Throughout the entire Hitachi Group, including companies in business reorganizations and companies integrated as a result of M&As, we are working to ensure security, compliance, and business continuity for internal IT.
To respond to the risk of information leaks and increasing cyberattacks, as well as to ensure proper use of software, we are continuing our efforts to strengthen our IT controls.
With respect to large-scale earthquakes (such an earthquake is said to have a high probability of occurring in Japan in the near future) and natural disasters arising from global warming, as well as various other kinds of emergencies, such as pandemics and cyberattacks, we are formulating and operating IT-BCPs that enable us to support business continuity for the Hitachi Group through IT.
In addition, we are continually revising our plans so that we will also be able to support next-generation IT architecture such as zero-trust security and on-premises/cloud hybrid environments.
With respect to events such as large-scale earthquakes, we are engaged in server installation and operation for achieving robust data centers, as well as selecting cloud systems that enable services to continue running during times of disaster. In addition, we have set target recovery times for each service, and have defined the corresponding disaster response levels. As such, we have established secondary servers and data-backup environments to ensure data security, while at the same time using configurations whereby systems that provide services important for business continuity are allocated across multiple data centers and cloud systems so that we can quickly recover from any disaster. We conduct regular drills according to these BCP measures to prepare for emergencies.
Moreover, we have established and enhanced remote-work environments accompanying the support for new styles of working and expanded use of cloud systems. Even if a pandemic occurs, we can use the remote-work environment and business can continue. In addition, we are defining the operation of systems that are required to continue remote work by priority level based on the impact of such operations on maintaining societal functions, and are improving the relevant operating plans.
To address cyberattacks, we are transitioning to a next-generation IT architecture based on boundary-oriented security and zero-trust security to achieve robust security measures. As such, we have assumed various scenarios, in which we are targeted by cyberattacks, such as ransomware or targeted attack emails, worm viruses, and unauthorized accesses to public-facing servers, and have established procedures for responding to them from initial response to recovery, according to the type of attack. These responses include actions such as isolating infected systems by disconnecting them from the network, quarantining the virus, and then canceling the network disconnection. We are endeavoring to implement safe system operation and rapid recovery.
Furthermore, in order to normalize and improve our BCPs, we regularly review our response procedures. For example, we conduct drills against envisioned cyberattacks and constantly prepare against new threats.
