As IT infrastructure grows more mature, the prevalence of cyberattacks and virus infections is growing sharply around the world. The Global Risks Report 2018, announced in January 2018 by the World Economic Forum (WEF), recognizes cyber risks as posing a level of threat similar to abnormal weather and natural disasters.
In addition to the conventional risks facing the automotive industry, such as leaks of confidential information and infections by computer viruses, a number of other risks are emerging as society grows more “connected” through advances in such areas as autonomous driving and the Internet of Things (IoT). As a result, enhancing cyber security has grown essential.
Against this backdrop, in 2016 we formulated the DENSO Group Basic Principles of Information Security, under which we are working to protect information and reinforce management.
DENSO Group Basic Principles of Information Security
The DENSO Group has adopted “contributing to a better world by creating value together with a vision for the future” as its corporate philosophy. Guided by this philosophy, the Group is engaging in business activities to deliver the joy of driving and the convenience of vehicles to people around the world with the aim of preserving the global environment and realizing a safe and secure society.
In the field of information security, where safety and security are vital, the number of new risks, in addition to existing ones, are rising on a daily basis, including increasingly sophisticated and cunning cyberattacks on the Group’s products and factories.
Amid an accelerating shift toward a “more connected society” with the emergence of innovations such as automatic driving and IoT, the Group recognizes the delivery of secure, highly reliable products to customers around the world as well as the protection of customers’ information assets from various threats as the most important issues for its management.
As such, the Group has established its basic principles of information security and is working Groupwide to further strengthen information security efforts under the guidance of the chief information security officer (CISO).
We will strictly adhere to law and government policies related to information security as well as other social norms.
We will establish management systems for information security under the guidance of our top management.
We will identify risks related to information security and implement appropriate personal, systematic, and technological efforts to counter these risks.
We will continuously conduct educational and enlightenment activities related to information security.
We will promptly investigate any incidents that arise concerning information security and make concerted efforts to minimize damage and prevent reoccurrences.
We will carry out inspections of our management systems and initiatives related to information security and work to continuously improve and revise these systems and initiatives.
DENSO approaches information security activities from both a product perspective and a corporate perspective.
By connecting society, we expect automobiles to contribute significantly to improvements in convenience and comfort.
At the same time, this connectedness poses the threat of cyber risks, such as cyberattacks and viruses.
DENSO is positioning autonomous driving and connected cars as fields of focus, and we are developing integrated platforms to support them.
To succeed in building these platforms, above all they must be safe. By providing products that are safe from the perspective of information security, we will contribute to a mobile society that is safe and provides peace of mind.
DENSO is promoting IoT, using networks to connect its factories and Group companies. Although we expect this approach to make development and production more efficient, it also entails risks. For instance, a virus infection at a factory could propagate instantaneously across all Group companies. To prevent such occurrences, we are adopting information security measures in our internal networks and factories, ensuring our ability to provide a steady supply of products.
By meeting one of our corporate social responsibilities, the thorough implementation of information security measures, we are protecting DENSO’s information assets.
Led by the chief information security officer (CISO), we have established a specialized department at DENSO’s headquarters to manage information security.
Similarly, we have set up specialized frameworks in six regions around the world.
We have also assigned a person responsible for information security in every DENSO department and at every Group company, working to promote information security activities throughout the DENSO Group.
Response to Cyberattack Risks
As specific product-related activities, we are developing products to prevent on-board products in such areas as connected and advanced driver assistance and automated driving from cyberattacks. We are also building a proprietary framework to ensure that products are mounted securely.
Furthermore, at our factories we engage in thorough information management and operation to prevent production stoppages. At the same time, we are developing other defense measures that logically separate our network and the outside in order to block cyberattacks.
As outlined above, DENSO is promoting and reinforcing a host of information security activities. However, defending ourselves from 100% of threats is not easy, as new types of cyberattacks and unknown viruses emerge on a daily basis.
As part of our product- and corporate-oriented measures for addressing new types of risk and unknown risk, we monitor networks and equipment to detect abnormalities. When abnormalities are detected, we enact measures to swiftly quarantine the affected area.
Enhancing Employee Awareness
We recognize that employee awareness is the most important aspect of promoting information security measures. For example, DENSO regularly conducts drills and training—such as by sending employees emails that look as if they could contain viruses. In addition to raising individuals’ awareness of security, in this way we put in place a structure for responding when the threat is real.
TOPICS: Initiatives of DENSO CORPORATION
Once a year, DENSO CORPORATION implements Targeted Attack Email Response Training in which a mock cyber virus-containing email is sent to all employees. The timing of this training is random each year. This training aims to enhance employee awareness of the importance of not carelessly opening attached files or clicking on links in emails from unknown senders. It also aims to enhance awareness of reporting such emails to DENSO’s security hotline. Furthermore, the training helps ensure that employees understand how to appropriately respond in the unlikely event that they do open an email containing a virus.
In addition, we have designated March as a month for emphasizing the management of classified information. During this month, we offer educational programs to all employees on the latest risks related to information leaks and appropriate ways to respond to such risks. We also hold discussions with employees in small groups. In these ways, we make employees aware of the fact that each one of them serves as a stronghold for information management.
Initiatives Going Forward
We expect to accumulate various information assets internally as a result of progress toward a “connected society,” and these assets will be used in a large number of company divisions.
To ensure that the way we use information assets does not infringe upon the rights and interests of the information provider, we are working to forecast risks from a broad range of perspectives, including contract conditions and adherence to laws and regulations, formulate relevant rules, and establish a structure to appropriately manage and operate these assets. In these ways, we will work to strengthen governance going forward.