NTT: How Japan Leads in Cybersecurity Amid Rising Threats

Cyber attacks have hit headlines across the world in recent months, with global brands such as JLR, M&S and Asahi falling victim to the actions of malicious actors.

Mihoko Matsubara is Chief Cybersecurity Strategist at Japanese tech giant NTT, where she is responsible for leading global thought leadership efforts around effective cybersecurity strategy and execution for both public and private sectors. 

“While more people are concerned about cyberattacks, they are not necessarily familiar with technical aspects of cybersecurity. My role is to explain the current threat landscape with statistics and regional or sector-based examples, as well as cybersecurity measures to take without using technical jargons,” Mihoko-san explains.

Her professional career spans the Japanese Ministry of Defense and US academic institutions, as well as corporations in Tokyo and Singapore – epitomising her deep commitment to fostering connections across nations and industries to enhance cybersecurity awareness and cooperation. She is also the author of three books on cybersecurity, covering topics including cyber attacks from attacker and defender perspectives, cyber warfare in Ukraine and what lessons Japan can learn from cyber and kinetic attacks experienced by Ukraine.

In this Q&A with Technology Magazine, Mihoko-san shares her cybersecurity expertise off the back of bands like Asahi finding themselves in the firing line – and how to best be protected.

How is Japan’s approach to defending critical infrastructure – particularly manufacturing and utilities – evolving in response to the recent surge of ransomware and OT-targeted attacks?  

Japan is currently working to enhance its cybersecurity and resilience posture. 

The Active Cyber Defense Law passed in May 2025 is intended to minimise the damage caused by substantive cyberattacks that can compromise national security, while Japan has also established new requirements for critical infrastructure companies to enhance their cybersecurity practices under the revised Economic Security Promotion Act.  

Japan had two wake-up calls. One was a ransomware attack on Kojima Press Industry Co., a major supplier to Toyota Motors in February 2022, that led to temporarily suspending Toyota domestic factories. 

Another one is a ransomware attack on the Port of Nagoya, the largest commercial port in Japan, that paralysed their cargo shipping operations for two days. 

They urged Japanese companies to enhance their cyber defences. 

Furthermore, Toyotimes – Toyota owned media – released a video interview with the President of Kojima Press Industry Co. about how his company and Toyota worked together to respond to the cyberattack and how leadership should behave during an incident. 

The industry appreciated the sharing of their lessons. 

In what ways is NTT leveraging AI and threat intelligence to strengthen incident detection and response across global operations? How can enterprises emulate this model?  

Cybersecurity defenders have no choice but to take advantage of AI to keep pace. Automating some of our tasks and workloads will reduce our burden. 

At NTT, we have been using ML capabilities over the last decade or so to analyse behavioural patterns and use predictive analytics to detect threats, and we have recently started to use Gen AI in tandem for threat assessment. 

For example, NTT Security proved in 2023 that GPT-4 can identify if a website is legitimate or phishing at more than 98% accuracy ratio – GPT 3.5 can do so at 86.7% accuracy.

SentinelOne argues that phishing attacks have increased by 1,265% due to the growth of Gen AI.

Gen AI has lowered the bar for adversaries to launch cyberattacks, meaning defenders have no choice but to empower themselves to automate at least partially their tasks including log or phishing analysis, threat detection, behavioural analysis and incident report drafting. 

This is crucial for defenders who are overwhelmed by ever increasing work around the clock to minimize burnout risks.

The Asahi Group attack highlights growing pressure on supply chains. What lessons can global organisations learn from Japan’s efforts to enhance cyber resilience and supplier risk management?  

A ransomware attack can cause massive disruptions to business operations, triggered by the encryption of essential data and files, as well as network shutdowns implemented to prevent the spread of infection. 

These disruptions can ripple through the supply chain, potentially affecting a wide range of industrial sectors and organisations in a domino effect. 

As Japanese companies are increasingly expanding their businesses globally, multiple firms have reported their overseas subsidiaries being hit by ransomware attacks in the United States, Vietnam, Thailand, Singapore and Taiwan. 

To manage supply chain risks and ensure business continuity, it is becoming more crucial than ever to ensure global governance in cybersecurity and keep proper data backups, the principle of least privilege and network segmentation.  

Surprisingly, Japan is the country where ransomware infection ratio is lowest amongst 15 major countries such as the United States, the United Kingdom, France and Germany. 

Also, more Japanese victims choose not to pay a ransom to criminal groups than other countries. 

Yukimi Sohta, Chief Cybersecurity Evangelist at Proofpoint, analyses that companies tend to back up more in Japan prone to many natural disasters – the Japanese culture discourages organisations to provide payoff to criminals and Japanese cyber insurance does not cover ransom payment.

How do regional geopolitical tensions and emerging technologies such as 5G and quantum computing shape Japan’s national cybersecurity priorities and public–private collaboration?  

The beginning of the war in Ukraine urged Japan to enhance its national security capabilities in all domains, including cyberspace, and release the new National Security Strategy in December 2022. 

Since Tokyo was selected to host the 2020 Summer Olympic and Paralympic Games in September 2013, the Japanese government and industry have been prompted to strengthen Japanese cyber defences and public-private partnerships to share cyber threat intelligence and best practices. 

However, the COVID-19 pandemic and recent geopolitical tensions triggered Japan to enact the Economic Security Promotion Act in 2022. The revised act in May 2025 lets the government issue security clearance to critical infrastructure employees. 

This allows the government to share classified cyber threat intelligence with non-defence contractors to help their cyber defences rather than government receiving incident reports from companies. 

What strategies do you recommend to help CISOs in Japan foster next-generation cybersecurity talent and sustain security culture within fast-digitising enterprises?  

CISOs are responsible for minimising the damage of breaches once they are discovered and serve as a point of contact to keep executives and communications/legal teams informed. They are also responsible for taking care of their own cybersecurity team and ensuring that they have the necessary resources to maintain strong cyber defence posture.

After an incident, it is indispensable to identify the gap(s) in cyber defences and communications that allowed the breach to happen and could have prevented it. 

Incident response and post-breach lessons are not solely technical work – there is a vital organisational element to cybersecurity.    

Executive leadership must work to empower the CISO and cyber defenders to avoid repeating the same mistakes and allowing the incident to recur, lest their efforts be wasted.

CISOs should have champions in the C-Suite and board and have clear lines of communication to middle management to keep cybersecurity as an integral part of business operations. 

Since every employee is the last line of defence, the cybersecurity culture and respect to basic hygiene must be rooted at the staff level as well.