybersecurity personnel by acquiring additional knowledge and practical work experience. Thus, we believe that we have the capabilities to respond as needed when major events are held.
*You can scroll horizontally
|Title||Security management consulting / Security operation / Security development|
|Level||Advanced||Security master / Security principal||Produce first-rate experts with best performance in the industry|
|Intermediate||Security professional||Reinforce the pool of specialists with deep experience and judgment|
|Beginner||Security expert||Raise the level of workers who can do their work with the required knowledge|
As well as the development of technologies for the security of our services, we are focusing efforts on the development of security element technologies. Further, in Palo Alto in the United States, in 2019, we established a new global research center, where pioneering, world-class researchers are tackling projects focused on cybersecurity and encryption technologies. We have also established the IOWN Global Forum, Inc. to facilitate our collaboration with industry-leading companies to formulate security architecture for next-generation communication infrastructures.
The Group CISO Committee leads the construction of a governance system that coordinates the activities of Group companies. In the fiscal year ended March 31, 2020, the Group CISO Committee convened three times, while the Information Security Liaison Meeting met twice. In addition, systems have been put in place for dialogue with the senior management team, which receives regular reports on trends in external threats related to security at the Executive Officers Meeting. Also, management receives timely reports when security incidents occur.
Further, in 2004 we have already established NTT-CERT as an organization for responding to security incidents. NTT-CERT functions as the core of NTT Group’s security efforts and belongs to a Group research center specializing in cybersecurity. Because it can take full advantage of the center’s knowledge, the organization has outstanding technological expertise at its disposal. Moreover, the organization has built networks with cybersecurity organizations in regions worldwide, affording it rapid access to information on global trends and new threats. NTT-CERT informs NTT Group companies about such information, thereby strengthening the security of NTT Group and its clients.
As cyberattacks grow increasingly ingenious in their methods and affect more people, we are having to adopt the attacker’s perspective in order to strengthen our ability to deal with the attacks. Although recent cyberattacks have not displayed particularly novel technologies, they have become increasingly diverse and ingenious in their methodology and thus more difficult to detect by attempting to infiltrate Group companies and affiliates whose cybersecurity measures are weak and by pretending to represent actual commercial transactions.
Against the backdrop of increasingly unstable world affairs, concerns are growing about cyberattacks stepping up their targets from IT systems to important infrastructure and moving on from economic benefit to the pursuit of political gains.
To minimize the damage from cyberattacks under these circumstances, it is important to adopt the attacker’s mindset and anticipate how and why they will perpetrate an attack.
Understanding the need to augment security measures to protect important Company assets and step up our ability to minimize damage, we are cultivating verification teams with white hacker expertise. They probe our systems and address systematic vulnerabilities from a cyberattacker’s perspective, helping to make our security measures more visible and improve them.
The ability to respond to recent-day cyberattacks appropriately requires an operational engineer’s technical knowledge. Also, it requires the experience to act appropriately and make decisions swiftly. People responding to cyberattacks must also be appropriately armed with the leading-edge information about cyberattacks, and maintain their ability to judge situations.
Conventionally, this expertise and knowledge has mostly been gained on the job, as employees familiarized themselves with the technological measures and organizational settings required for cyberattacks.
Efficiently training personnel to act of their own accord required time and an appropriate atmosphere.
To address this issue, we have developed a training environment that provides a framework for virtually recreating an actual cyberattack experience, with conditions that emulate an actual attack, and helping employees learn technological and organizational responses. In this way, in addition to employees who have the on-the-job experience that equips them with knowledge about the most recent cyberattack methods, we can help operations engineers who have relatively little experience increase their skills and strengthen their response capabilities.
In the fiscal year ended March 31, 2020, we provided an environment in which all of our approximately 42,000 certified personnel can undergo Web-based cybersecurity training about case studies of recent cyberattacks and incidents. As all employees may become responsible for cybersecurity strategy implementation, we will expand the scope of security education to include all employees as we strive to enhance their security awareness.
We adopt a game-based approach in which each company forms teams of up to four people and competes by answering questions related to cybersecurity within a limited amount of time. After the close of the contest, we distribute videos showing explanations of the questions, which was highly effective as a learning tool.
