Tokyo, Dai Nippon Printing Co., Ltd. (DNP) will implement a cyber security educational program for all of the approximately 30,000 DNP group employees with registered company e-mail addresses, both in Japan and overseas. The program aims to develop human resources who, apart from their existing job skills, are capable of conducting necessary security measures. At DNP, we will refer to such employees as Plus-Security Personnel.

The program will take advantage of the cyber security course for general employees developed by Cyber Knowledge Academy Co., Ltd. (CKA) since April 2022. CKA is a DNP Group company that trains the in-house Computer Security Incident Response Team (CSIRT).

DNP is working to promote digital transformation (DX). By developing Plus-Security Personnel throughout the entire Group, we aim to head off security risks, including cyber-incidents and the spread of cyber-threats, and make the connection to creating further value. 

Background

DX, which leverages digital technology to create superior work and lifestyles, has been promoted both in Japan and overseas. At the same time, however, cyberattacks caused by inadequacies in DX-related countermeasures have increased. Cyberattacks are also becoming more diverse and sophisticated, including ransomware which blocks access to computer systems until a payment is made, or highly customized Advanced Persistent Threats (ATP).

DNP is focused on creating new value by promoting proprietary DX that combines hybrid strengths, such as the real and the virtual, manufacturing and services, along with analogue and digital. In 2021 we launched CSIRT at head office as a cyber security response team, and by strengthening cross-organizational cooperation and cyber-attack countermeasures, are working to maintain and strengthen business continuity in the face of cyber-incidents.

In addition, as part of our efforts to strengthen cyber security human resource measures, we have implemented an educational program that allows DNP Group employees in Japan and overseas to experience the practical cyber-attacks. And will develop Plus-Security Personnel, who in addition to their existing job skills, have also acquired basic knowledge of security risks and their countermeasures. 

Educational Program Features

1. Awareness of the threats at hand evidenced by the latest cyber-attack cases 

We will achieve such awareness, by selecting from among the latest cyber-attack cases, concrete cases of damage from ransomware and the theft of confidential information both in Japan and overseas, and introducing them to students of the program. By being made aware knowing that it is essential for the entire organization to respond, and not just those responsible for security systems, we will promote awareness of the roles and responsibilities of Plus-Security Personnel.

2. Experiencing security threats through cyber-attack demonstrations 

Employees not involved directly in security or IT-related tasks, watch videos of ransomware-driven ATP, or phishing attacks, allowing them to understand the reality of cyber-attacks, and to learn about preventative and initial response measures. As a result, this will lead to improved security awareness and skills throughout the organization, and the promotion of safe and secure DX. 

3. Carrying out questionnaires to identify further points for improvement in security measures

Following the completion of the training program, questionnaires are collected and analyzed to check the degree of understanding of the participants, and changes in their awareness of cybersecurity. Further security measures will be made by identifying potential security challenges found in employee questionnaires. 

Going Forward

In April 2022, the DNP Group launched the training program for all of our approximately 30,000 domestic and overseas employees with registered company e-mail addresses, and plan to complete it by FY 2023.

*Product prices, specification and service contents mentioned in this news release are current as of the date of publication. They may be changed at any time without notice.