Due to the impact of COVID-19, this fiscal year represented our first online contest, which was attended by 153 people, comprising 50 teams from 12 companies. Through this contest, we expect to increase knowledge and drive up an interest in cybersecurity. By making participation anonymous and entry easy, we aim to continue working to increase interest in security even among employees who do not currently work in that area.
We systematize the learning of knowledge and skills required for beginner- and intermediate-level certification, and have built up a catalog of commercially available training programs and made it available to Group companies.
To establish its top-class industry position in the field of security, NTT Group is enhancing its presence in the area of application security and DevSecOps (an application development and operational model that incorporates security from the outset) through WhiteHat Security, Inc., a U.S. subsidiary.
In the application security field, WhiteHat provides the tools and services necessary to create and operate software safely, and the company has earned high praise in the market. WhiteHat’s application security platform provides an ongoing risk assessment of organizations’ software assets, incorporates security measures, and makes it possible to achieve DevSecOps.
WhiteHat’s forte in the application security field lies in its ability to test for Web applications’ vulnerabilities using software tools and AI. This is combined with expert verification to reduce false positives in the testing results. In general, designing and producing applications without security vulnerabilities is effective at preventing Web systems from the danger of outside attacks.
By taking advantage of WhiteHat’s strengths, we can efficiently confirm whether security has been ensured at each stage of the process, from application production through to operation. In addition to network and endpoint security, we expect to help ensure more secure system environments by also incorporating security response into the content of application design.
As digital transformation diversifies ICT environments, cyberthreats are becoming ever-more sophisticated, boosting demand for zero-trust security measures that assume internal penetration.
NTT Group’s global operating company (NTT Ltd.) continuously develops and introduces cybersecurity measures that support leading-edge digital transformation. These include the advanced detection of cyberthreats through managed security services and immediate responses to threats through managed detection and response. Further, the company offers DevSecOps, which provides both security and the flexible agile development of applications that are important for digital transformation, as well as microsegmentation-enabled security technologies, which determine the lateral movement of threats that have penetrated from outside or inside (including insiders) and realize access control or isolation on a segment or terminal basis.
Also, in response to the increase in cyberthreats to critical infrastructure, factories, plant equipment, and building automation systems, we are rolling out advanced security solutions catering to industrial control systems and IoT that have unique system compositions, specifications, and environments.
By forming specialized teams in regions worldwide, we are able to offer solutions to clients in a wide range of industries. We resolve clients’ security issues by providing services that cover risk assessment and countermeasures based on leading-edge technologies through to managed security services that detect threats in real-time and respond to incidents.
Use of risk assessment to identify issues
and establish countermeasure policies
Use of segmentation and host reinforce‐
ment to reduce the risk of shutdown due
to malware infection or proliferation
Threat detection and incident response
through continuous monitoring
IT is becoming indispensable for businesses. At the same time, regardless of whether their businesses are large or small, all kinds of companies are facing increasing security risks. In particular, many small and medium-sized enterprises lack specialized security personnel. Consequently, some clients are anxious because they feel that their security measures may be inadequate and they do not have anyone to consult with regarding security measures.
Given this situation, NTT Group provides comprehensive security solutions that perform the role of a specialized security manager for clients. Specifically, we provide clients with wide-ranging support that covers everything from normal operations through to the occurrence of incidents. As well as detecting and blocking unauthorized communications, the Group’s services monitor communications status, report on status through the distribution of reports, and support restoration if virus infections occur. Our lineup of services includes Omakase Cyber Mimamori, Omakase Antivirus (NTT East), Security Omakase Plan (NTT West), and Security Support Desk (NTT Communications).
The number of contracts for such omakase-type security services has been growing in recent years. (In Japanese, omakase means “leave it to us.”) Going forward, we will continue creating safe, reliable ICT environments for clients.
Value Creation through Environmental and Social Contributions
- TSE : 9432
NTT NEWS ROOM
Watch the latest news of telecommunication, NTT's R&D, XR services and more.
*Japanese language only
In a virtual space, NTT Group and other companies display their 3D works. Watch the works of Hokusai, Shuri Castle, Minamiza Theater, etc.
*Japanese language only
Application cases on DOOR
Introducing how to use "My Room" and how it actually been utilized by enterprises and individuals.
*Japanese language only